The Consumer Financial Protection Bureau released its proposal to implement standards for sharing consumer financial data under Section 1033 of the Dodd-Frank Act.
Proposal Details: The CFPB’s proposed rule would:
Require depository and nondepository entities to make available to consumers and authorized third parties certain data relating to consumers’ transactions and accounts.
Establish obligations for third parties accessing consumer data, including privacy protections.
Provide basic standards for data access, including preventing data providers from relying on screen scraping to comply.
Compliance Deadlines: The proposal staggers compliance deadlines according to four tiers based on data providers’ size, technology, and use of third-party service providers and legacy systems. Compliance dates would range from six months to four years after publication of the final rule in the Federal Register.
ICBA Response: In a national news release, ICBA said it is reviewing the proposed rule, which it said must focus on holding nonbank entities to the same level of data standards that apply to community banks. “The CFPB must ensure its rule avoids mandates that would disadvantage community banks and the customers and communities they serve,” ICBA President and CEO Rebeca Romero Rainey said.
Previous ICBA Comments: In a comment letter earlier this year responding to a previous CFPB outline of proposals, ICBA said the bureau’s rulemaking should resist requiring banks to provide information outside the scope of Section 1033, limit data requirements that might harm consumers and banks, and create exceptions and safe harbor protections tailored to community banks.
Outlook: ICBA is reviewing the proposed rule and will submit comments ahead of the Dec. 29 deadline.
