CBA Statement On CFPB’s Section 1033 Notice of Proposed Rulemaking

Consumer Bankers Association (CBA) President and CEO Lindsey Johnson today released the following statement after the Consumer Financial Protection Bureau (CFPB) issued a notice of proposed rulemaking on the implementation of Section 1033 of the Dodd-Frank Act regarding consumer data rights.

“CBA member banks continue to support a well-regulated marketplace that fosters competition, spurs innovation, and provides consumers the certainty of knowing their financial data is safe and secure. As consumer expectations regarding the access and control of their personal financial data continues to expand, protecting the integrity of consumer data remains a core priority for all of our member banks.

“Since the passage of the Dodd-Frank Act, the financial services industry landscape has evolved drastically due to the increasing prevalence of non-bank third parties and data aggregators. Consumer data, logins, and passwords are collected and monetized by “agents,” “trustees,” and “representatives,” presumably acting on their behalf, but operate without consumers’ control or even awareness. Many of these entities that are collecting, storing, and selling this consumer information are not subject to the same rigorous data security and privacy standards as well-regulated and supervised financial institutions, putting consumers and their sensitive financial information at risk.

“CBA looks forward to working with the Bureau on developing a final Section 1033 rule that achieves the statutory intent of the law to ensure consumers have greater access to their own personal financial data, and that uniformly protects consumers’ data across banks and non-banks, establishes clear liability standards for all parties, and affords consumers control in how their data is accessed and used.”

Background

This is the second major step in the regulatory process that the Bureau has taken to implement the Dodd-Frank Act’s Section 1033. In October 2022, the Bureau released a Small Business Regulatory Enforcement Fairness Act (SBREFA) outline and held a SBREFA panel with small entity representatives to gauge potential effects on small entities from a proposed 1033 rule. While the original language of Section 1033 is narrowly focused on ensuring consumers are able to access their own personal information held by their financial services provider, the Bureau in this rulemaking reframed it to broadly focus on a consumer’s ability to switch financial providers and third parties’ ability to access a consumer’s bank information.

CBA Advocacy

To read CBA’s recommendations to the CFPB to strengthen its open banking rulemaking from January 2023, click HERE. In a blog released earlier this year, CBA outlined how the Bureau’s anti-competitive approach to implement Section 1033 could put the safety of consumers and the security of the sensitive financial data at risk. To learn more, click HERE. To read CBA’s comment letter responding to the Section 1033 SBREFA Outline, click HERE. Responding to the CFPB’s request for comment in February 2021, CBA advocated for the Bureau to approach Section 1033 cautiously by developing clear, transparent standards for both consumers and banks. To read the full letter, click HERE. CBA and several other financial trade groups also submitted a petition to the CFPB in August 2022 urging the Bureau to examine all large data aggregators and users for compliance through the requirements outlined in the Section 1033 rulemaking. To read the full petition, click HERE.