CFPB Issues Advanced Notice of Proposed Rulemaking on Section 1033 for Consumer-Authorized Access to Financial Data

Bradley Arant Boult Cummings LLP
Contact

Bradley Arant Boult Cummings LLP

[co-author: Shelby Lomax]

On October 22, 2020, the CFPB issued an advance notice of proposed rulemaking (ANPR) soliciting comments on implementation of Section 1033 of the Dodd-Frank Act. As outlined in the ANPR, Section 1033 will require consumer financial service providers to give consumers access to financial account data in a usable electronic format. This data includes information relating to any transaction, series of transactions, or to charges and usage data on the account.

The CFPB first issued a related Request for Information in 2016. At that time, the CFPB sought information to assist it in developing practices and procedures that “enable consumers to realize the benefits associated with safe access to their financial records, assess necessary consumer protections and safeguards, and spur innovation.” In 2017, the CFPB issued a Stakeholder Insights Report and Consumer Protection Principles, providing guidance on nine Consumer Protection Principles.

In February 2020, the CFPB hosted a symposium where participants raised concerns about balancing rights described in Section 1033 with maintaining necessary security measures that may result in prohibiting access to authorized third parties. Additionally, participants discussed how implementation of Section 1033 might affect compliance with other federal laws, including GLBA, FCRA, and EFTA and Regulation E.

In issuing the ANPR, the CFPB is concerned with consumer financial data held by providers of consumer financial products and services. The ANPR requests comments on nine topics:

  • Costs and benefits of consumer data access
  • Competitive incentives
  • Standard-setting
  • Access scope
  • Consumer control and privacy
  • Other legal requirements
  • Data security
  • Data accuracy
  • Other information

Comments must be submitted within 90 days after publication of the ANPR in the Federal Register. The CFPB is encouraging stakeholders to submit comments early and electronically due to delays caused by the COVID-19 pandemic.

Takeaways

Financial institutions could face significant costs implementing new technology that conforms to these proposed regulations. Commentary continues to focus on multiple topics, including whether application programming interfaced based access (APIs) should replace credential-based access and screen scraping, what type of disclosures and informed consent are required, and who is liable for unauthorized access and Reg E error disputes. As the CFPB moves forward with its rulemaking, financial institutions should take this time to review current policies and procedures in place for granting consumers access to financial information and accessing information as a third party.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Bradley Arant Boult Cummings LLP | Attorney Advertising

Written by:

Bradley Arant Boult Cummings LLP
Contact
more
less

Bradley Arant Boult Cummings LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.