August 08, 2022

Trade Groups Petition CFPB to Adopt Larger Participant Rule for Data Aggregators

You've Reached Your
Free Article Limit This Month
Register for free to get unlimited access to all OnPractice content.
Register Now

Key Takeaways

  • The trade groups also petition the CFPB to define “aggregation service” as a “financial product or service.”

Eight national trade groups have filed a petition with the CFPB that urges the Bureau to engage in rulemaking to define larger participants in the market for data aggregation services.  The trade groups are the American Bankers Association, Consumer Bankers Association, Credit Union National Association, Housing Policy Counsel, Independent Community Bankers of America, National Association of Federally Insured Credit Unions, National Bankers Association, and Clearing House Association.  The petition has been docketed by the CFPB pursuant to the new procedure that the CFPB established in February 2022 for members of the public to submit petitions for rulemaking (including amendments to or repeals of existing rules). 

The trade groups assert that there is currently a "supervisory imbalance" among participants in the market for aggregation services, with large data holders such as banks and credit unions regularly supervised by the CFPB while non-depository entities such as data aggregators and data users are not examined by the CFPB.  They point out that "the current market largely relies on discrete and contractual relationships by data holders to maintain oversight and assess any potential risks to consumers by data aggregators and data uses, or requires data holders to implement other mitigation strategies for screen scraping activities."  According to the trade groups, the current situation creates "an unsustainable model as the aggregation services market grows."  They raise the potential for inconsistent enforcement of the laws applicable to data aggregators which, in turn, "raise[s] the prospect that potential consumer harm associated with the activities of data aggregators and data users will not be timely identified and remedied."  According to the trade associations, the CFPB's use of its risk-based supervisory authority to supervise data aggregators as companies that "pose risk" would be insufficient "to effectuate consistent and abiding supervision of all larger participants in the data aggregation market" because any entity that allegedly poses risk can challenge that order and the orders may be terminated after two years.

The CFPB is currently engaged in rulemaking to implement Section 1033 of the CFPA.  Section 1033 requires consumer financial services providers to give consumers access to certain financial information.  In October 2020, the CFPB issued an Advance Notice of Proposed Rulemaking (ANPR) in connection with the 1033 rulemaking.  In their petition, the trade groups assert that the CFPB "should ensure that data aggregators and data users that are larger participants in the aggregation services market—not just banks and credit unions—are examined for compliance with applicable federal consumer financial law, especially the requirements of the forthcoming 1033 rulemaking, including the substantive prohibitions on the release of confidential commercial information."  They also assert that the position they espouse was supported by "a broad and diverse collation of nonbank organizations (including data aggregators") that submitted comments in response to the ANPR.  The trade groups do not suggest a standard for the CFPB to use for determining whether a data aggregator qualifies as a "larger participant."

In addition to asking the CFPB to amend its larger participant rule to add a new section covering providers of data aggregation services, the trade groups also petition the CFPB to define "aggregation service" as a "financial product or service" for purposes of the CFPA.  They assert that the CFPB has authority to promulgate such a regulation and cite to various provisions of the CFPA as the source of such authority.

The trade associations indicate that their petition is filed pursuant to Section 553(e) of the Administrative Procedure Act (APA).  Section 553(e) provides that "[e]ach
agency shall give an interested person the right to petition for the issuance, amendment, or repeal of a rule," a denial of which must be justified by a statement of reasons pursuant to section 555(e) of the APA and can be appealed to the courts under sections 702 and 706 of the APA.  They also note that the APA requires that "[p]rompt notice … be given of the denial in whole or in part" of any petition under 5 U.S.C. § 553, and that any denial shall include a "brief statement of the grounds for denial."

ALM expressly disclaims any express or implied warranty regarding the OnPractice Content, including any implied warranty that the OnPractice Content is accurate, has been corrected or is otherwise free from errors.

More From Ballard Spahr

New York Restricts Automated Decision Making in Employment

By Timothy Dickens Ballard Spahr August 29 , 2022

Businesses operating in New York City should be aware of a local law addressing the use of automated employment screening and decision-making tools coming into effect on January 1, 2023.

Status Update: Federal Contractor Vaccine Mandate Injunction Narrowed

By Lila A. Sevener Ballard Spahr August 29 , 2022

On August 26, 2022, the United States Court of Appeals for the Eleventh Circuit narrowed the nationwide injunction of Executive Order 14042, which requires federal contractors and employees who work on or in connection with a covered federal contract, or share a workplace with another employee who works on or in connection with such contracts, to be fully vaccinated against COVID-19.

Unions Cannot Force OSHA to Issue Permanent COVID Standard

By Shannon D. Farmer Ballard Spahr August 26 , 2022

On August 26, 2022, the U.S. Court of Appeals for the District of Columbia Circuit turned back efforts by a group of unions seeking to force the Occupational Safety and Health Administration (OSHA) to quickly issue a permanent rule establishing protections for healthcare workers from COVID-19.

More From Consumer Protection

Deadline: 'Old' Standard Contractual Clauses (SCCs) Expire Dec. 27, 2022

By Dr. Viola Bensinger Greenberg Traurig December 02 , 2022

After an extended sunset period, time to replace the “old” SCCs runs out on Dec. 27, 2022. After that date, the old SCCs will no longer legalize data transfers to countries outside the European Economic Area (EEA).

UK ICO Updates Email Marketing Guidance and Enforces Against Direct Marketing Based on Purchase History Inferences

By Darren Abernethy Greenberg Traurig November 04 , 2022

On Oct. 18, 2022, the UK Information Commissioner’s Office (ICO) updated its “Guidance on Direct Marketing Using Electronic Mail,” providing refreshed FAQs regarding what constitutes electronic mail marketing, related rules and responsibilities, and miscellaneous clarifications to compliance questions such as “are tracking pixels covered by the electronic mail marketing rules?”

Controller A (EEA) → Processor Z (EEA) → Employee of Processor Z (Non-EEA) (on business trip)

By David A. Zetoony Greenberg Traurig November 03 , 2022

The following is part of Greenberg Traurig’s ongoing series analyzing cross-border data transfers in light of the new Standard Contractual Clauses approved by the European Commission in June 2021.

Featured Stories