Industries

Helping clients meet their business challenges begins with an in-depth understanding of the industries in which they work. That’s why KPMG LLP established its industry-driven structure. In fact, KPMG LLP was the first of the Big Four firms to organize itself along the same industry lines as clients.

How We Work

We bring together passionate problem-solvers, innovative technologies, and full-service capabilities to create opportunity with every insight.

Learn more

Careers & Culture

What is culture? Culture is how we do things around here. It is the combination of a predominant mindset, actions (both big and small) that we all commit to every day, and the underlying processes, programs and systems supporting how work gets done.

Learn more

CFPB Proposals for Section 1033, Personal Financial Data Rights

Outline of proposals to implement section 1033 of the Dodd-Frank Act

October 2022

KPMG Insight: Amidst heightened regulatory attention on data – including its collection and use alongside consumer privacy and data security concerns – the CFPB has released its long-anticipated outline of proposals to implement section 1033 of the Dodd-Frank Act, which provides consumers with more choices and direction over their own financial data. The Bureau considers this a step toward “open banking” in the United States, adding that the plan to start with transaction accounts, such as deposit accounts and credit cards, is a point “where industry infrastructure for consumer-authorized financial data sharing has already begun to take shape.”  Financial institutions and credit issuers subject to the Bureau’s future rulemaking on financial data rights and should anticipate increased supervisory activities relating to collection, use, and retention of consumer information as well as heightened consumer awareness of and attention to policies and practices impacting their personal financial data. 

The Consumer Financial Protection Bureau (CFPB) released an outline of proposals and alternatives under consideration for a rulemaking to implement  section 1033 of the Dodd-Frank Act, which provides consumers rights to access their own financial data. The outline is provided for review to a panel of small entities (e.g., banks, financial companies, data aggregators) likely to be directly affected by the regulations, if finalized. CFPB expects to release a notice of proposed rulemaking incorporating comments received from this panel as well as other interested parties in the first quarter of 2023. Public comments on the outline may be provided to the CFPB through January 25, 2023.   

The CFPB is considering proposing applicable rules in the following areas:

Data providers subject to the proposals under consideration. If finalized, the CFPB’s proposed rules would apply to Regulation E financial institutions (including non-depository and depository financial institutions that provide consumer funds holding accounts) and Regulation Z card issuers—together “covered data providers”. Such entities would be required to make available to consumers (or authorized third parties) data that relates to asset accounts (e.g., deposit accounts and other transaction accounts) and credit card accounts. The CFPB intends on covering more products over time under section 1033.

Recipients of information. Under the CFPB’s proposal, covered data providers will be obligated to make information directly available to consumers and authorized third parties that request account data. According to the CFPB, it is not considering any proposal that would affect current requirements of covered data providers under consumer financial laws such as the Electronic Fund Transfer Act (EFTA), the Truth in Savings Act (TISA), and the Truth in Lending Act (TILA).

Types of information made available by a covered data provider. Pursuant to section 1033(a) of the Dodd-Frank Act, the CFPB is considering requiring data providers to make available information that is in their possession concerning consumer financial products or services that were obtained from the data provider. Categories of information that may be required with respect to covered accounts include:

  • Periodic statement information for settled transactions and deposits (e.g., transfer amount, date, location, and fees charged)
  • Information regarding prior transactions and deposits that have not yet settled
  • Prior transaction information not typically shown on periodic statements or online financial account portals
  • Online banking transactions that have been set up by the consumer but have not yet occurred
  • Account identity information (e.g., name, age, race, veteran status, social security number)
  • Other account information such as consumer reports from consumer reporting agencies, fees assessed by the covered data provider, and information about security breaches that exposed a consumer’s identity or financial information.

Availability of information. Covered data providers may be required by the CFPB to make information available in response to requests for direct access through online financial account management portals. Furthermore, data providers will be required to make information available to authorized third parties requesting information on behalf of a consumer.

Third party obligations regarding collection, use, and retention of consumer information. Under the CFPB’s considerations, third parties acting on behalf of an individual consumer and accessing consumer information would be subject to requirements including:

  • Providing “authorization disclosures” that:
    • Inform consumers of key terms of access (including general categories of information to be accessed, identity of the covered data provider, accounts to be accessed, terms related to duration and frequency of access, and how to revoke access)
    • Solicit and obtain consumers’ consent to the terms of access
  • Issuing consumers with a certification statement on adherence to certain obligations regarding collection, use, and retention of the consumer’s information
  • Limiting collection, use, and retention of consumer-authorized information to what is reasonably necessary to provide a product or service
  • Providing consumers with a simple means to revoke authorization
  • Implementing data security standards to prevent exposing consumers to data security harms

Small Entity Representatives (SERs), data providers and third parties are invited by the CFPB to provide feedback on questions listed throughout the proposal and should support their answers with quantitative information and feedback on costs and benefits of the proposals and alternatives.

Relevant KPMG Though Leadership:

KPMG Regulatory Alert | Data Retention and Deletion: Increasing Regulatory Expectations

Get the latest from KPMG Regulatory Insights

KPMG Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments.

close
Contributors
Image of Amy S. Matsuo

Amy S. Matsuo

Principal, U.S. Regulatory Insights & Compliance Transformation Lead

Image of Todd Semanco

Todd Semanco

Partner, Advisory, Financial Services Risk, Regulatory & Compliance

close
Media contacts

Discover related insights and services

Thank you

Thank you for signing up to receive Regulatory Insights thought leadership content. You will receive our next issue when we publish.

Get the latest from KPMG Regulatory Insights

KPMG Regulatory Insights is the thought leader hub for timely insight on risk and regulatory developments. Get the latest perspectives on evolving supervisory, regulatory, and enforcement trends. 

To receive ongoing KPMG Regulatory Insights, please submit your information below:
(*required field)

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Headline