BankThink

How the CFPB can better regulate data sharing

As the Biden administration takes steps to bolster the economic wellbeing of American households, a critical question must be addressed: How to provide consumers safe, equal access to the digital financial system?

The question is highly relevant as the Consumer Financial Protection Bureua is considering how to write rules on consumer access to their financial records, particularly when a third party is involved.

Now that the initial comment period for the advance notice of proposed rulemaking has closed, the CFPB will sort through input provided by businesses, advocacy groups, consumers, fintech developers and others to try to answer this question.

The answer is complex. But at the end of the day, the protections need to ensure that consumers are free to take their data with them to any provider that meets their needs. It should be consumers — not banks or fintech companies — that control consumer data.

The digitization of financial services is still in its early stages. But there’s already much scrutiny about innovation in a highly regulated ecosystem.

Through this rulemaking, the CFPB can establish a robust oversight regime that addresses overlapping policy issues in data privacy, consumer protection and financial health.

The first step is to supervise data aggregators, like Plaid, that act as switchboard operators in this new digital arena, enabling consumers to connect their bank accounts to thousands of digital services from banks and fintech companies. Supervision at this central layer can ensure that consumers and their data will be protected across all digital providers.

In addition to supervising data aggregators, there are four important steps that the CFPB should consider in addressing the challenges consumers currently face in accessing digital financial tools.

First, the CFPB must enforce consumer rights to authorized data access.

Individuals and small businesses rely on their ability to authorize third parties’ access to their financial information in order to power fintech apps, and services that help them manage their finances. To ensure that all consumers enjoy consistent, authorized access to their financial information — without fear of that access being cut off at any minute — the CFPB should continue in its ANPR process by establishing rules enforcing broad consumer access to their own data.

Second, the CFPB should not try to mandate specific technologies and inadvertently stifle progress. The bureau should instead establish principles-based guidelines that meet industry-led standards setting, so those standards can satisfy consumer expectations and evolve with technological innovation.

Third, the CFPB should monitor financial services practices to ensure competitive incentives do not hinder consumer access. Competitive incentives in the authorized access ecosystem will grow as data holders become data users and vice versa. The CFPB should prevent data holders from restricting consumer data access to further any competitive interests.

Fourth, to ensure that customers of all data holders have equal access to the fintech ecosystem, the CFPB should regularly assess the availability and consistency of authorized access.

The stakes are high. During the coronavirus pandemic, fintech has become part of the daily routines of people and businesses. The April 2020 rollout of the Paycheck Protection Program highlighted that underserved small businesses were locked out of loan access from larger financial institutions, further demonstrating that additional protections are required to ensure small businesses and minority-owned businesses receive equal access to the digital financial system.

The heightened demand for digital financial services shows that fintech is here to stay. This creates a new urgency to ensure consumers have secure access over their own data.

The fintech industry will need new policies and rules to govern the use of consumer personal financial data. The CFPB’s notice of a proposal on consumer financial data access is a critical place to start.

Americans should settle for nothing less than making consumer-permissioned financial data access a protected right.

This article originally appeared in American Banker.
For reprint and licensing requests for this article, click here.
Data privacy Data privacy rules CFPB
MORE FROM AMERICAN BANKER