Banks are voicing concerns that the CFPB’s plans for consumer data sharing with fintech upstarts failed to spell out how to spread liability in the event of fraud.
The Consumer Financial Protection Bureau issued an outline of a plan that would allow consumers to more easily share personal financial information with third-party fintechs, including data aggregators.
The “open banking” policy is aimed at easing consumers’ ability to switch banks and lenders, as well as link accounts with other service providers. Data aggregators, such as Plaid and MX, would work as a middleman that eases consumers’ process of switching banks by centrally keeping their data.
The agency’s outline, released Oct. 27, addresses data security, dispute resolution and other problems that could arise in banks’ sharing of sensitive information. But it falls short of disclosing the bureau’s thinking about who’s responsible if a data aggregator is hacked or a consumer is tricked into sharing data with fraudsters that loot accounts or commit identity theft.
“The outline is half a loaf,” Scott Talbott, senior vice president for government affairs at the Electronic Transactions Association. “By not including provisions addressing liability fraud, it creates uncertainty for consumer as well as industry participants.”
The CFPB may not yet have good answers for banks given the complexities of the issue, said David Stein, a former CFPB official.
“Drawing bright lines could be a…
