WASHINGTON—The Independent Community Bankers of America (ICBA) is concerned about the impact the CFPB’s Personal Financial Data Rights Rule will have on consumer data—specifically fintech’s handling of bank customer information.
ICBA President and CEO Rebeca Romero Rainey, following the release of the CFPB’s 1033 final rule, noted the regulation includes an exemption that impacts many community banks.
“As advocated by ICBA, the CFPB’s rule on sharing consumer financial data exempts community banks under $850 million in assets — which are defined as small businesses by the Small Business Administration — from a provision requiring institutions to create and maintain a third-party developer interface. Nevertheless, the CFPB’s rule requires banks over $850 million in assets to bear all the costs of establishing and maintaining a ‘developer portal’ that third-party companies could use to access consumer data with consumer authorization,” Romero Rainey said.
Romero Rainey said that nonbank fintechs that access customer information and store bank login credentials may not take the same care in protecting consumer privacy and data that community banks do.
“ICBA continues calling on the CFPB to focus its implementation of Section 1033 on promoting data security at these third-party entities,” she said. “Otherwise, community banks will be faced with the impossible task of vetting the security protocols of potentially thousands of fintech companies seeking to access their customers’ data.”