1 minute read
Data Aggregation 1033
by Brooke Ybarra American Bankers Association
Section 1033 of the Dodd-Frank Act guarantees consumers the right to access their financial records in a standardized electronic format. This has been widely interpreted to extend to consumers’ ability to share this data with authorized third parties. In 2017, the CFPB issued a set of principles that outline the Bureau’s vision for realizing a robust and safe market that gives consumers protection and value.
Since the principles were released, industry collaboration has led to the development of technical standards, industry utilities, and other technologies and practices that can help enable responsible sharing.
For example, banks, data aggregators, and other technology companies have worked together to invest in API-based standards that give consumers transparency and control when they share their financial data.
Traditionally, financial data was shared via a process known as “screen scraping,” where a user would give their login credentials to the third-party – creating risks and leaving the consumer exposed.
A July 2021 Executive Order highlighted implementation of Section 1033 as a priority for this Administration. The CFPB issued an Advanced Notice of Proposed Rulemaking in 2021 and expects to continue rulemaking with a Small Business Regulatory Enforcement Fairness Act (SBREFA) outline and panel in November 2022.
In July 2022, ABA along with seven national trades, petitioned the CFPB to create a larger participant rule for data aggregators. The petition has been posted for public comment and comments are due in October.
Why It Matters To Your Community
Banks support their customers’ ability to access and share their financial data in a secure, transparent manner that gives the customer control. Consumer financial data is extremely sensitive and must be protected appropriately. Accordingly, Congress has recognized the sensitivity of financial information and has provided protections for it under the Gramm-Leach Bliley Act of 1999 (GLBA), which creates a legal framework for protecting consumer data, and for sharing that data with third parties. Importantly, when data leaves the secure bank ecosystem it is not always afforded these protections, exposing consumers to potential harm.
Recommended Action Items
• Tell the CFPB to support existing market developments that protect consumers and to coordinate with banking regulators in any new rulemaking. Overly prescriptive standards risk undermining the progress that has been made and if not well crafted, may leave consumers exposed.
• Urge the CFPB to create a larger participant rule that brings data aggregators under direct supervision to ensure consistent protections and outcomes for consumers.
