On November 17, the CFPB formally announced the launch of an inquiry into the benefits and risks associated with consumers authorizing third-parties to access their financial and account information held by financial service providers. The CFPB has been investigating and assessing issues related to data access and technological innovation for some time, including through Project Catalyst .
As detailed in the Request for Information (Dkt No. CFPB-2016-0048) issued on November 17, the CFPB is focused on three main points of inquiry: (i) secure access for consumers – i.e., are consumers able to securely access, and authorize others to securely access, their financial records? Are there any “business burdens” that must be addressed to provide access and use of financial records?; (ii) third-party risk — i.e., some financial institutions have expressed concern that providing third parties with access to records may compromise consumer privacy or put their funds at risk. The CFPB would like learn more about options for ensuring that financial records are securely obtained, stored and used; and (iii) consumer control — i.e., to what extent are consumers able to control how shared data is being used by third-parties with authorized access? Are consumers able to limit the number of times those firms can access the data?
In prepared remarks delivered at a field hearing in Salt Lake City, UT, CFPB Director Richard Cordray explained: “The technology around digital financial records continues to develop and, so far, there are many unanswered questions about how the information is being shared, by and to whom, and how safely. As with any emerging industry, we are hearing about some bumps in the road. Both Fintech companies and financial institutions, as well as consumer groups, are describing to us the various challenges, risks and technological obstacles to further progress in this area.”