Eight national banking trade groups — the American Bankers Association, Consumer Bankers Association, Credit Union National Association, Housing Policy Council, Independent Community Bankers of America, National Association of Federally-Insured Credit Unions, National Bankers Association, and The Clearing House Association — petitioned the Consumer Financial Protection Bureau (CFPB) to extend its supervision to “data aggregators.” This is the first time any of the groups have used the CFPB’s petition process since it was revamped this past February.
The petition notes that while banks and credit unions are regularly supervised and examined by the CFPB, non-depository institutions, such as “data aggregators,” data holders, and data users, are not. “This supervisory imbalance creates both an unsustainable model as the aggregation services market grows and the risk that the laws applicable to the activities of those larger participants in this market will be enforced inconsistently.”
The petition targets “data aggregators,” previously defined by the CFPB as: “[A]n entity that supports data users and/or data holders in enabling authorized data access” and states that data aggregators typically access and transmit consumer financial data to data users pursuant to consumer authorization. The CFPB further has stated that data aggregators can be “fourth parties” that support data users in procuring consumer authorization to access data, and in accessing data, and often support data holders in facilitating authorized third-party access to their customers’ data.
The CFPB is currently engaged in rulemaking under Section 1033 of the Dodd-Frank Act, which authorizes the CFPB to establish standards for sharing consumer financial data. Financial institutions already need to meet significant data privacy requirements under federal law and are monitored by the CFPB for compliance. While data aggregators will be covered by any new Section 1033 rules, they will not be subject to the CFPB’s supervision.
The Dodd-Frank Act allows the CFPB to supervise larger participants of markets for consumer financial products or services, and the petition requests the CFPB to propose a rule that would add a definition for “larger participants of a market” for aggregation services and define aggregation services as a financial product or service.
Providing a rational for the requested change, the petition stated: “Consumer protection laws and regulations must be enforced in a fair and comparable way to ensure legal and regulatory obligations are observed. The Associations believe that establishing accountability across all providers of comparable financial products and services is a fundamental mission of the CFPB.”
Responding to the petition, a CFPB spokesman stated: “Pursuant to our new process, we will consider this petition after posting it on regulations.gov and taking comments from the public.”
Troutman Pepper will continue to monitor important developments involving the CFPB, the Dodd-Frank Act, and data aggregators and will provide further updates as they become available.