Correcting the Record on Data Sharing

The American Bankers Association, Bank Policy Institute, America's Credit Unions, Consumer Bankers Association and the Independent Community Bankers of America issued the following statement in response to the falsehoods contained in a letter from a group of fintech and retail organizations regarding the CFPB’s Section 1033 rulemaking:

In a recent letter to the President, the Financial Technology Association and other trade associations made several misstatements that we address below to set the record straight.

1. The current 1033 rule was proposed by the Biden Administration, not the Trump Administration. The CFPB proposed the Section 1033 rule in October 2023, under former CFPB Director Chopra, a Biden appointee. The agency took its first steps towards a rulemaking under 1033 under former Director Richard Cordray, an Obama appointee, seeking input from the public in October 2016.
 
2. The Biden Administration’s 1033 rule puts sensitive consumer data at risk by requiring banks to share consumer data with fintechs and aggregators without establishing fundamental data security safeguards. Fintechs and aggregators that handle sensitive personal and financial data about bank customers must be required to adhere to the same rigorous standards and duties as banks and credit unions. BPI, the Kentucky Bankers Association and a community bank have challenged this Biden-era rule because it puts Americans’ most sensitive financial data at risk.
 
3. The current Trump Administration recognized the dangers to consumers that the Biden-era rule would present and wisely asked the court to vacate the rule. Bank trade groups and community banks challenged this rule because it exceeded the CFPB’s authority, lacked proper liability and security safeguards and barred banks from recovering necessary costs for building and maintaining the significant infrastructure necessary to securely share information with third party companies. These legal and practical concerns were confirmed when the Trump Administration’s CFPB concluded that the rule was “unlawful” and moved to vacate it.
 
4. Banks and credit unions employ robust data security practices to protect customer data, while many fintechs and data aggregators do not, which puts customer data at serious risk. Banks and credit unions meet stringent information security standards established by the federal banking regulators for how they collect, use and retain data. Regulators examine banks for compliance with these rigorous requirements. By contrast, fintechs and aggregators are not subject to stringent information security standards or to any regulatory oversight. These middlemen mine, extract and store data, often continuously and at high volumes, with the intent to keep and resell it. Without the guardrails regulated financial institutions employ, this practice would put reams of sensitive consumer data at risk of being stolen. Worse still, in many cases, surveys reveal that consumers do not realize how frequently their data is being accessed by those entities or that it can be stored indefinitely. The security of the data-sharing ecosystem depends on banks’ and credit unions’ strong safeguards
 
5. Banks and credit unions are currently and continuously sharing data with fintechs and data aggregators in the safest way possible and have invested heavily to build secure systems that allow the current data sharing ecosystem to thrive. A robust, competitive data-sharing environment already exists in the U.S., and it’s working. Consumers have more than 4,000 banks, 4,000 credit unions and thousands of fintech companies to choose from when it comes to managing their finances, saving for retirement, preparing their tax returns or making payments. The current data-sharing ecosystem grew out of heavy investment from banks and credit unions in developing systems and establishing partnerships with fintechs. Financial institutions have spent years building infrastructure that enables safe, API-based data sharing. Over 120 data aggregators currently connect financial data across providers. Plaid alone connects to more than 200 million bank accounts. Financial Data Exchange, a nonprofit created through a bank-fintech partnership, has built a secure API linking more than 114 million accounts. More than 120 data aggregators operate in the US today linking hundreds of millions of bank accounts across providers with fintechs.

6. Banks and credit unions do not charge their customers to access their data. Full stop. Banks and credit unions may charge businesses that are not their customers to access consumer data through secure systems banks have built at substantial cost. Large aggregators access these systems hundreds of millions of times per month, despite claims of being shut out by banks. Banks charge fees to ensure those businesses share in the cost of keeping consumers’ data safe and secure and for the increased liability risks banks and credit unions face from sharing that data with fintechs and aggregators that may use and retain the data without appropriate safeguards in place. Fintechs leverage this secure access to offer a variety of other products and services for which they are paid. Data aggregators themselves often charge fintechs and other clients for providing access to consumer data the aggregators obtain from the banks. Charging for this secure data access is standard commercial practice for almost every major company, including Amazon Web Services, Microsoft Azure, X (formerly known as Twitter), Google, and others.
 
7. Fintechs and data aggregators are profiting from access and re-use of consumers’ sensitive data. Aggregators profit from obtaining data from banks, saving that data into their own systems and selling access to fintech developers building financial applications. Fintechs then offer a variety of other products and services that rely on consumers’ financial data for which they too are paid. Without the ability to obtain consumer data securely, aggregators’ and fintechs’ business models would be significantly undermined.
###
 
Media Contacts:

Sarah Grano
American Bankers Associations
[email protected]

Tara Payne
Bank Policy Institute
[email protected]

Weston Loyd
Consumer Bankers Association
[email protected]

Paloma Perez Christie
America's Credit Unions
[email protected]

Nicole Swann
Independent Community Bankers of America
[email protected]