ABA comments on CFPB’s RFI on consumer access to financial information

Ballard Spahr LLP
Contact
LinkedIn
Facebook
X
Send
Embed

The American Bankers Association has submitted a comment letter in response to the CFPB’s request for information regarding consumer access to financial information.

The ABA observes that while larger institutions have the resources to develop secure portals and the ability to impose privacy and data security requirements through contractual provisions negotiated with aggregators, community banks typically lack the resources to negotiate directly with aggregators.  Accordingly, the ABA makes a series of recommendations for how the CFPB can use existing regulatory authorities to close regulatory gaps and ensure that consumer financial data is accorded baseline privacy and security protections regardless of where the data resides.  Such recommendations include:

  • The CFPB should clarify that data aggregators are “financial institutions” subject to the requirements of the Gramm-Leach-Bliley Act that apply to financial institutions under the FTC’s Safeguards Rule and the CFPB’s Regulation P.  Clarification that aggregators fall within Regulation P would mean that aggregators would be required to provide disclosures to consumers about how they collect, store, and share consumer data and how it is safeguarded.  With regard to the safeguards rule, in addition to urging the CFPB to work with the FTC to clarify the rule’s coverage of data aggregators, the ABA also urges the CFPB to encourage the FTC to revise the rule to require notice to consumers when a breach occurs and to require notice to the financial institutions that created the data involved.
  • The CFPB should clarify that data aggregators providing electronic fund transfer services are “service providers” under the EFTA  and are liable for unauthorized electronic fund transfers.
  • The CFPB should subject data aggregators to CFPB supervision by adopting a rule to define  “larger participants in the market for consumer financial data.”
  • The CFPB should prescribe rules to ensure that the features of data aggregation products and services are adequately disclosed by using its authority under Dodd-Frank Act Section 1032 to “prescribe rules to ensure that the features of any consumer financial product or service…are fully, accurately, and effectively disclosed to consumers in a manner that permits consumers to understand the costs, benefits, and risks associated with the product or service, in light of the facts and circumstances.”

In addition to the above regulatory actions, the ABA urges the CFPB to launch a consumer education campaign to inform consumers about the risk, responsibilities, and choices associated with the use of data aggregation products and services.

The ABA’s letter was among 71 comment letters submitted on the RFI.  Commenters included a variety of financial institutions, other trade associations, data aggregation companies, and consumer groups.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ballard Spahr LLP | Attorney Advertising

Written by:

Ballard Spahr LLP
Ballard Spahr LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Ballard Spahr LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide