House Financial Services Committee Democrats and Republicans
have found initial common ground on the need for stronger protections for
consumer financial data used by third-party companies that share the data
across bank accounts, payment apps and other services.
Lawmakers at a Financial Technology Task Force hearing on
Sept. 21 questioned whether consumers understand the degree of access they hand
over to third-party data aggregators and whether stronger protections are
needed. The intermediaries make payment apps such as Venmo and other fintech
tools possible by sharing a consumer’s banking data with the apps.
Financial Services Chairwoman Maxine Waters, D-Calif., said
she will work closely with the Consumer Financial Protection Bureau as it works
to issue regulations on financial data. However, Congress should act on the
issue, she said. The Senate confirmed Rohit Chopra on Sept. 30 to be the new
director of the CFPB.
“I think this is something that maybe we should have done a
long time ago,” Waters said in an interview after the hearing. “I want our
public policy to be a lot tighter than just always turning it over to someone
else to interpret and then to implement it. I want us to get more into the
details.”
She added that there’s a possibility to work with committee
Republicans on legislation to protect consumers’ control over their financial
data.
“It seems as if I’m agreeing with Luetkemeyer for the first
time since we have served on this committee together,” Waters said during the
hearing, referring to Missouri Republican Rep. Blaine Luetkemeyer, who criticized
a practice called “screen scraping.”
The practice allows data aggregators authorized by the
consumer to use the username and password to extract data from those accounts
and to share the information gleaned with other parties. The aggregators can
access those accounts without a relationship with the company housing that
information.
“Whenever I discuss screen scraping with my constituents and
explain to them what it is, they are aghast,” Luetkemeyer said. “I’m telling
you, people don’t believe it’s OK. And, therefore, we need to take a different
perspective on this and say, ‘Whoa, OK.’ The first way you protect people’s
privacy and their information is to be honest with them.”
Better disclosure that makes clear to consumers what kind of
access they’re allowing is needed, he said.
Tom Carpenter, director of public affairs at Financial Data
Exchange, a nonprofit group setting industry-led standards for sharing
financial data, said it’s not so simple. The organization is pushing the
industry to shift from screen scraping to tools that allow financial firms to
share data with each other directly, Carpenter said.
The industry is “rapidly moving” away from screen scraping,
he said. “It’s just a matter of, it does take time. You can’t flip that switch
overnight and cut off access to consumer data sharing.”
‘When is consent meaningful?’
Rep. Stephen F. Lynch, D-Mass., chairman of the Financial
Technology Task Force, said screen scraping is just one part of consumer data
privacy that Congress should address.
“Another piece here is consent. When is consent meaningful?”
Lynch said in an interview after the hearing.
“If you’ve got a 60-page terms of service agreement that no
one’s going to read, and then you can go without access and not get access to
the service, or you can click ‘I Agree,’ those are your choices,” he said. “The
power is all with the provider, so we’ve got to hold their feet to the fire as
well. They cannot demand that the consumer yield all of their rights in order
to get access to that application.”
Regulators are looking at the problem too.
The CFPB is working on a new regulation to clarify standards
around consumer-authorized access to financial data. The bureau last year asked
the public for input on developing regulations to implement Section 1033 of the
2010 Dodd-Frank Act, which provides consumers the right to access financial
records.
It said there may be benefits from authorizing third parties
to access data on their behalf and allowing those parties to deliver new
personal financial management services, payments, improved retirement savings
outcomes and access to credit.
“While consumer access to financial records can enable the
development of innovative and beneficial consumer financial products, it can
also present consumer risks,” the CFPB said. The rule-making outreach seeks
information on costs and benefits of consumer data access, competitive
incentives, standard-setting, access scope, consumer control and privacy, and
data security and accuracy.
Raul Carillo, an associate research scholar at Yale Law
School who testified at the Financial Services Task Force hearing, said a
consumer payment made with a mobile money account today typically involves a
merchant, bank, payments processor, mobile device maker, internet service
provider and app provider.
“Additionally, roughly 50 percent of U.S. consumers and 95
percent of U.S. deposit accounts are estimated to have signed up for financial
apps that frequently rely on unregulated or under-regulated data aggregators,”
Carillo said.
Carillo previously worked as an attorney for low-income
consumers in New York City and as special counsel to the enforcement director
of the CFPB.
He said rules and laws governing consumer rights to their
data can be meaningful only with a broader policy that minimizes data
collection and inappropriate usage “as a first-order principle.”
That kind of policy could run counter to some who’ve
advocated for broad adoption of fintech as an economic driver and a way to move
“underbanked” people into the financial system.
Carpenter advocated for technical standards that allow
consumers to connect a wide array of apps and services to their financial
accounts to be developed by the financial industry, rather than through a
regulatory process.
“For a host of reasons … we believe the industry is best
suited to maintain and continually adapt standards to the needs of the market
and consumer demand,” he said.
That drew a rebuke from Rep. Ritchie Torres, D-N.Y., who
said big banks “are not disinterested arbiters of what is best for consumers.
The banks do have a vested interest in maintaining their oligopoly on consumer
information.”
Click here for the
original article.