Bankers and other financial product and service providers should expect to provide their consumer customers with far greater access to information than ever before.

The financial reform law adopted last year, known as the Dodd-Frank Wall Street Reform and Consumer Protection Act, established a new financial regulatory agency known as the Consumer Financial Protection Bureau. Under Dodd-Frank, the CFPB has the authority to promulgate regulations governing the credit agency reporting practices of financial institutions, including community banks. Also, under Dodd-Frank, banks must make available to each consumer all information regarding a financial product or service such consumer has purchased, including transaction history, cost, and usage information. All of this must be made available in an electronic, usable format, which will be prescribed and overseen by the CFPB.

The CFPB will now have authority to promulgate rules related to privacy and data security under the Fair Credit Reporting Act, the Gramm-Leach-Bliley Act, the Right to Financial Privacy Act and the Financial Privacy Act. Under Dodd-Frank, the CFPB is authorized to promulgate rules "identifying as unlawful, unfair, deceptive, or abusive acts or practices in connection with any transaction with a consumer for a consumer financial product or service." The portion of CFPB authority focusing on abusive acts or practices is new in the consumer protection world—giving the CFPB broad authority to regulate in a completely undeveloped area of the law.

All these privacy and data security regulatory changes, some of them known and others forthcoming, will potentially mean large changes in the information storage and transmission practices of all financial institutions. Consider the following:

  • Because consumers will be able to request far more information than ever before, all financial institutions must maintain integrated databases and networks to provide all requested information in a timely manner.
  • Because the CFPB will require certain procedures for reporting to credit agencies, all financial institutions must analyze their current procedures to ensure prompt compliance with the forthcoming CFPB rules.
  • Also, for both the above reasons, all financial Institutions should review their data storage practices to ensure the security and accuracy of all information they provide to consumers and to credit agencies.

 In addition to the above, stay ahead of the curve by taking part in the rulemaking process. One last suggestion – contact your legal counsel for assistance in providing comments during the rulemaking process and for assistance with your compliance efforts regarding both Dodd-Frank and the final CFPB rules.