CFPB Likely to Delay Data Sharing Rule Until 2023

Sheppard Mullin Richter & Hampton LLP
Contact

Sheppard Mullin Richter & Hampton LLP

Section 1033 of the Dodd-Frank Act states that consumers have the right to access their own bank account and transaction data in a usable electronic format.  This provision mandates that the CFPB adopt a rule relating to data access.  However, the timeline for this rule has been fluid, in part due to the CFPB’s full agenda and the time needed by Rohit Chopra, the CFPB’s new director and a former member of the Federal Trade Commission, to make his own determinations about the rule.

In the absence of data-access regulations, consumers using digital apps face many uncertainties. Any delay to the rule would be a setback for both consumers and fintechs given the mass adoption of mobile apps – many offered in partnerships with banks – to help consumers manage their finances.  Some industry experts now think the CFPB will convene a small-business review panel in April. A panel would meet with regulated small businesses, likely including rural and community banks, for advice on how to minimize the impact of a rule on small entities, and would be considered by many to be the start of the rulemaking process, since the CFPB would then be required to provide an outline of its proposal.

The rule has been eagerly anticipated because it would address the ability of aggregators and other fintechs to obtain consumers’ bank account data through screen scraping and application programming interfaces. These firms seek broad access to help consumers manage their money, but banks and consumer advocates generally want the CFPB to narrow the scope of data collected and provide increased security, privacy and other protections.

Putting it Into Practice:  The rule is expected to establish data-security and privacy standards to allow consumers to give third-party companies access to their financial data. In addition, the rule will determine the scope of what data a consumer can authorize, set limits on data use and establish a framework of consent to ensure consumers sign off on what information can be accessed or sold. Significantly, the rule also is expected to bring data aggregators under CFPB supervision.  But some banks and others worry about consumers giving third parties too much control, the potential for security and privacy breaches, and a bank’s proprietary information about fees and other pricing getting released in the exchange. The CFPB also is expected to clarify legal liability for issues such as data breaches.  So there is no doubt that the rule, when adopted, will have a major impact on consumers, fintechs and banks.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sheppard Mullin Richter & Hampton LLP | Attorney Advertising

Written by:

Sheppard Mullin Richter & Hampton LLP
Contact
more
less

Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.