• Login
    • Advanced search
    • Title
    • Channel
    • Module
  • Home
  • Industry
    •  

      • Aerospace, Defense, and Government Services
      • Automotive
      • Consumer
      • Manufacturing and Industrials
      • Education
      • Energy and Natural Resources
      • Financial Institutions
    •  

      • Insurance
      • Life Sciences and Health Care
      • Private Capital
      • Real Estate
      • Sports, Media and Entertainment
      • Technology and Telecoms
      • Transport and Logistics
  • Practice
    • Corporate & Finance

      • Banking and Loan Finance
      • Blockchain
      • Business Restructuring and Insolvency
      • Capital Markets
      • Corporate Governance and Public Company Representation
      • Infrastructure, Energy, Resources, and Projects
      • Leveraged and Acquisition Finance
      • Mergers and Acquisitions
      • Pensions
      • Private Equity, Venture Capital and Investment Funds
      • Real Estate
      • Real Estate Investment Trusts (REITs)
      • Tax
      • Transfer Pricing
    • Global Regulatory

      • Administrative and Public Law
      • Antitrust and Competition
      • Communications, Internet, and Media
      • Education
      • Energy Regulatory
      • Environment and Natural Resources
      • Financial Services
      • Food Law
      • Gaming Law
      • Government Contracts and Public Procurement
      • Government Relations and Public Affairs
      • Health
      • Immigration
      • International Trade and Investment
      • Medical Device and Technology Regulatory
      • New Nuclear
      • Pharmaceuticals and Biotechnology Regulatory
      • Privacy and Cybersecurity
      • Space and Satellite
      • Strategic Operations, Agreements and Regulation
      • Transportation Regulatory
    • Intellectual Property

      • Copyright
      • Designs
      • Domain Names
      • IP and Technology Transactions
      • IP Enforcement
      • Patents
      • Trade Secrets and Confidential Know-how
      • Trademarks and Brands
      • Unfair Competition
    • Litigation, Arbitration, and Employment

      • Business and Human Rights
      • Construction and Engineering
      • Corporate and Securities Litigation
      • Employment
      • International Arbitration
      • Investigations, White Collar, and Fraud
      • Products Law
      • Risks, Disputes, and Litigation
  • Comparative guides
  • Engage Premium
  • Login
  • Register
Hogan Lovells Engage 5.6.14
      • Title
      • Channel
      • Module
    • Hit ENTER to search in content
    • Advanced search
    • Login
  • Home
  • Industry
    •  

      • Aerospace, Defense, and Government Services
      • Automotive
      • Consumer
      • Manufacturing and Industrials
      • Education
      • Energy and Natural Resources
      • Financial Institutions
    •  

      • Insurance
      • Life Sciences and Health Care
      • Private Capital
      • Real Estate
      • Sports, Media and Entertainment
      • Technology and Telecoms
      • Transport and Logistics
  • Practice
    • Corporate & Finance

      • Banking and Loan Finance
      • Blockchain
      • Business Restructuring and Insolvency
      • Capital Markets
      • Corporate Governance and Public Company Representation
      • Infrastructure, Energy, Resources, and Projects
      • Leveraged and Acquisition Finance
      • Mergers and Acquisitions
      • Pensions
      • Private Equity, Venture Capital and Investment Funds
      • Real Estate
      • Real Estate Investment Trusts (REITs)
      • Tax
      • Transfer Pricing
    • Global Regulatory

      • Administrative and Public Law
      • Antitrust and Competition
      • Communications, Internet, and Media
      • Education
      • Energy Regulatory
      • Environment and Natural Resources
      • Financial Services
      • Food Law
      • Gaming Law
      • Government Contracts and Public Procurement
      • Government Relations and Public Affairs
      • Health
      • Immigration
      • International Trade and Investment
      • Medical Device and Technology Regulatory
      • New Nuclear
      • Pharmaceuticals and Biotechnology Regulatory
      • Privacy and Cybersecurity
      • Space and Satellite
      • Strategic Operations, Agreements and Regulation
      • Transportation Regulatory
    • Intellectual Property

      • Copyright
      • Designs
      • Domain Names
      • IP and Technology Transactions
      • IP Enforcement
      • Patents
      • Trade Secrets and Confidential Know-how
      • Trademarks and Brands
      • Unfair Competition
    • Litigation, Arbitration, and Employment

      • Business and Human Rights
      • Construction and Engineering
      • Corporate and Securities Litigation
      • Employment
      • International Arbitration
      • Investigations, White Collar, and Fraud
      • Products Law
      • Risks, Disputes, and Litigation
  • Comparative guides
  • Engage Premium
  • Login
  • Register
  1. News
  2. CFPB issues advanced notice of proposed rulemaking on Section 1033 regarding consumer access to financial data

CFPB issues advanced notice of proposed rulemaking on Section 1033 regarding consumer access to financial data

29 October 2020
    • Share by email
    • Share on
    • Twitter
    • LinkedIn
    • Get link
    • Get QR Code
    • Download
    • Print

The Consumer Financial Protection Bureau (CFPB) released an advanced notice of proposed rulemaking (ANPR) requesting information related to consumer access to financial records. The ANPR is another step towards the CFPB’s implementation of Section 1033 of the Dodd-Frank Act of 2010, which requires, among other things, that consumer financial services providers make available to consumers information about the financial products or services that the consumers obtained from the provider, including associated transaction records and “costs, charges and usage data.” 

Section 1033 tasks the CFPB with implementing rules for consumer financial services providers to make available to consumers financial records through standardized formats, including through the use of machine readable files in electronic form.  The CFPB’s ANPR solicits comments and information to assist the CFPB in developing the regulations. The deadline to submit comments is 90 days after the ANPR is published in the Federal Register.

The CFPB emphasizes in the ANPR that developing rules around consumer access to financial records has become an increasingly important consumer protection issue as third parties, including financial institutions and financial technology (fintech) companies, seek to access and aggregate financial data to provide new services aimed at making it easier, less costly, and otherwise more efficient for consumers to manage their financial lives.  For example, the CFPB notes that in recent years the number and usage of products and services that utilize or rely upon consumers’ ability to authorize third-party access to their data has grown “substantially and rapidly,” and this has been accompanied by an expansion in the number of use cases for authorized data. Data aggregators that facilitate consumers being able to maintain all of their financial records in one location are increasingly popular. The CFPB recognizes that there are consumer benefits from these services and consumer-authorized data access, including enabling improvements to existing products, fostering competition for existing products, allowing new types of products and services to be offered, and increasing control by consumers over their data.  

In many cases, these increasingly popular third-party services seek permission from consumers to access financial accounts on the consumers’ behalf. Some may then use the consumers’ credentials to log in and scrape account information. Some financial institutions have moved towards API-based data sharing, allowing these third parties to access and retrieve account information in a more secure manner. Regardless of how third parties retrieve financial account information, there are privacy and security risks, as financial institutions have limited control over how third parties use, disclose, and protect account information once the third parties receive it. In addition, the CFPB has expressed concern about how regulatory uncertainty may be impacting this market, including because of the interplay between section 1033 and other laws the CFPB has jurisdiction over such as the Fair Credit Reporting Act (FCRA) and Gramm Leach Bliley Act (GLBA). The CFPB is therefore seeking further information as it moves toward developing rules.  

In the ANPR, the CFPB specifically seeks information from any interested parties in nine areas:

  • Benefits and costs of consumer data access
  • Competitive incentives and authorized data access
  • Standard-setting
  • Access scope
  • Consumer control and privacy
  • Legal requirements other than section 1033
  • Data security
  • Data accuracy
  • Other information

The CFPB’s progress toward section 1033 rules has been a long time in the making. The CFPB initiated the rulemaking process in 2016 with a Request for Information (RFI) Regarding Consumer Access to Financial Information to develop a better understanding of the current ecosystem of authorized data access and the risks and issues related to that ecosystem. In October 2017, it released a set of “Consumer Protection Principles” for participants “in the developing market for services based on the consumer-authorized use of financial data.” Since then the CFPB has continued to analyze and collect information, and in July of this year released a report of its findings from its February 2020 Symposium on this issue. Following its acceptance of comments in the ANPR, it is unclear how long it will be before the CFPB develops draft rules and initiates a notice of proposed rulemaking.   

 

Authored by Tim Tobin and Roshni Patel.

Contacts
Tim Tobin
Partner
Washington, D.C.
Roshni Patel
Senior Associate
Washington, D.C.
Additional Resources
  • Consumer FInancial Protection Bureau Advanced Notice of Proposed Rulemaking
Keywords CFPB, Consumer Financial Protection Bureau, ANPR, rulemaking, Dodd-Frank Act of 2010, fintech
Languages English
Topics Privacy
Countries United States
Delete Comment ?

Are you sure want to delete comment ?

Get link
Embed
Share by email
Get QR Code

Scan this QR Code to share this content