In November 2016, the CFPB issued a request for information about market practices related to consumer access to financial information. The RFI contained a series of questions about current market practice related to “consumer-permissioned access,” a term used by the CFPB to refer to consumer access to consumer financial account and account-related information, whether directly or through a third-party acting with the consumer’s permission. The deadline for submitting comments in response to the RFI was February 21, 2017.
On May 2, 2017, eight House members sent a letter to Director Cordray in which they urged the CFPB to encourage the development “of more safe and secure means for consumers to access their personal financial information.” In particular, the lawmakers pointed to “the use of an application programming interface (API)” as an example of a more secure technology. They expressed hope that any action the CFPB takes in response to the RFI facilitates market movement toward more use of API technology.
The House members also referenced media reports that “some companies may resell anonymized consumer data to third parties such as hedge funds and that in some cases consumers can be re-identified through the use of other publicly available data sets.” They called these reports “troubling,” particularly because “many consumers are unaware that their sensitive financial information is being used in this way.” The lawmakers urged the CFPB to “encourage more transparency around how consumer data is used by third parties and give consumers the power to limit the use of their data.”