WASHINGTON — The Consumer Financial Protection Bureau is launching an inquiry into consumer access to financial information that is part of an ongoing dispute between banks and fintech companies about the sharing and control of consumer records.
The agency released a 20-page proposal on Thursday seeking public comment on the issue while it holds a field hearing in Salt Lake City about the challenges consumers face in accessing and securely sharing their financial records.
The CFPB often uses field hearings to release rulemakings, but the proposal stated that public comments will be used "to evaluate whether any guidance or other action by the bureau is called for, including future rulemaking."
The inquiry is focused on consumer choice, security and control, including whether some institutions make it difficult to access financial records, and what information consumers are given about how their records are used.
"Consumers should be able to use their financial records and account information and securely share access in an electronic format," CFPB Director Richard Cordray said in prepared remarks. "Technology provides opportunities to use these records to create new consumer tools that help improve financial lives. To realize that potential, we are launching a public inquiry into how much control consumers have over their records and how easy and secure it is for them to share their records with third parties."
Cordray first warned banks in October not to limit access to financial data by third parties working on behalf of the customer — comments that elated fintech firms which rely on aggregating data to offer financial advice and other services.
One reason the CFPB has inserted itself into the issue is that banks and fintech companies do not necessarily have the same views about consumer protection.
Several executives at top banks have expressed concerns about whether financial management sites were protecting consumer data. Mint.com, TurboTax and Yodlee are among the data aggregators that use bank account information provided by customers to pull financial data from bank websites.
But Jamie Dimon, the chairman and CEO of JPMorgan Chase, told shareholders in the bank's annual letter in April that protecting consumer data was a top priority – particularly when it comes to giving third parties access to that data.
The CFPB's inquiry said that "such access may also present risks to market participants, including consumers."
The bureau said it will determine whether data aggregators "retain more consumer information than is necessary for the specific product or service being provided, as well as the extent to which—and terms under which—they may use the data for purposes other than providing the requested product and service and may make data available to other entities."
The bureau also said it is looking at whether market participants such as banks "may decide to restrict consumer-permissioned access to data in ways that undermine consumer interests … and that are broader than necessary to address legitimate privacy and security concerns."
Additionally, companies have raised concerns about the application of the Fair Credit Reporting Act and the potential liability for unauthorized transactions from a data breach.
The CFPB provided a list of 20 questions to learn more about the extent to which consumers use products and services by third-party data aggregators. The questions range from what types of financial account data is being accessed to how long it is stored and under what terms.
The bureau also asked whether consumer financial account provides directly or indirectly facilitate or restrict access to data and the impact on consumers.
Last year, Bank of America, JPMorgan and Wells Fargo were accused of blocking third parties' access to their customers' account information.
The Dodd-Frank Act provides for consumer rights to access information relating to any transaction on a consumer account. The information also has to be made available to a consumer in electronic form.