North America

For Immediate Release: FDATA North America Responds to CFPB Release of Section 1033 SBREFA Memo

Contact: Justin Santopietro; [email protected]

April 4, 2023, Washington, DC – In response to the Consumer Financial Protection Bureau’s (CFPB) recent release of its Section 1033 SBREFA memo, which summarizes the feedback it received from small business representatives (SERs) during the SBREFA panels earlier this year, FDATA North America Executive Director Steve Boms released the following statement:

“The CFPB’s forthcoming Section 1033 rule represents a significant opportunity to create a more competitive and customer-centric financial services marketplace in the United States. We are glad to see that much of the feedback the CFPB has received from the SERs during the SBREFA process mirrors FDATA’s positions, including a general view that the 1033 rule should cover a broader scope of accounts, including mortgages, student loans, auto loans, personal loans, prepaid cards, payroll accounts, public benefits, and more. We are also encouraged by discussion among the SERs of the importance of the CFPB establishing authentication standards to ensure that third parties do not experience any undue restrictions in accessing user-permissioned data, as well as the importance of credential-based screen scraping continuing for some period of time given the general lack of token-based APIs that currently exist in the data provider ecosystem. We also echo the robust feedback the SERs provided to the CFPB that its proposed limitations on secondary data usage could have unforeseen negative implications for research, product improvements, and a range of other use cases, and suggestions that the Bureau more carefully consider any such limitations. We look forward to continuing to work with the CFPB as it prepares to propose a Section 1033 rulemaking later this year.”

FDATA North America and its 30+ member companies have actively collaborated with the CFPB over the past several years as it has worked to implement Section 1033 of the Dodd-Frank Act. Our efforts have included detailed letters in response to the October 2020 Advanced Notice of Proposed Rulemaking (ANPR) and the recent SBREFA Outline of Proposals for Consideration.

March 29, 2023, Washington, DC – – In response to yesterday’s release by the Government of Canada of its 2023 Budget, FDATA North America Executive Director Steve Boms issued the following statement:

“We are disappointed at the lack of progress in Budget 2023 toward the implementation of Canada’s open banking regime, particularly since the timeline set forth in the 2021 Open Banking Advisory Committee report has now passed. Despite this omission, FDATA North America and its over 30 member companies look forward to continued collaboration with the Department of Finance as it seeks to make a new Canadian consumer-centered open banking system a reality in the coming months.”

March 28, 2023, Washington, DC – FDATA North America today submitted a letter in response to the Canadian government’s review of the Competition Act. As a trade association representing dozens of some of the most innovative financial technology companies working alongside Canadian consumers and small- and medium-sized enterprises, we support the development of a more competitive marketplace in which consumers and SMEs may choose the provider, tool or service that best fits their unique need. We also used this review submission as another opportunity to urge the Government of Canada to make concrete progress on the development of its open banking regime, particularly since the deadline set forth in the 2021 Advisory Committee Report on Open Banking has now passed.

The letter stressed the important need to update and right-size the Competition Act to reflect today’s current business environment to maintain competition in the market for data-driven financial services, noting that these updates must address situations where certain market participants either individually or collectively override a decision by a consumer or SME to direct a potential competitor to electronically access their financial information. Our letter particularly described how restrictions on customer-directed data sharing that directly inhibit competition must be scrutinized under well-established competition laws as the Department of Finance works to implement an open banking regime for Canada, any stressed that any new legislation or regulations regarding competition in the financial services marketplace should be aligned with the Department’s work on this file.

The letter also identified several provisions of the Competition Act that apply to financial institutions could be more actively used to prevent financial institutions from blocking consumer-permissioned data access to third party financial providers of their choosing, and shared details on how the United Kingdom and Australia developed their open banking regimes to maximize competition and consumer benefit.

March 27, 2023, Washington, DC – FDATA North America today submitted its response to draft regulations from the Bank of Canada and Department of Finance that would implement the Retail Payment Activities Act (RPAA). The letter noted that adoption of these proposed regulations would see as many as 2,500 payment service providers (“PSPs”) overseen under a strong regulatory framework and would, once finalized and implemented, meaningfully advance the modernization of Canada’s financial services marketplace. It also respectfully suggested that the implementation of these regulations should facilitate an expedited inclusion into the scope of Canada’s open banking framework of payment use cases.

The letter strongly supports the objectives of the draft regulations and the underlying Act, but noted the absence of the critical component of end-user education. FDATA therefore suggested that the Bank of Canada and/or the Department of Finance develop an end user education plan to be deployed in concert with the implementation of the draft regulations, and that government work with market stakeholders, including PSPs, in an effort to provide consumers and SMEs with consistent information about the benefits and protections afforded to them under the draft regulations.

FDATA also expressed appreciation for inclusion of a clear timeline within which applications submitted by PSPs would be required to be reviewed by the Bank of Canada and the Department Finance. Since many FDATA members have experienced regulatory delays in application processing in other jurisdictions’ payment modernization and/or open banking frameworks, FDATA welcomes the certainty provided by the regulatory-imposed timelines for consideration of a PSP’s application.

March 6, 2023, Washington, DC – FDATA North America and its 30+ member companies today released a set of principles to govern the usage, disclosures, liability, oversight, and technology involved in open finance ecosystems. Upon release of these new principles, FDATA North America Executive Director Steve Boms said:

“As policymakers in both Canada and the United States contemplate open finance and federal data privacy frameworks, FDATA North America’s members are pleased to have collaborated on a set of privacy principles that we hope will inform their work. Today’s release is a detailed and comprehensive set of principles which we intend to serve as critical guideposts for legislators and regulators in the U.S. and Canada as they undertake the important work of creating modernized, customer-centric financial services regulatory environments.” 

The first section of this document includes definitions of data types, and requirements for minimization, secondary usage, and silent parties. The second section covers consumers disclosures, what elements they should include, their length, and options for consumer revocation. The third section discusses assessments of data breach liability, notification requirements, and consumer redress. The fourth section covers regulatory oversight, and suggests which regulators in the U.S. and Canada should be granted supervisory authority over data privacy to ensure that consumers, data providers, and third-parties are protected and acting responsibly. The final section covers the technology involved in user authentication and authorization, and how they can be changed and revoked by consumers.

A high-level summary of these principles is available here. The full set of these principles is available here and can be shared with attribution.

FDATA North America Submits Comment Letter in Response to CFPB Section 1033 SBREFA Outline of Proposals for Consideration

Contact: Justin Santopietro; [email protected]

January 25, 2023, Washington, DC – The Financial Data and Technology Association (FDATA) of North America submitted a comment letter to the Consumer Financial Protection Bureau (CFPB) in response to its Outline of Proposals for Consideration for the Small Business Regulatory Enforcement Fairness Act (SBREFA) implementing Section 1033 of the Dodd-Frank Act. Upon filing the comment letter, Executive Director Steve Boms said:

“As an organization representing more than 30 financial technology and data aggregation companies, FDATA North America has long advocated for the CFPB to issue a rule implementing Section 1033 of the Dodd-Frank Act using the best information available from the broadest number of market stakeholders possible. We commend the CFPB for outlining a strong series of proposals that, when implemented, will create a more competitive, more accessible, and more inclusive financial services marketplace. As it prepares to issue a proposed rule implementing Section 1033, we encourage the CFPB to broaden the scope of covered accounts and covered recipients under the rule to maximize its impact, among other important improvements we suggest the Bureau to consider. We look forward to continuing our positive engagement with the CFPB as this rulemaking process continues.”

While FDATA’s comment letter expressed support for all the proposals in the SBREFA outline, it also urged the CFPB to expand the scope of this rulemaking by:

• Covering a broader swath of both covered parties, including small businesses and investors, and account types, including providers of government benefit accounts used to distribute needs-based benefits programs, utility, nonfinancial, and payroll accounts, and accounts held by financial institutions not covered by Regulation E or Regulation Z;
• Guarding against potential commercial incentives by data providers to restrict data access for particular use cases by ensuring that customer authorization may not be overridden except in very limited circumstances;
• Requiring as many financial institutions as practicable to build and implement credential-less data access methods, while allowing sufficient time for smaller financial institutions to do so;
• Permitting credential-based or PII and account number-enabled data access to persist as fallback options in instances in which data is not accessible through other means;
• Clearly distinguishing between customer data and de-identified data with regard to secondary use cases;
• Calibrating the timeline for implementation for credential-less data access based on financial institution size, and
• Establishing a new regime for direct CFPB supervision of data aggregation platforms.

Over the past several years, FDATA has repeatedly urged the CFPB to advance a Section 1033 rulemaking, including in its response to the CFPB’s October 2020 Section 1033 Advanced Notice of Proposed Rulemaking (ANPR) and last years’ CFPB Request for Information (RFI) on so-called “Junk Fees.” FDATA North America has also advocated for a Section 1033 rulemaking through comment letters to other federal agencies, including its response to the Office of the Comptroller of the Currency’s, Federal Deposit Insurance Corporation’s and Federal Reserve’s Proposed Interagency Guidance on Third-Party Risk Management, and to the National Institute of Standards and Technology in response to its draft report on Cybersecurity Considerations for Open banking Technology and Emerging Standards.