Banks ask CFPB to crack down on data aggregators

Eight bank trade groups have petitioned the Consumer Financial Protection Bureau to define data aggregators as larger participants subject to regulatory supervision. 

In a 10-page letter sent Tuesday to CFPB Director Rohit Chopra, the bank trade groups asked the bureau to issue a larger participant rule before implementing a separate rulemaking on consumer access to financial data. The trade groups also called for the CFPB to define the services of data aggregators as a financial product or service.

The trade groups argue that the explosive growth in data aggregation services has created more risks for consumers — particularly to data privacy and security — which could result in uneven enforcement.

House Antitrust Hearing On Online Platforms And Market Power
A group of banking trade associations called on Consumer Financial Protection Bureau Director Rohit Chopra to make a concurrent data access rule specifically for data aggregation companies to subject them to the same type of CFPB oversight as banks.

"Banks and credit unions are regularly supervised and examined by the CFPB, whereas non-depository institutions such as data aggregators and data users are not examined by the CFPB," the trade groups, led by the American Bankers Association, said in the letter.

The letter comes as the CFPB is in the thick of writing a rule around consumers' access to their own financial data. The rule, known as Section 1033 for its place in the Dodd-Frank Act, seeks to clarify standards for how fintechs access bank account data. It also would ensure that banks provide consumers access to their own bank account transaction data including costs, charges and usage data. The CFPB expects to release a small business outline for the data access rule in November

The CFPB is expected to issue a larger participant rule either in tandem with the 1033 rulemaking or on its own to define the market they would supervise.

A number of data aggregators, including Plaid and Envestnet Yodlee, have asked the CFPB to supervise them, joining a diverse coalition of nonbanks and consumer groups endorsing oversight. Many data aggregators say their products are designed to put consumers in control of their data and where it is shared. 

"Proactive supervision is … critical to identifying data privacy and security risks before any harm is done to consumers, and to prevent the reverse-engineering of legally-protected commercial information," the letter stated.  

Data aggregators currently hold consumer log-in credentials for tens of millions of customers that have consented to sharing their financial data. But many consumers have no idea how aggregators collect, share or use the data, the groups said.

The CFPB has the authority to supervise larger participants of markets for consumer financial products or services under Dodd-Frank. The groups filed the request for the first time under the CFPB's updated petition process.

The letter was also signed by the Consumer Bankers Association, Credit Union National Association, Housing Policy Council, Independent Community Bankers of America, National Association of Federally-Insured Credit Unions, National Bankers Association and The Clearing House Association 

For reprint and licensing requests for this article, click here.
Regulation and compliance Politics and policy
MORE FROM AMERICAN BANKER