Beyond the CFPB Principles: What’s to Come in Consumer Data Sharing


On October 18, the Consumer Financial Protection Bureau (CFPB) issued a set of principles on consumer-authorized data sharing and aggregation intended to safeguard consumer interest as the data sharing market continues to develop in the US.

As a financial data company providing account aggregation, we find ourselves at the heart of the debate over access to consumer financial data. That’s why we we’re pleased to see the CFPB echo many of the same principles that we hold dear. Specifically, the CFPB made clear that consumer best interest should steer stakeholder decision-making and that consumers have the right to improve their financial lives by authorizing access to their data by third-party innovators.

The CFPB also acknowledged the crucial role that data sharing plays in fueling Fintech innovation and ultimately fostering competition in financial markets. The principles underscored the importance of protecting consumer privacy by requiring that consumers are made fully aware of who is accessing their data and for what purpose.

Unlike the CFPB’s “class action rule” that banned companies from forcing customers into arbitration, which was recently overturned in a contentious vote on Capitol Hill, the bureau’s data sharing principles are neither binding nor obligatory. The principles simply provide clarity and a regulatory position on some of the key issues in the consumer data sharing debate.

While the consumer data sharing debate has hitherto been waged between the third-party innovators and incumbent financial institutions, financial advisors who use account aggregation to gain insight into their clients’ held-away accounts have a vested interest as well. Advisors should keep their fingers on the pulse of the regulatory environment around data sharing and aggregation because it directly affects their ability to provide comprehensive financial planning and build deeper relationships with their clients.

As events such as the Equifax breach cause consumers to become increasingly concerned about the sensitivity of their data, we expect more regulation around data sharing as more concrete measures protecting consumers and their data to come out of Washington.

Requiring Opt-in Data Sharing for CRAs

The Equifax breach differs from many of the notable data breaches that have occurred in recent memory (think Home Depot, Sony, Target) in that in the case of Equifax, consumers had sensitive data stolen that they did not provide directly to the breached organization. They did not opt in or explicitly approve to share their data, which was subsequently breached. Rather, it was largely provided to Equifax by creditors such as credit card and mortgage providers, just as is done with the other two credit reporting agencies (CRAs), Experian and TransUnion.

Out of the Equifax breach, I expect sweeping legislation around opt-in versus opt-out data access. Establishing an opt-in system in which consumers must give explicit consent to firms, on a case by case basis, in order for them to access sensitive financial and personal identity data is a logical next step. This opt-in policy would be an easy win for Congress in the wake of the Equifax breach and would align with the CFPB’s principles. However, an opt-in system would have considerable implications for the CRAs and FICO credit scoring, which rely on opt-out data access. Can we expect the public to widely opt-in to share its data with the CRAs that have done little to make friends among consumers? Forward-thinking creditors, armed with alternative data and nimble technology platforms, would be able to adapt to a world without CRAs and FICO. 

A “Schumer Box” for Data

In 1988 Congress passed legislation requiring that credit card costs and fees be clearly displayed in a summary box at the top of credit card agreements, preventing companies from hiding items such as annual fees, APR, and grace periods deep within the fine print. These so-called “Schumer Boxes,” named after then NY congressman and now US senator Chuck Schumer, are still used today and have been replicated in other countries. The logic: Consumers deserve transparency and should not be taken advantage of with sleights of hand.

This type of transparency could be forthcoming when dealing with consumer financial data as well. Requiring an above-the-fold table that clearly indicates the terms of use, such as access frequency, data scope, and retention period for the data being collected and shared would provide improved transparency and accountability, helping to ensure that the CFPB principles are followed. For example, to adhere to the CFPB’s “Access Transparency” principle, data aggregators that choose to sell consumer data sets to hedge funds would need to explicitly note this in the “Schumer box” so that consumers can easily ascertain where their data is being shared.   

The Way Forward

Consumer financial data is the fuel behind the innovation in fintech that is enabling millions of people to build better financial futures. It is critical that consumer data continues to be available to fintech platforms and financial institutions so they can keep building new technologies and provide better user experiences. However, a transparent and secure data sharing ecosystem in which the consumer is in control of their data must be cultivated through stakeholder collaboration and, where necessary, consumer-friendly regulation.

Gone should be the days of sensitive data being used without the knowledge or consent of the very people who have so much to lose and gain from it: the consumer.

[clickToTweet tweet=”Gone should be the days of sensitive data being used without the knowledge or consent of the consumer #Fintech” quote=”Gone should be the days of sensitive data being used without the knowledge or consent of the consumer #Fintech”]


Lowell Putnam is co-founder and CEO at Quovo , a data platform providing connectivity for millions of financial accounts, reflecting over $1 trillion. Today, hundreds of institutions, thousands of advisors, and millions of end-users rely on Quovo’s technology for account aggregation, bank authentication, and ongoing insights to build better financial futures. Prior to founding Quovo, Lowell worked in the Investment Banking Division of Lehman Brothers/Barclays Capital. He lives in New York City with his family.






Sponsored Links by DQ Promote


Send this to a friend