Principles for protecting consumers when authorizing third-parties to access their financial data for financial products and services were unveiled Wednesday by the Consumer Financial Protection Bureau (CFPB), with an aim of fostering development of “innovative financial products and services,” among other things.
The nine principles, CFPB said in a statement, relate to data access, data scope and usability, control of the data and informed consent, payment authorizations, data security, transparency on data access rights, data accuracy, accountability for access and use, and disputes and resolutions for unauthorized access.
They do not, the agency said, establish binding requirements or obligations relevant to the bureau’s exercise of its rulemaking, supervisory, or enforcement authority. And, they are not intended to alter, interpret, or otherwise provide guidance on existing statutes and regulations that apply in this market.
Additionally, CFPB said the principles are not intended as a statement of its future enforcement or supervisory priorities.
In issuing the principles, the agency noted that “fintech” firms and financial institutions receive authorization from consumers to access their account data which reside in separate organizations to provide a variety of products and services. These include fraud screening and identity verification, personal financial management, and bill payment. CFBP asserted that “such products and services could help consumers make smarter spending, savings, and investment decisions and live their lives more efficiently and effectively.”
The agency said it has been studying consumer-authorized data access and issued a Request for Information last year to gather feedback from wide range of stakeholders. Those included banks and credit unions, their trade associations, aggregators, “fintech” firms, consumer advocates, and individual consumers.
CFPB principles for consumer-authorized financial data sharing and aggregation