CFPB Rule 1033: Lawmakers Push for Consumer Data Protection

The landscape of financial technology, commonly known as FinTech, is continuously evolving, driven by innovations that promise greater efficiency, accessibility, and personalization in financial services. Central to this evolution is the concept of open banking, a paradigm where consumers can securely share their financial data with third-party providers to access a wider array of products and services. However, as with any technological advancement involving sensitive information, the imperative to protect consumer choice and ensure robust financial data privacy remains paramount. This very concern has been brought to the forefront by prominent lawmakers who are actively engaging with the Consumer Financial Protection Bureau (CFPB) as it undertakes the crucial task of rewriting Rule 1033.

Congressional Oversight and Consumer Protection in Open Banking

The House Financial Services Committee, a pivotal body in shaping financial legislation, has taken a proactive stance on the CFPB's rulemaking process for open banking. Specifically, the committee's chairman, Representative French Hill of Arkansas, and vice chairman, Representative Bill Huizenga of Michigan, have articulated their expectations and recommendations to the CFPB. Their joint comment letter underscores a deep commitment to ensuring that the revised regulations under Section 1033 of the Dodd-Frank Act (DFA) do not inadvertently stifle innovation or diminish consumer control over their financial information.

In their letter, dated November 14, the representatives emphasized the critical balance that must be struck between facilitating an innovative FinTech ecosystem and safeguarding consumer interests. They advocate for a framework that preserves the ability of consumers to authorize a diverse range of third-party entities—whether those with fiduciary duties or not—to access and utilize their financial data. This flexibility is seen as essential for the continued development and provision of beneficial and innovative financial products and services that can significantly empower consumers.

Preserving the Existing Ecosystem and Fostering Innovation

A core tenet of the lawmakers' message is the importance of avoiding any regulatory changes that could disrupt the current operational dynamics of the financial data ecosystem. "We are in the era of consumer financial data portability," they wrote, cautioning against "upending of the existing ecosystem to the detriment of consumers and innovation." This statement reflects a recognition that while regulatory adjustments are necessary, they should be designed to enhance, rather than dismantle, the established mechanisms that currently support consumer-permissioned data sharing.

The call to preserve the existing ecosystem highlights the complex interplay between data aggregators, financial institutions, and FinTech innovators. Many third-party applications rely on established data access methods to provide services ranging from personal financial management to budgeting tools and investment advice. A wholesale alteration of these methods without careful consideration could lead to widespread disruption, potentially limiting consumer choice and access to valuable financial tools.

Harmonizing Standards: The Gramm-Leach-Bliley Act as a Benchmark

One of the most pragmatic suggestions put forth by Representatives Hill and Huizenga concerns the adoption of existing privacy and security standards. They recommend that the CFPB integrate the consumer financial data privacy and security standards outlined in the Gramm-Leach-Bliley Act (GLBA) into the new Rule 1033. The GLBA, a federal law enacted in 1999, is already a foundational pillar of data privacy for financial institutions, dictating how they handle nonpublic personal information of consumers.

The rationale behind this recommendation is multi-faceted. Firstly, it would significantly conserve CFPB resources by leveraging a proven and established regulatory framework, thereby avoiding the need to develop entirely new standards from scratch. Secondly, it would prevent the imposition of unnecessary and potentially duplicative compliance costs on covered entities, many of whom are already operating under GLBA guidelines. Perhaps most importantly, adopting GLBA standards would create a consistent and uniform level of protection across all entities affected by the DFA 1033 rulemaking, providing consumers with the predictable and robust data privacy safeguards they have come to expect.

The CFPB's Path Forward and Section 1033

The CFPB's initiative to rewrite Rule 1033 is rooted in Section 1033 of the Dodd-Frank Act, which grants consumers the right to access their financial data held by financial institutions. This provision is foundational to the concept of open banking and aims to empower consumers with greater control over their financial information, fostering competition and innovation in the financial sector. The agency officially commenced its advanced notice of proposed rulemaking on August 22, signaling its intent to gather comprehensive comments and data from stakeholders to inform its deliberations.

This rulemaking effort is not occurring in a vacuum. It follows a legal challenge in which plaintiffs contested an open banking rule previously implemented by the CFPB under the Biden administration. In July, the CFPB informed a judge that it would undertake this revision, a move that could potentially obviate the need for the court to further consider the existing rule. This background underscores the complexity and legal sensitivity surrounding the establishment of definitive guidelines for financial data rights.

As the CFPB moves forward with rewriting Rule 1033, the input from lawmakers like Representatives Hill and Huizenga will be critical in shaping a regulatory framework that is both forward-looking and protective of consumer interests. The ultimate goal is to craft rules that facilitate the undeniable benefits of open banking while ensuring that consumer choice, data security, and privacy remain at the core of financial innovation. The decisions made during this period will have lasting implications for the future of FinTech and consumer empowerment in the digital age.