CFPB Announces Plan to Issue an ANPR on Consumer-Authorized Access to Financial Records | Nelson Mullins Riley & Scarborough LLPAugust 4, 2020
The CFPB announced its plan to issue an advance notice of proposed rulemaking (“ANPR”) on consumer-authorized access to financial records. The announcement follows a symposium on the topic, which was hosted by the Bureau this past February. Concurrent with this announcement, the CFPB also released its long-awaited summary report of the symposium proceedings.
The Bureau’s increased attention to the topic stems from Section 1033 of the Dodd-Frank Act, which was enacted in 2010, and which was intended to help ensure that consumers have access to and the ability to leverage their financial records. Section 1033 states in part that “[s]ubject to rules prescribed by the Bureau, a covered person shall make available to a consumer, upon request, information in the control or possession of the covered person concerning the consumer financial product or service that the consumer obtained from such covered person . . . in an electronic form usable by consumers.” Up until this point, the Bureau notes that its approach to the topic, including the enforcement of Section 1033, has largely been to identify and promote consumer interests—in access, control, security, privacy, and other areas—and to allow the market to develop without direct regulatory intervention. However, the Bureau’s recent activities appear to be signaling a more involved and regulated approach.
While recognizing that companies or other third parties that consumers grant permission to access their digital financial records can aggregate and use those records to offer new products and services aimed at making it easier, cheaper, or more efficient for consumers to manage their financial lives, the Bureau warns that “this kind of expanded access to consumer financial records raises a number of concerns, particularly with respect to data security, privacy, and unauthorized access.” Thus, according to the Bureau, its proposed rulemaking efforts on the topic will allow it to:
- Solicit stakeholder input on ways that the Bureau might effectively and efficiently implement the financial access rights described in Section 1033 of the Dodd-Frank Act.
- While noting that different market participants have helped authorized data access become more secure, effective, and subject to consumer control, the Bureau warns that it also “sees indications that some emerging market practices may not reflect the access rights described in Section 1033.”
- Seek information regarding the possible scope of data that might be subject to protected access as well as information that might bear on other terms of access, such as those relating to security, privacy, effective customer control over access and accessed data, and accountability for data errors and unauthorized access.
- Inquire into whether—and if so, how—issues of regulatory uncertainty with respect to Section 1033 and its interaction with other statutes within the Bureau’s jurisdiction, such as the Fair Credit Reporting…