FinReg Round-Up Vol. 4, No. 4

With the end of the year in sight, the financial regulation industry is gearing up for several potential new initiatives in 2024. In this issue of the FinReg Round-Up, we look at proposed rules that would increase oversight for certain large nonbank companies and give consumers more control over their financial data, plus the finalization of new climate-related financial risk principles.

• Proposed Rule Puts Large Nonbank Financial Companies Under CFPB Authority
• Bank Regulators Finalize Climate-Related Financial Risk Principles for Largest Banks
• CFPB Proposes Rule To Give Bank Customers More Control Over Personal Financial Data

Proposed Rule Puts Large Nonbank Financial Companies Under CFPB Authority

In a continuation of its focus over the past couple of years on Big Tech, the Consumer Financial Protection Bureau (CFPB) issued a Notice of Proposed Rulemaking that would extend its supervisory authority to large nonbank companies offering services like digital wallets and payment apps. The rule would define nonbank financial companies that handle more than five  million transactions per year as “larger participant[s] of a market for other consumer financial products or services” under Section 1024 of the Consumer Financial Protection Act (CFPA). Under the proposed rule, the CFPB would have the authority to conduct examinations to help ensure these large nonbank companies adhere to federal consumer financial law, such as the Electronic Funds Transfer Act (EFTA) and its implementing Regulation E, the privacy provisions of the Gramm-Leach-Bliley Act and its implementing Regulation P, and the CFPA’s prohibition against unfair, deceptive and abusive acts.

The CFPB estimates that the proposed rule would apply to somewhere between 14 and 19 companies depending on where the final transaction volume is set. The CFPB touted the rule as leveling the playing field and promoting fair competition by requiring these large nonbank financial companies to play by the same rules as large banks, credit unions and other financial institutions already supervised by the CFPB, as well as ensuring that federal consumer financial protection law is enforced consistently between nonbanks and financial institutions already subject to CFPB supervision and depository institutions.

Comments on the proposed rule must be received by Jan. 8, 2024.

Bank Regulators Finalize Climate-Related Financial Risk Principles for Largest Banks

Three federal bank regulatory agencies announced on Oct. 24 the joint finalization of guidance that provides a high-level framework of principles for the safe and sound management of exposures to climate-related financial risks for large financial institutions. The guidance issued by the Federal Reserve System Board of Governors, Federal Deposit Insurance Corporation and Office of the Comptroller of the Currency applies to financial institutions with $100 billion or more in total assets, although it also may be useful to smaller financial institutions trying to manage climate-related risk. Notably, the guidance consolidates earlier separate proposed draft principles issued by each of the agencies, offering consistency to financial institutions incorporating the principles into their risk management framework.

The climate-related financial risk management principles address a number of areas, including governance; policies, procedures and limits; strategic planning; risk management; data, risk measurement and reporting; and climate-related scenario analysis. The principles also outline how climate-related financial risks can be addressed in the management of traditional risk areas, such as credit, market, liquidity, operational and legal risks.

CFPB Proposes Rule To Give Bank Customers More Control Over Personal Financial Data

To accelerate a shift toward open banking and fulfill a congressional mandate in the Dodd-Frank Act, the CFPB announced on Oct. 19 a proposed rule designed to give consumers more control over their financial data and provide new protections against companies misusing their data. The CFPB touts the proposed Personal Financial Data Rights rule as a means to spur competition between banks by requiring financial institutions to share data at the consumer’s direction with other financial institutions from which the consumer intends to obtain products and services.

The proposed rule is the CFPB’s first rulemaking under Section 1033 of CFPA Section 1033 requires that consumers are able, upon request, to obtain information in the control or possession of providers of financial products or services related to the financial product or service the consumer obtained from the provider, such as information relating to transactions, usage data, or costs and charges. The information must be made available in an electronic form usable by consumers.

The proposed rule would require that consumers be able to get their data with no charge through secure and reliable dedicated digital interfaces. Consumers would also have a legal right to share their data by granting third parties access to information associated with their credit card, checking, prepaid and digital wallet accounts. In addition, the proposed rule would limit ways companies can use the consumer data, prohibit use of such data for targeted or behavioral advertising, and allow the consumer to revoke the right to access their data.

Comments on the proposed rule must be received by Dec. 29, 2023.