Leading Financial Trades Call On CFPB To Ensure Data Aggregation Market Is Fair, Transparent and Competitive

Eight national trade groups—including the Consumer Bankers Association, American Bankers Association, Credit Union National Association, Housing Policy Council, Independent Community Bankers of America, National Association of Federally-Insured Credit Unions, National Bankers Association, and The Clearing House Association—today petitioned the Consumer Financial Protection Bureau to initiate a rulemaking that will strengthen the privacy and security of consumer financial data held by fintechs, Big Tech and data aggregators. 

The filing marks the first time any of the groups have utilized the CFPB's petition process since it was updated in February.

The Bureau is currently engaged in a rulemaking under Section 1033 of the Dodd-Frank Act, which will establish standards for sharing consumer financial data, typically through third parties, in a secure and transparent manner that gives consumers control. Financial institutions have to meet significant data privacy requirements under federal law and are monitored for compliance with all consumer protection laws and regulations through the CFPB’s close supervision. Data aggregators will be covered by the Section 1033 rule, but not subject to CFPB supervision, leaving a significant gap in protection for consumers. In the petition, the trade groups argue the 1033 regulation will be incomplete without consistent oversight of these tech firms that serve as intermediaries for consumer financial data and urge the CFPB to initiate a rulemaking to define "larger participants” in the data aggregation services market that should be subject to ongoing supervision by the Bureau for compliance with the rule when it is final. 

The associations emphasized that “[b]y the nature of their business, data aggregators hold a tremendous amount of consumer financial data. It is estimated that data aggregators hold the consumer log-in credentials for tens of millions of customers. While consumers may consent to the sharing of their financial data, many of these same consumers are unaware of the activities in which these intermediaries engage, how the information is being collected, and how the data may be used or shared.”  

Consequently, the associations said there is a supervisory imbalance that “creates both an unsustainable model as the aggregation services market grows and the risk that the laws applicable to the activities of those larger participants in this market will be enforced inconsistently.” 

“We believe the CFPB should ensure that data aggregators and data users that are larger participants in the aggregation services market – not just banks and credit unions – are examined for compliance with applicable federal consumer financial law, especially the requirements of the forthcoming 1033 rulemaking, including the substantive prohibitions on the release of confidential commercial information,” the associations said. Only then will customers be protected in equal measure when their data is shared outside the secure bank and credit unions systems. 

The entire petition is available here.