The Consumer Financial Protection Bureau (CFPB) is paying closer attention than ever to how consumer data is being used and stored by mortgage lenders and other types of financial institutions. The bureau’s rule implementing Sec. 1033 of the Dodd-Frank Act was created to provide guidelines on what is necessary to ensure companies are taking proper steps to protect consumers’ private data.
JPMorgan Chase Executive Director and Assistant General Counsel Bill Sager and Mayer Brown Associate Kelly Truesdale took part in a webinar, titled “Getting Frank about Data Privacy,” presented by October Research, during which they broke down what this rule could mean for the financial industry and how companies can manage consumer data in a compliant way to align with its provisions and with other rules as well.
The goal of the rule is to increase the availability of data for cash flow underwriting for a variety of lending products and to increase consumer credit availability. It also means increased consumer protection with respect to people’s personal information.
“Consumer protection is very much a core component of the rule,” Truesdale said during the webinar. “It’s probably No. 1 on the list, beyond increasing access to data, within the rule.”
Providing strong protections for consumers when sharing sensitive financial data with prospective lenders is a central component of the rule. It is important for companies and third parties to know the expectations about how collected data will be used.
When regulators refer to “data sharing” in the context of the rule, it can be helpful to specify what types of data are covered.
The “Industry Standards” section in the rule is divided into seven sections addressing various data privacy risks, including those associated with screen scraping and credential-based log-in credentials. Many in the industry have said it does not go far enough to address concerns about some of these elements.
“There’s always going to be tension between a third party that’s using screen-scraping in the financial institution because every mechanism that a financial institution would use to try and block screen-scraping is only going to incentivize the third parties to develop a system that looks more like a customer,” Sager said.
Financial industry leaders have said there needs to be an industry-led standard-setting body to promote interoperability and address technical details about the technical details involved in data sharing. Since this webinar was released, the CFPB has requested interested organizations submit applications to be designated to create a set of standards for data privacy protections for the industry to follow.
Both professionals provided an overview of these areas and much more in this recording, which is available on the Dodd Frank Update website here.