The Consumer Financial Protection Bureau (CFPB) today outlined principles for protecting consumers when they authorize third party companies to access their financial data to provide certain financial products and services. These principles are intended to help foster the development of innovative financial products and services, increase competition in financial markets, and empower consumers to take greater control of their financial lives. The principles reiterate the importance of protecting consumers to all stakeholders that provide, use, or aggregate consumer-authorized financial data.
“Today, the Bureau released its consumer protection principles for the consumer-authorized data-sharing market,” said CFPB Director Richard Cordray. “These principles express our vision for realizing an innovative market that gives consumers protection and value.”
Many companies, including “fintech” firms, banks, and other financial institutions, get authorization from consumers to access their account data that reside in separate organizations to provide a variety of products and services. These include fraud screening and identity verification, personal financial management, and bill payment. Such products and services could help consumers make smarter spending, savings, and investment decisions and live their lives more efficiently and effectively. The Consumer Bureau has been studying consumer-authorized data access and issued a Request for Information in 2016 to gather feedback from wide range of stakeholders. The Consumer Bureau received feedback from large and small banks and credit unions, their trade associations, aggregators, “fintech” firms, consumer advocates, and individual consumers.
The Consumer Bureau recognizes that while consumer-authorized data sharing promises great benefits to consumers, there are many consumer protection challenges to be considered as these technologies continue to develop. The Consumer Bureau advocates strongly for consumer control of the consumer’s data and transparency. At the same time, the Consumer Bureau emphasizes the importance of data security and privacy. Based on the Consumer Bureau’s 2016 Request for Information, as well as other stakeholder outreach, the Consumer Bureau understands that some key industry stakeholders are working on improvements to consumer-authorized data access. These improvements relate to the agreements, systems, and standards involved in consumer-authorized data access.
Today, the Consumer Bureau is releasing a set of consumer protection principles intended to reiterate the importance of protecting consumers as the market for services using consumer-authorized financial data develops. They relate to data access, data scope and usability, control of the data and informed consent, payment authorizations, data security, transparency on data access rights, data accuracy, accountability for access and use, and disputes and resolutions for unauthorized access.
The Consumer Bureau will continue to closely monitor developments in this market and will also continue to assess how these principles may best be realized. The principles do not establish binding requirements or obligations relevant to the Consumer Bureau’s exercise of its rulemaking, supervisory, or enforcement authority. In addition, they are not intended to alter, interpret, or otherwise provide guidance on existing statutes and regulations that apply in this market. Lastly, although the Consumer Bureau stands ready to facilitate constructive efforts or to take other appropriate action to protect consumers, the principles are not intended as a statement of the Consumer Bureau’s future enforcement or supervisory priorities.
The consumer protection principles are available at: https://files.consumerfinance.gov/f/documents/cfpb_consumer-protection-principles_data-aggregation.pdf
A summary of stakeholder insights that informed the principles are available at: https://files.consumerfinance.gov/f/documents/cfpb_consumer-protection-principles_data-aggregation_stakeholder-insights.pdf