FDATA North America Submits Comment Letter in Response to CFPB Section 1033 SBREFA Outline of Proposals for Consideration

by rebecca

FDATA North America Submits Comment Letter in Response to CFPB Section 1033 SBREFA Outline of Proposals for Consideration

Contact: Justin Santopietro; [email protected]

January 25, 2023, Washington, DC – The Financial Data and Technology Association (FDATA) of North America submitted a comment letter to the Consumer Financial Protection Bureau (CFPB) in response to its Outline of Proposals for Consideration for the Small Business Regulatory Enforcement Fairness Act (SBREFA) implementing Section 1033 of the Dodd-Frank Act. Upon filing the comment letter, Executive Director Steve Boms said:

As an organization representing more than 30 financial technology and data aggregation companies, FDATA North America has long advocated for the CFPB to issue a rule implementing Section 1033 of the Dodd-Frank Act using the best information available from the broadest number of market stakeholders possible. We commend the CFPB for outlining a strong series of proposals that, when implemented, will create a more competitive, more accessible, and more inclusive financial services marketplace. As it prepares to issue a proposed rule implementing Section 1033, we encourage the CFPB to broaden the scope of covered accounts and covered recipients under the rule to maximize its impact, among other important improvements we suggest the Bureau to consider. We look forward to continuing our positive engagement with the CFPB as this rulemaking process continues.”

While FDATA’s comment letter expressed support for all the proposals in the SBREFA outline, it also urged the CFPB to expand the scope of this rulemaking by:

  • Covering a broader swath of both covered parties, including small businesses and investors, and account types, including providers of government benefit accounts used to distribute needs-based benefits programs, utility, nonfinancial, and payroll accounts, and accounts held by financial institutions not covered by Regulation E or Regulation Z;
  • Guarding against potential commercial incentives by data providers to restrict data access for particular use cases by ensuring that customer authorization may not be overridden except in very limited circumstances;
  • Requiring as many financial institutions as practicable to build and implement credential-less data access methods, while allowing sufficient time for smaller financial institutions to do so;
  • Permitting credential-based or PII and account number-enabled data access to persist as fallback options in instances in which data is not accessible through other means;
  • Clearly distinguishing between customer data and de-identified data with regard to secondary use cases;
  • Calibrating the timeline for implementation for credential-less data access based on financial institution size, and
  • Establishing a new regime for direct CFPB supervision of data aggregation platforms.

Over the past several years, FDATA has repeatedly urged the CFPB to advance a Section 1033 rulemaking, including in its response to the CFPB’s October 2020 Section 1033 Advanced Notice of Proposed Rulemaking (ANPR) and last years’ CFPB Request for Information (RFI) on so-called “Junk Fees.” FDATA North America has also advocated for a Section 1033 rulemaking through comment letters to other federal agencies, including its response to the Office of the Comptroller of the Currency’s, Federal Deposit Insurance Corporation’s and Federal Reserve’s Proposed Interagency Guidance on Third-Party Risk Management, and to the National Institute of Standards and Technology in response to its draft report on Cybersecurity Considerations for Open banking Technology and Emerging Standards.