The Consumer Financial Protection Bureau is seeking public comment on the costs and challenges of enforcing the Dodd-Frank Act’s data sharing requirements as it considers new rulemaking to implement the law.
Section 1033 of the Dodd-Frank Act requires financial institutions to make a consumer’s financial information available in electronic form. The CFPB issued a final rule last year to implement the law, but it was challenged in federal court. The bureau requested a stay in the lawsuit to give it time to issue new rulemaking, which the court recently granted. The CFPB said as part of its reconsideration of the rule, it plans to issue a notice of proposed rulemaking to extend the compliance dates.
According to an advanced notice of proposed rulemaking, the CFPB is seeking data and comments to inform it in four areas as it drafts a new rule:
The proper understanding of who can serve as a “representative” making a request on behalf of the consumer.
The optimal approach to the assessment of fees to defray the costs incurred by a “covered person” in responding to a customer-driven request.
The threat and cost-benefit pictures for data security associated with Section 1033 compliance.
The threat picture for data privacy associated with Section 1033 compliance.
Comments must be submitted within 60 days of publication of the request in the Federal Register.
ABA: Proposal is promising first step
In a statement, American Bankers Association President and CEO Rob Nichols said the association welcomes the advanced notice of proposed rulemaking as the first step to substantially revise the rule.
“Stakeholders from every part of the data sharing chain have significant concerns with the current rule, and we look forward to engaging with the new leadership at the CFPB to address critical issues important to consumers including the need for a robust liability regime for resolving unauthorized activity or data breaches; preserving data providers’ ability to safeguard data; ending once and for all the dangerous practice of screen scraping that puts consumer personal information at greater risk; the government-mandated subsidization of other companies’ business models; and how long covered entities will have to come into compliance with the regulatory requirements,” he said.
Nichols added that ABA hopes the new rulemaking will preserve the positive aspects of the existing rule, such as the role of industry standard setting for data formats and strong privacy protections to prevent the unwitting sale of consumers’ sensitive personal financial information by data aggregators.
“One thing everyone can agree on is the need for a rule that follows the law; any provisions in the amended regulation must be supported by statutory language,” he said.
