The Consumer Financial Protection Bureau this week released its Small Business Regulatory Enforcement Fairness Act report on its pending rulemaking to establish standards for sharing consumer financial data, setting the stage for the bureau to issue a proposed rule.
Background: The CFPB is working to implement Section 1033 of the Dodd-Frank Act, which requires banks and other entities to provide consumers and authorized third parties access to financial information. Under SBREFA, the CFPB must convene panels to consider the impact of its proposals on small entities.
Proposal Overview: The bureau’s SBREFA report provides an overview of the outline of proposals it released in October, including allowing consumers to transfer their account history to a new company and imposing limits on third parties reselling authorized data.
SBREFA Input: The report also documents the input it received from small entities, including ICBA’s representative Jeff Jacobson, compliance officer at New Market Bank in Elko New Market, Minn. As a SBREFA panel participant and in a public comment letter with New Market Bank President, CEO, and CFO Anita Drentlaw, Jacobson said 1033 would disproportionately affect small entities like community banks, which rely on third parties.
ICBA Comments: In a comment letter earlier this year responding to the CFPB outline of proposals, ICBA called on the bureau to:
- Resist requiring banks to provide information outside the scope of Section 1033.
- Limit data requirements that might harm consumers and banks.
- Apply the rule to all entities offering accounts that retain customer funds.
- Require authorized third parties to disclose risks and inform of their liability in the event of a loss.
- Create exceptions and safe harbor protections tailored to provide maximum legal and regulatory protection for community banks.
- Bring third-party providers under the supervision of the CFPB and subject them to annual examinations.
Petition on Data Aggregators: ICBA and other groups previously called on the CFPB to initiate a rulemaking that defines “larger participants” in the data aggregation services market that should be subject to ongoing supervision. The groups noted in a joint petition that while the 1033 rule will apply to financial institutions and data aggregators, third-party aggregators are not subject to CFPB supervision.