Consumer Financial Protection Bureau Releases Fintech Consumer Protection Principles

The principles were published in the spirit of promoting a fintech environment that encourages innovation, while protecting consumers’ access to their data and providing transparency and fairness to consumers. These principles were circulated to reinforce prioritizing consumer interests in the evolving fintech environment, particularly in light of the increasing utilization of consumer-authorized aggregation. This release follows a November 2016 request for information on market practices related to consumer access to financial information.

The principles signal that consumers should have control over their data and that they must have the ability to provide informed consent over the use of their data. The principles specify that informed consent means that terms must be written in accessible language and that the terms are so easily understood that consumers can easily revoke the authorization to handle or store their data.

The principles cement the notion that companies will be considered accountable for exposing consumers to risk or harm with respect to the use of their data. Under the principles, companies must implement strong data security practices in order to prevent harm resulting from unauthorized access to consumer data. Underscoring the Bureau’s focus on keeping data secure and accurate, the principles also include substantial language regarding providing consumers transparent access to their data. Likewise, the principles articulate that consumers must have a mechanism by which they may easily correct data inaccuracies.

Although the principles are non-binding, the CFPB states that it “stands ready to facilitate constructive efforts or to take other appropriate action to protect consumers,” providing insight into the Bureau’s stance should industry stakeholders fail to synchronize best practices on their own. These guidelines provide a predictive map of where regulators may substantively focus in the future.