Cheat Sheet: White House pushes the CFPB to formalize consumer access and control over financial data

The White House signed an executive order that intends to put consumer financial data in the hands of consumers. 

Details

• On July 9, President Joe Biden issued an executive order intended to encourage competition across a broad range of industries.
• A section in the executive order called on the Consumer Financial Protection Bureau to issue regulations that would allow consumers to access and share their financial information and banking data. 
• The executive order builds on existing but unimplemented CFPB regulation, specifically Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act, which permits the agency to issue rules regarding financial data access and sharing.

Consumer Financial Protection Bureau 

In July 2010, Congress passed and President Barack Obama signed the Dodd-Frank Act. The act was intended to address the failures of consumer protection following the financial crisis of 2007 - 2009. The Dodd-Frank Act overhauled existing financial regulations by reorganizing the regulatory system and redistributing responsibilities among agencies. It also created new government agencies like the CFPB, which is responsible for consumer protection in the financial services industry. 

Section 1033 of the Dodd-Frank Act permits the CFPB to issue regulations regarding data sharing -- the CFPB just hasn’t acted on it. However, there’s been growing movement on the issue. In 2016, the CFPB director at the time publicly endorsed consumers’ rights to access their financial information. A year later, the CFPB released guiding principles on the issue as well. 

The clearest sign of intent came in October 2020, when the agency issued an advanced notice of proposed rulemaking. The notice also requested public input with a February 2021 deadline for banks, advocacy and interest groups, fintechs and the general public to share their comments and concerns on a range of issues like consumer privacy and security. Since then, there’s been little traction except for the rulemaking process’ inclusion on the agency’s most recent agenda.

Biden’s executive order is just the latest push to implement Section 1033 of the Dodd-Frank Act. In essence, the executive order doesn’t change much except put pressure on the CFPB to act on its permission to issue regulations on data sharing. If fully realized, Section 1033 could force banks and financial providers to incorporate digital sharing technologies into their banking infrastructure to make it easier for consumers to access and share their data. It would put consumer data in the hands of the consumers, giving them control over their financial information. 

However, some critics argue not all financial institutions, such as community banks and credit unions, have the budget or the expertise to build their own data-sharing technologies. 

As things stand...

As things stand, banks have more access and control over consumers’ banking information, with little efficient operational communication and cooperation between financial institutions, which hinders consumers from making decisions like switching banks. A Consumer Reports survey found that 53 percent of respondents gave up on switching their banks. Of those, 63 percent cited the hassle of transferring their automatic payments and deposits for giving up; 37 percent said it takes too much time and effort. 

SPONSORED

Years of inaction have led to some banks and fintechs taking things into their own hands. Companies like Plaid, Finicity, and MX have products that allow them to aggregate consumer financial data with consumer consent. The gathered data can be used in different use cases, such as in third-parties like money management apps and underwriting loans when traditional credit history isn’t available. 

The advent of data aggregators seems to have triggered a slow change that sees most banks coming around to the idea of data sharing. While some banks oppose data aggregation methods like screen scraping, banks like JPMorgan Chase have entered into data access agreements with fintechs which allow the latter to access and utilize consumer data via JPMorgan’s APIs. Similarly, Plaid entered into an agreement with Capital One last month, where Plaid agreed to halt screen scraping and use Capital One’s APIs to gather data.