The Consumer Financial Protection Bureau (CFPB) announced on Friday, July 26, that it will propose new rules on how third parties can access consumer financial records later this year. At issue is whether banks, fintechs and data aggregators are acting in consumers’ interests when consumer data is accessed. Stakeholders will be able to comment on the proposed rules.

Why should we care?
The parameters around how third-party fintechs can access consumer data is a hotly debated subject among banks, aggregators and fintechs. Any future rules imposed by regulators could have an impact on the capacity of third-party fintechs to build new use cases on top of consumer data. There is broad agreement that consumer consent is required for data access, and that the practice of credential sharing, including "screen scraping," should be phased out. Where market participants disagree is on implementation, and the extent to which guardrails should be imposed on data access. In a CFPB forum in February, banks expressed concern about data security; meanwhile, fintechs and aggregators said they wanted to ensure consumer choice, and continued possibilities for technological innovations that are built upon consumer-permissioned access to data.