Newsroom

The CFPB Thursday announced an outline of proposals to implement section 1033 of the Dodd-Frank Act, which aims to provide a formal mechanism for making consumer data portable. This marks the next step in the process of issuing a financial data rights rule.

The data collection rule, as proposed, “would require firms to make a consumer’s financial information available to them or to a third party at that consumer's direction.” This allows consumers to “transfer their account history to a new company, so they do not have to start over if they are unsatisfied with the service provided by an incumbent firm."

The bureau stated the proposal will impact “depository and non-depository financial institutions that provide consumer funds-holding accounts or that otherwise meet the Regulation E definition of financial institution, as well as depository and non-depository institutions that provide credit cards or otherwise meet the Regulation Z definition of card issuer.” 

Additionally, the CFPB listed six categories of information that must be made available to consumers:

·       periodic statement information regarding transactions and deposits that have settled, including fees, account terms and conditions, and the annual percentage yield of an asset account or the annual percentage rate of a credit card account;

·       information regarding prior transactions and deposits that have not yet settled;

·       information about prior transactions not typically shown on periodic statements or online financial account management portals;

·       online banking transactions that the consumer has set up but that have not yet occurred;

·       account identity information; and

·       other information, including consumer reports obtained and used by the covered data provider in deciding whether to provide an account or other financial product or service to a consumer; fees that the covered data provider assesses on its consumer accounts; bonuses, rewards, discounts, or other incentives that the covered data provider gives to consumers; and information about security breaches that exposed a consumer’s identity or financial information.

NAFCU wrote to the bureau in response to its advance notice of proposed rulemaking on section 1033 and advised the bureau to "avoid implementing section 1033 in a way that impairs a credit union's ability to protect its members' data from the risk of theft or abuse."

Additionally, the letter urged the bureau to “ensure that access to consumer financial records is predicated upon a fair distribution of costs, data security and data privacy responsibilities that does not overburden credit unions who already face competitive pressure and reduced bargaining power when interacting with larger technology companies."

The publication of this outline of proposals is required under the Small Business Regulatory Enforcement Fairness Act (SBREFA); for the next step, the bureau will host a SBREFA panel consisting of representatives from the industries impacted.

NAFCU will solicit feedback from members on the proposals and submit comments by the Jan. 25, 2023, deadline.