CFPB symposium weighs pros, cons of consumer access to data
At yesterday's CFPB's symposium focused on Section 1033 of the Dodd-Frank Act, bureau Director Kathy Kraninger and panelists outlined the benefits of consumer access to financial records while also cautioning possible consumer harm as a result of so much data collection and authorization.
NAFCU Regulatory Affairs Counsel Kaley Schafer and Senior Counsel for Research and Policy Andrew Morris attended Wednesday's event. NAFCU has recommended the CFPB's efforts to increase consumers' access to data focus on ensuring the security of consumers' data and should not create new data-collection burdens and costs for credit unions.
During Kraninger's remarks, she noted consumers are increasingly granting access to their financial information to various companies – primarily as a result of mobile apps – which can then give other companies access. Third-party vendors are aggregating consumer data to further develop new products and technologies, Kraninger said, but consumers need control over their data, assurance that it will be secure, and an understanding of how it will be shared.
Three panels then discussed different aspects of the landscape:
Current environment and consumer benefits
Panelists from various fintech companies and large banks noted that digital tools are making it easier for consumers to complete mundane financial tasks, such as paying bills, increasing savings, and more. However, errors still occur and there are security concerns for apps that function by screen scrapping. By developing a standard application programming interface (API), many of these concerns could be addressed.
The panel agreed that consumers should have control over what data is shared and how it is accessed, a goal best achieved by obtaining the consumer’s consent, making the terms and conditions of data sharing transparent, and by encouraging financial institutions and aggregators to adopt technical standards for data exchange.
The panel also discussed the development of APIs, which are expensive but much more sophisticated than screen scrapping, and use-cases for aggregated data, such as cash-flow. Panelists also discussed how financial institutions’ preference for bilateral agreements has affected aggregators’ ability to access consumer data and how certain aggregators depend upon reliable access to consumer data to develop or improve underwriting models.
Panelists reviewed Congress' recent focus on protecting consumer data and the CFPB's role in enforcement. Panelists frequently drew comparisons to the Fair Credit Reporting Act, Electronic Fund Transfer Act, and even the Constitution to illustrate the complexity and ambiguity embedded with Section 1033 of the Dodd-Frank Act. The academics on the panel emphasized that the bureau had postponed acting on Section 1033 implementation long enough, whereas large bank representatives – while not necessarily disagreeing – highlighted the existing collaboration between financial institutions and fintechs to solve technical problems associated with API-driven data sharing.
Panelists agreed a formal rulemaking process should be the CFPB's approach to Section 1033, and that consistency with other regulators is key.
The CFPB has previously held events on abusive acts or practices (it recently released a policy statement on the issue), behavioral law and economics, and small business lending data collection (it is currently assessing compliance costs). Two other symposiums on disparate impact and the Equal Credit Opportunity Act and cost-benefit analysis are expected later this year. Recordings of the symposia are available on the CFPB's website.
NAFCU will continue to work with the bureau on its efforts to balance consumer protections while ensuring a reasonable regulatory environment for credit unions.
Get daily updates.
Subscribe to NAFCU today.