CU Trades, Others Petition CFPB Over 'Data Aggregator Rulemaking'
NAFCU, CUNA and bankers want the bureau to hold fintechs to credit union and bank standards.
A 10-page letter filed Tuesday from eight financial trade groups, including CUNA, NAFCU and the American Bankers Association, officially petitioned the CFPB to strengthen its rulemaking concerning the privacy and security of consumer data held by fintech organizations.
The groups have asked the CFPB to better define “larger participants” that will be subject to CFPB supervision under section 553(e) of the Administrative Procedure Act.
According to the bureau, officials there are currently engaged in a rulemaking regarding section 1033 of the Dodd-Frank Act, which establishes standards for the sharing of consumer financial data.
“We believe the CFPB should ensure that data aggregators and data users that are larger participants in the aggregation services market – not just banks and credit unions – are examined for compliance with applicable federal consumer financial law, especially the requirements of the forthcoming 1033 rulemaking, including the substantive prohibitions on the release of confidential commercial information,” the letter stated.
According to a statement from NAFCU, the CFPB has avidly monitored the aggregation services market and has since identified the main participants as consumers, data holders, data users and data aggregators. “The bureau acknowledged that while the use of consumer financial data by these participants could lead to improved and innovative consumer financial products, there are still several data privacy and security concerns to consider,” NAFCU stated.
While credit unions and banks are targeted as holders of consumer data and subject to CFPB supervision, the trade groups stated that fintechs and many other non-depository institutions are not and this creates a “supervisory imbalance.”
“By the nature of their business, data aggregators hold a tremendous amount of consumer financial data. It is estimated that data aggregators hold the consumer log-in credentials for tens of millions of customers. While consumers may consent to the sharing of their financial data, many of these same consumers are unaware of the activities in which these intermediaries engage, how the information is being collected and how the data may be used or shared,” the letter stated.