If financial institutions make it difficult for consumers to share access to their digital financial records, they’ll be blocking a new generation of consumer-friendly products and services, warned Consumer Financial Protection Bureau director Richard Cordray at a field hearing in Salt Lake City yesterday.
When consumers grant permission for third parties to access their digital financial records, they can gain powerful insights around their spending habits, monitor relationships with multiple financial institutions from one place and even establish creditworthiness by allowing a prospective creditor to access a transaction account, said Cordray. “This data yields enormous insight that can empower consumers to make decisions and improve their financial lives,” said Cordray. “Whereas once upon a time consumers might have brought a shoebox full of paper to a financial advisor or loan officer, now consumers can accomplish the same thing just by providing access to their digital financial records. This is a world full of new promise, where consumers have the chance to gain the tremendous benefits of ease, speed, convenience, and transparency.”
Last month Cordray told the audience of Money 20/20, one of the largest payment conferences in the country, that consumers should be able to access their financial data and give permission for third-party companies to access it as well. Whether his words will prompt greater cooperation between banks and third parties, including aggregators, is up for debate. Both Cordray’s future and that of the agency he works for are in question following last week’s Republican victories. The CFPB was created as part of the Dodd-Frank financial reforms and given the mission of protecting consumers in the wake of the 2008 financial crisis. However, CFPB has been under attack since its inception as many Republicans argue that the financial services industry is already over-regulated. President-Elect Donald Trump has stated that he plans to dismantle Dodd-Frank but has not discussed his plans for the CFPB. And while Cordray’s term isn’t up until 2018, a federal appeals court has ruled that he can be removed at will by the president.
Coinciding with Thursday’s field hearing, CFPB announced that it is launching an inquiry into the challenges consumers face in accessing, using and securely sharing their financial records. The bureau has “heard concerns about ways that financial institutions may make it difficult or impossible for consumers to allow others to access and use their digital financial records.” A high profile example in the fall of 2015 involved J.P. Morgan, Wells Fargo and other banks restricting customers of Mint from accessing their bank account information. Confronted with competition from popular services helping consumers manage their finances, banks “are becoming more protective of their customer information and are limiting how much data they pass on,” reported Robin Sidel of the Wall Street Journal.
While largely supportive of fintech innovators, CFPB has also acknowledged security concerns and heard “from some financial institutions that providing third-party companies with access to records may compromise consumer privacy or put consumers’ funds and account relationships at risks.” The CFPB inquiry, which has opened up a 90 day public comment period, asks about options for ensuring that financial records are securely obtained, stored and used.
During Thursday’s field hearing, banking industry groups voiced concerns around security. The use of protected login credentials “to access a bank’s highly secure environment has raised justifiable concerns,” said Alaina Gimbert, senior vice president and associated general counsel at the Clearing House, a banking association that advocates on public policy issues on behalf of the largest U.S. commercial banks. “Banks are concerned with privacy and security of information as it moves out of the bank’s environment into an environment less regulated and supervised.” Rob Morgan, Vice President for Emerging Technologies at the American Bankers Association, echoed these sentiments, noting that “customers deserve bank level security regardless of where they choose to share their data.” While assuring regulators that banks are actively developing ways to facilitate safe and secure access to digital financial records, Morgan added that, “This is not as easy as flipping a switch, as some have suggested. There is a lot of coordination that needs to go on between our nation’s 6,000 banks, their technology providers, data aggregators and their customers.”
Groups representing banks also expressed concern around third party disclosures and consumer liability in the event of a breach. Gimbert stated that “most data aggregators and their contractual terms limit their own liability, which in turn increases consumer liability. Consumers may not be aware of this.” Gimbert suggested that these risks are best addressed through operational and legal arrangements between data aggregators and banks.
David Silberman, Associate Director of the Research, Markets and Regulations Division at CFPB, asked hearing participants if the industry — in the absence of regulation — could develop practices that balance concerns around security with consumers' best interests. Ed Mierzwinski, Consumer Program Director at U.S. PIRG, a consumer advocacy group, said that the “offer of creating voluntary standards is one that industry makes all the time to delay regulation or to delay legislation and to delay customer protection. I don’t think this will work unless we have enforceable, minimum standards from a federal agency.” Pointing to a recent Gallup poll that found only 27% of U.S. adults have “a great deal” or “quite a lot” of confidence in banks, Joe Valenti of the Center for American Progress agreed that “standards across the board that are enforceable by an agency like the CFPB could go a long way toward building that trust in the financial sector.”
Industry groups rebuffed such calls for regulation. “It’s possible to get where we want to go without prescriptive regulation,” said Gimbert. “I don’t hear us that far apart with what we’re concerned about and where we want to go.” Ryan Falvey, Managing Director at the Center for Financial Services Innovation, encouraged the CFPB to study the issue but take a "less prescriptive approach."CFPB’s Request for Information can be found here.