On February 26, 2020, the Consumer Financial Protection Bureau hosted a symposium titled “Consumer Access to Financial Records.”  Video of the Symposium is available here.  The agenda included discussion among panelists from large financial institutions, fintechs, consumer groups, policy centers, and the CFPB.  Director Kathleen L. Kraninger also delivered brief opening remarks describing the history of regulation of financial data access.

Much of the symposium’s discussion focused on Section 1033 of the Dodd-Frank Act, which governs consumers’ rights to access their financial data.  While the CFPB has the authority to issue rules interpreting Section 1033, it has not done so (although it has issued non-binding “Consumer Protection Principles” on financial data sharing and aggregation).

Panel discussion also focused on Regulation E, which implements the Electronic Fund Transfer Act.  Panelists described how these laws intersect with other consumer laws that govern access to and sharing of data, including the Fair Credit Reporting Act.  Some panelists called on the Bureau to clarify and modernize current law through interpretive guidance of Regulation E or additional rulemakings.  Panelists also discussed the implications of the EU’s General Data Protection Regulation and the California Consumer Privacy Act for consumer financial data access.

There was robust discussion surrounding the practice of screen scraping.  Screen scraping is a process by which data aggregators extract consumer financial data from financial institution websites using an automated data collection system and consumer login credentials provided by the consumer.  Critics of screen scraping noted the data privacy and data security concerns it creates, as well as the unsettled liability standards surrounding the practice.  At the symposium, panelists discussed the need to balance the convenience and cost savings that screen scraping can deliver with its attendant data risks and potential for inaccurate reporting.

This event was the latest in a series of CFPB-sponsored symposia in the past year aimed at informing the Bureau’s policymaking efforts.  The CFPB has stated that it may look to the discussion that the symposia generate to shape future rulemakings and interpretive guidance.  Previous symposia topics include Dodd-Frank’s “abusive acts or practices” standard, behavioral economics, and small business data collection under Dodd-Frank Section 1071.  Approximately six months after the symposium on the “abusive acts or practices” standard, the CFPB issued a policy statement explaining its interpretation of the standard in supervision and enforcement matters.  This symposium could signal that the CFPB is contemplating regulatory action on consumer access to financial data under Section 1033 sometime soon.