The Consumer Financial Protection Bureau has recently outlined principles for protecting consumers when they authorize third-party companies to access their financial data to provide certain financial products and services. These principles are intended to help foster the development of innovative financial products and services, increase competition in financial markets and empower consumers to take greater control of their financial lives.
The recent announced principles reiterate the importance of protecting consumers to all stakeholders that provide use, or aggregate consumer-authorized financial data.
“…[T]he Bureau released its consumer protection principles for the consumer-authorized data-sharing market,” said CFPB Director Richard Cordray. “These principles express our vision for realizing an innovative market that gives consumers protection and value.”
Many companies, including “fintech” firms, banks, and other financial institutions, get authorization from consumers to access their account data that reside in separate organizations to provide a variety of products and services. These include fraud screening and identity verification, personal financial management, and bill payment.
Such products and services could help consumers make smarter spending, savings and investment decisions and live their lives more efficiently and effectively. The CFPB has been studying consumer-authorized data access and issued a Request for Information in 2016 to gather feedback from wide range of stakeholders. The Bureau received feedback from large and small banks and credit unions, their trade associations, aggregators, “fintech” firms, consumer advocates and individual consumers.
The Bureau recognizes that while consumer-authorized data sharing promises great benefits to consumers, there are many consumer protection challenges to be considered as these technologies continue to develop. The Bureau advocates strongly for consumer control of the consumer’s data and transparency.
The CFPB, along with the Federal Trade Commission, also emphasizes the importance of data security and privacy.
The newly released principles are intended to reiterate the importance of protecting consumers as the market for services using consumer-authorized financial data develops. They relate to data access, data scope and usability, control of the data and informed consent, payment authorizations, data security, transparency on data access rights, data accuracy, accountability for access and use, and disputes and resolutions for unauthorized access.
The principles do not establish binding requirements or obligations relevant to the Consumer Bureau’s exercise of its rulemaking, supervisory, or enforcement authority. They are not intended to alter, interpret or otherwise provide guidance on existing statutes and regulations.
The financial data sharing and aggregation protection principles are available, here.