According to Banking Industry Groups, CFPB Should Supervise Data Aggregators

Kim Phan, Alan Wingfield
Troutman Pepper
Contact
LinkedIn
Facebook
X
Send
Embed

Troutman Pepper

Eight national banking trade groups — the American Bankers Association, Consumer Bankers Association, Credit Union National Association, Housing Policy Council, Independent Community Bankers of America, National Association of Federally-Insured Credit Unions, National Bankers Association, and The Clearing House Association — petitioned the Consumer Financial Protection Bureau (CFPB) to extend its supervision to “data aggregators.” This is the first time any of the groups have used the CFPB’s petition process since it was revamped this past February.

The petition notes that while banks and credit unions are regularly supervised and examined by the CFPB, non-depository institutions, such as “data aggregators,” data holders, and data users, are not. “This supervisory imbalance creates both an unsustainable model as the aggregation services market grows and the risk that the laws applicable to the activities of those larger participants in this market will be enforced inconsistently.”

The petition targets “data aggregators,” previously defined by the CFPB as: “[A]n entity that supports data users and/or data holders in enabling authorized data access” and states that data aggregators typically access and transmit consumer financial data to data users pursuant to consumer authorization. The CFPB further has stated that data aggregators can be “fourth parties” that support data users in procuring consumer authorization to access data, and in accessing data, and often support data holders in facilitating authorized third-party access to their customers’ data.

The CFPB is currently engaged in rulemaking under Section 1033 of the Dodd-Frank Act, which authorizes the CFPB to establish standards for sharing consumer financial data. Financial institutions already need to meet significant data privacy requirements under federal law and are monitored by the CFPB for compliance. While data aggregators will be covered by any new Section 1033 rules, they will not be subject to the CFPB’s supervision.

The Dodd-Frank Act allows the CFPB to supervise larger participants of markets for consumer financial products or services, and the petition requests the CFPB to propose a rule that would add a definition for “larger participants of a market” for aggregation services and define aggregation services as a financial product or service.

Providing a rational for the requested change, the petition stated: “Consumer protection laws and regulations must be enforced in a fair and comparable way to ensure legal and regulatory obligations are observed. The Associations believe that establishing accountability across all providers of comparable financial products and services is a fundamental mission of the CFPB.”

Responding to the petition, a CFPB spokesman stated: “Pursuant to our new process, we will consider this petition after posting it on regulations.gov and taking comments from the public.”

Troutman Pepper will continue to monitor important developments involving the CFPB, the Dodd-Frank Act, and data aggregators and will provide further updates as they become available.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Troutman Pepper | Attorney Advertising

Written by:

Troutman Pepper
Troutman Pepper
Contact
more
less

Troutman Pepper on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide