President Biden Issues Executive Order Encouraging CFPB to Act on Data Access 1033 and UDAAP | Arent Renard
On July 9, 2021, President Biden signed an Executive Order (EO) important to the consumer financial services industry. The IB encourages the Director of the Consumer Financial Protection Bureau (CFPB or Bureau) to begin making rules under Section 1033 of the Dodd-Frank Act, which governs the rights of access to financial data for customers of FinTechs or banks. The US policy behind this mandate is consistent with the drive to encourage open banking standards, albeit in a more piecemeal fashion than has already been done in the UK. Nevertheless, it is important for companies to understand that the various concerns of the CFPB in matters of confidentiality and data control are now also at the heart of the administration.
Secondly, the OE also encourages the CFPB continue to enforce the law of Section 1031 of the Dodd-Frank Act, which prohibits Unfair, Deceptive, or Abusive Acts and Practices (UDAAP) and can sometimes be controversial in a given case. This Biden demand is also substantially in line with the administration’s overriding objectives: Conceptually, Biden’s federal policy is that all businesses deserve a full and fair chance of obtaining the highest fruits of capitalism – but this cannot be done if some companies flout regulations to the detriment of other companies that comply. During the publication of the OE, Biden noted in public statements that “capitalism without competition is exploitation” and that “true capitalism depends on fair and open competition”. Never before has a White House, as the Biden administration has done here, put UDAAP’s concerns at the forefront in terms of the work the CFPB needs to do to advance White House goals in matters of fair competition and banking openness.
What is also remarkable is the context in which this OE arises. Tangibly, however, the CFPB was already working to study the voluminous letters of comment that the public had submitted in response to the CFPB’s Section 1033 solicitation. The proposed regulations are the first of their kind and aims to fill a void in the patchwork of federal and state privacy regulations created by technological innovation.
CFPB’s existing work on 1033 builds on what former director Kathleen Kraninger said during the Trump administration. She highlighted how regulation should be enacted, in the face of a myriad of innovations, albeit beneficial to consumers, to ensure that consumers can control their own data while using new technologies. As a result, Regulation 1033 has always had the potential to affect a multitude of products and services, including payments, lead generators, peer-to-peer lending, e-commerce, crypto trading, improvement of credit rating, financial management and other types of financial document transfers. To add to the existing complexity, the CFPB is also able to hold technology companies accountable (as service providers to financial service companies) for breaches of consumer privacy rules such as those contemplated by the CFPB’s solicitation.
For convenience, we have condensed the 45 questions in CFPB Solicitation 1033 into eight key topic categories, which we have already talked about here.
As we noted in November 2020, although it is not explicitly stated in the solicitation, the CFPB may evaluate the comments solicited to help determine whether and how to define a UDAAP (Sections 1031 and 1036 of the Dodd-Frank Act ) with regard to access to consumer data. , building on decades of Federal Trade Commission precedent. The questions posed in the CFPB publication set out a practical plan for doing this.
Now, with the executive order, the Biden administration has just put rocket fuel on an existing imperative for financial regulation of consumers and tech companies.