1/ Am listening to the CFPB's consumer advisory committee meeting discussion on the Section 1033 consumer info sharing rule making and current market trends. Some notes and thoughts here.
2/ All the long-time Bureau folks seem to be here. Will Wade-Grey presented. Gary Stein is talking now. David Erich, an operator/founder/thought leader on the advisory committee is dialed in. 36 panelists in total. Other attendees listening in are hidden.
3/ For context, Section 1033 of the Dodd Frank Act lets the CFPB write rules to create an open banking regime. There's an open comment period right now. I plan on doing a deep dive in the next week or so and will likely write a comment letter in my capacity as a private citizen.
4/ Gary Stein runs through some feedback from "stakeholders" -- this is a term DC folks use to describe people that have lots of opinions but ultimately aren't going to be customers of or benefit from the industry changes wrought by the rule.
5/ "Stakeholders" have raised concerns about data security - can't let all this consumer data get into anyone's hand. This feels like banks and the bank trade groups using the specter of data breaches to slow and limit FinTech (and by extension the consumer) access to data.
6/ Gary mentions other "stakeholders" are concerned about data privacy issues. This feels like the consumer advocacy groups. These are a bunch of upper middle class lawyers and lobbyists that mean well, but generally think all consumers need bubble wrapping and playpens.
7/ Other things they've heard relate to Reg E error resolution concerns. Interesting because it feels like banks/consumer groups acknowledging that final regs should allow more than just read data access. Data layer can also drive payments functions (with appropriate protections)
8/ Zach Wong from the Bureau talking about the ANPR -- deadline is February 4th, 2021 so folks don't have to ruin their holidays (why? we're all staying home anyway, right?)
(slight joke - I appreciate the extra time)
(slight joke - I appreciate the extra time)
9/ Valerie Quiett - CLO for mechanics and farmers bank in North Carolina gets to provide feedback first. Banks success is attributable to customer trust. Valerie starts talking about data security being top of mind. I wonder if she's been coached by the bank trades to say this.
10/ Valerie - wondering how community banks are supposed to compete on bilateral contracts to participate in new products enabled by Section 1033 data rule making. FinTechs working in this space, make sure you reach out to her bank.
11/ Valerie ends by talking about importance of disclosures. Very important consumers know what they're sharing.
12/ Monica Davis from (QUAC?) goes next. "Important we provide clear and consistent use for access to the data." Says consumers don't understand that primary access to data is purpose driven. Consumers need "transparent view" across the board to understand how data is used.
13/ Monica says need safeguards. Consumers currently think breaches at Equifax mean something wrong with the bank. Sounds like small FIs get punished in CX volume when big fish get into trouble.
14/ Monica echoes Valerie's comments about transparency and understanding. View from first two speakers is consumers aren't savvy enough to understand what they're granting access to. "Important for consumer to know who they are granting access to data . . ."
15/ Monica ends with an ask about making sure data security standards are consistent.
16/ Mae Grote goes next - thanks Mae for saying the full name of your org "The Change Machine" -- CFPB moderators just whizzing through so hard to get.
17/ Mae has longer wind up, pitching narrative. First point is to apply FCRA protections to persons touching 1033 data! Yikes!
18/ Very interesting take here -- the FCRA was passed in 1970 and updated a few different times (most recently a few decades ago). FCRA says that if your data is used for eligibility purposes -- should consumer X get product Y -- you owe a duty of accuracy to the data.
19/ There's also a host of other operational requirements stemming out of that - making sure people have a permissible purpose, managing consumer disputes and fixing data files when they're wrong . . .
20/ There's an interesting carveout where companies that use their own "transaction and experience" data with the consumer for eligibility purposes aren't CRAs.
21/ Some tension in Mae's ask to make companies touching 1033 data (and furnishing it) subject to the FCRA and the FCRA carveout for T&E data. Hence my yikes! Hope the CFPB doesn't go down that rabbit hole (maybe that'll be my comment)
22/ John Buhrmaster - from a bank in Upstate NY - speaking now says screen scraping is rampant and "like the wild Wild West." FinTechs are training customers to break bank security practices - bank urges folks not to give out their user name and password.
23/ Screen scraping is "scary." John wants a safe harbor. Says there should be APIs. Unclear who should be making the APIs. Is it Jack Henry and the CUSOs providing the tech stack to these tiny banks?
24/ John says bank's "primary job is to secure people's data." Once its broken into, you can't get it back. If we're giving the data up, we need to verify the customer and verify where its going. Great applications, make it happen, but fair and balanced.
25/ Leigh Phillips CEO fo Saverlife (Sp?) - wants to pivot back to small business lending (previous presentation) then touch on 1033.
26/ Leigh says there's infrastructure issues leading to issues of equity. Now talking about Saverlife. Helps 500,000 US clients establish rainy day funds (she used better framing, but I forgot it). They publish insights. saverlife.org
27/ Definitely prepared remarks (but very well prepared, kudos to them).
28/ When FIs cut off, disrupt, etc . . . data, they cause meaningful impacts to customers like those using Saverlife.
29/ "Significant issues of equity and access" particularly with smaller FIs. They provide vital services to underserved consumers, but data aggregators don't reach them. Seems to be blaming . . . oh, let's say MX or Finicity . . . instead of the Jack Henry's and CUSOs.
30/ Leigh says must ensure long tail of FIs can access services that are powered by 1033 rule making. Otherwise, it gives large banks another customer acquisition tool. Also risks creating two-tiered financial system where those at smaller FIs become digitally undeserved.
31/ Shane Hanes - President and CEO of Tai-state Bank in Elkhart Kansas. Go Jayhawks! He says upfront he's going to echo John's comments about data security.
32/ Shane says customers and banks agree they want access to these tools that use their data. Says FIs have made good progress from screen scraping to more secure methods.
33/ Request to CFPB is to provide reliability and clarity over the persons who participate in the rule. (this seems fair - I like Shane's ask). Wants to know who's going to supervise the FinTechs.
34/ Quick detour here -- the CFPB has statutory authority to define in new companies like data aggregators into its supervisory authority. It did this a few years ago with PayPal, Western Union and MoneyGram with a "larger participant rule making" on cross border P2P providers.
35/ One logical thing is to have the CPFB make a rule making about larger participants in the 1033 data access space. IMO, it also may make sense to set a bar (via the 1033 rule) about minimum standards to access bank standards. Like having a SOC 2 audit.
36/ Back to the meeting -- Brian Holst speaking -- GC from Elevations Credit Union in Boulder, CO. Prepared remarks, like most of the others.
37/ Brian is the first to mention CCPA and headaches/confusion that caused. He wins the jargon award - GDPR, CCPA, a few others. Seems to be asking CFPB to make sure needs to follow rule aren't too costly. It's a solid ask.
38/ Brian also wants them to consider 1033 rule making in light of other privacy laws and regimes. Also a fair ask.
39/ Eric Kaplan -- repping the Milken Institute up next.
40/ Eric's first request is similar to last speaker's - CFPB, please consider the cost to implement the technology needed to participate under the 1033 rule.
41/ Eric heralds a pivotal moment in the future. If tech and consumer issues get ironed out, there will be a day where industry is forced to adopt this.
42/ Eric applauds the CFPB's innovation office, those of us in the industry for working to make a landscape where tech can work those issues out and get to that eventual, pivotal day.
43/ Kristina Schaefer from First Bank and Trust in SD. Is this the FinTech bank?
44/ Talking about data security concerns, access to FinTech for smaller banks. Worries about who is going to make customer whole when resolving 1033 issues.
45/ Side comment to all these people raising the security breach boogey man - the EU has had open banking for 1 full year. Seems to be going well there? If I'm pro 1033 and want to fight some of this off, that's what I'm pointing to in my comment letter.
46/ David Erich - FinTech operator and regulatory guru speaking now. "We've heard very interesting statements of. . . . fact on this call so far."
47/ David reminds folks that data is the new oil. But should we be saying this when oil prices are rock bottom and producers are reeling? Also does that mean AOC will outlaw data as part of the GND?
48/ I'm pro GND, btw. That last part of the previous tweet was a joke. But boy, I'll miss hamburgers . . .
49/ No clear asks from David yet. Seems to be highlighting how our entire consumer financial system is built on outdated technology.
50/ Here's the ask to the CFPB - "What role do you want play in this new landscape."
Fintechs navigating around some of the largest corp structures in the world. It's not a level playing field.
Fintechs navigating around some of the largest corp structures in the world. It's not a level playing field.
51/ Do you -- CFPB -- want to define the kinds of guardrails around how consumers can access their data. David seems to be nudging them to think about antitrust/market issues, which IMO are a good thing even if not explicitly part of the CFPB's mission.
52/ David giving good operational nuggets about how some data sources use bilateral agreements to limit uses of data. Also raising questions about supervision for those that access data. And liability.
53/ I like David and his operator/founder knowledge is shining through. Mentions the need to address liability and starts highlighting ways those issues can be addressed. Hints at insurance requirements, shifting of risk via rules. Makes me think of network chargeback rules.
54/ Gary Stein asked to give closing remarks. Gary thanks everyone for the insightful comments. Says 1033 rules can impact every other consumer market (acknowledging potential ripple effects).
55/ Gary says "we really need to hear from all segments of the market on this ANPR . . . small institutions . . . consumer advocates . . . not just large banks and large aggregators."
56/ Interestingly, this sets up world where final rule will require disclosures, error resolution regimes -- things that take money and operational chops. Probably the right things to include, but creates a moat for existing and large players.
57/ Gary Stein welcomes folks to contact the CFPB. Here's their info for folks who want to check in with them on this topic. 
• • •
Missing some Tweet in this thread? You can try to
force a refresh
