CFPB Data Rules Don’t Go Far Enough, TCH and BPI Say

Two financial industry groups say proposed consumer financial data rules don’t go far enough.

The Clearing House Association and the Bank Policy Institute submitted recommendations to the Consumer Financial Protection Bureau (CFPB) on Friday in response to a proposed rule governing how banks, data aggregators and other third parties can share consumer financial data. 

In a news release provided to PYMNTS Tuesday (Jan. 2), the groups argued that the CFPB’s proposal does not do enough to protect consumer financial data or to mandate that data recipients comply with these rules.

“Our members welcome the competition brought about by innovative financial technology firms and are prepared to support the ability of bank customers to connect their bank accounts to the third-party apps of their choice, but such competition cannot come at the expense of data security,” the letter said.

“It is critical that consumers’ personal and financial information remains secure when it is shared between financial institutions and third parties and when it is stored outside of the financial institution.”

The groups said the CFPB should take steps that it said would bolster the proposal, like making sure the requirements related to consumer authorization and the permissible uses of consumer data, should apply to all third parties and data aggregators in the ecosystem, and to all data.

In addition, the associations called for a ban on screen scraping — which collects data from an application and webpages — saying it should be barred once a data provider makes a developer interface available.

The letter also said, “The CFPB should impose direct requirements on authorized third parties and data aggregators and articulate its intent to supervise those entities for compliance.”

PYMNTS explored the CFPB’s proposed rulemaking in a conversation in August with Matt Janiga, director of regulatory and public affairs at Trustly.

“The consumer should be in control of their data,” said Janiga, who added that “U.S. consumers with a U.S. bank account, a U.S. checking account, a U.S. credit card will be able to go to a bank” and instruct their data be shared.

And as PYMNTS wrote in November, the rule marks one place where the Republican Party and the CFPB are on the same page, with both sides agreeing consumers should know where their sensitive financial data is going and how it’s used.

“To ensure our data privacy policy is not subject to the whims of any given administration, I believe it’s critical that we make law — not just regulation,” Rep. Patrick McHenry said during a hearing involving the CFPB. “I hope we can work constructively on this issue moving forward so Americans’ financial data privacy is protected for the long term.”