CFPB Issues Proposed Draft for Sharing Consumer Data

The CFPB announced Thursday that it is in the process of creating regulations to implement section 1033 of the Dodd-Frank Act, which could have a significant impact on credit unions and all financial institutions as it relates to allowing consumers to have access to their data history.

According to a statement released by the CFPB, the Bureau’s “Outline of Proposals and Alternatives Under Consideration” hopes to allow consumers to transfer the account history to a new organization if they are unsatisfied with the services provided.

“This rulemaking aims to create a marketplace where companies would need to improve their offerings to keep their customers. Nascent firms would be able to use consumer-authorized data to build and widely offer products and services that can compete with big incumbents.”

“Consumers could switch providers to get a better deal or escape poor customer service, and companies would have to keep and attract customers through competitive prices, high-quality services, and improved products,” the statement read.

NAFCU officials laid out the six categories of information the CFPB listed that must be made to consumers:

1. Periodic statement information regarding transactions and deposits that have settled, including fees, account terms and conditions, and the annual percentage yield of an asset account or the annual percentage rate of a credit card account.
2. Information regarding prior transactions and deposits that have not yet settled.
3. Information about prior transactions not typically shown on periodic statements or online financial account management portals.
4. Online banking transactions that the consumer has set up but that have not yet occurred.
5. Account identity information.
6. Other information, including consumer reports obtained and used by the covered data provider in deciding whether to provide an account or other financial product or service to a consumer; fees that the covered data provider assesses on its consumer accounts; bonuses, rewards, discounts, or other incentives that the covered data provider gives to consumers; and information about security breaches that exposed a consumer’s identity or financial information.

Early in August, CUNA, NAFCU and several other financial organizations petitioned the CFPB to be aware of the risks involved with sharing data.

“We believe the CFPB should ensure that data aggregators and data users that are larger participants in the aggregation services market – not just banks and credit unions – are examined for compliance with applicable federal consumer financial law, especially the requirements of the forthcoming 1033 rulemaking, including the substantive prohibitions on the release of confidential commercial information,” the letter read.

“By the nature of their business, data aggregators hold a tremendous amount of consumer financial data. It is estimated that data aggregators hold the consumer log-in credentials for tens of millions of customers. While consumers may consent to the sharing of their financial data, many of these same consumers are unaware of the activities in which these intermediaries engage, how the information is being collected, and how the data may be used or shared.”

Comments concerning the implementation of section 1033 are due to the CFPB by Jan. 25, 2023.