Member Alert: RMAI Submits Comments to CFPB’s Sec. 1033 SBREFA Outline

On January 26, 2023, RMAI submitted comments in response to the Consumer Financial Protection Bureau’s Section 1033 Small Business Regulatory Enforcement Fairness Act Outline of Proposals.  RMAI previously submitted comments in response to the Bureau’s Advance Notice of Proposed Rulemaking on the subject.

As background, § 1033 of the Consumer Financial Protection Act, a/k/a, the Dodd-Frank Act, generally allows a consumer access to transactional information that a business holds related to products or services that were provided to the consumer.  Specifically, § 1033(a) provides:

Subject to rules prescribed by the Bureau, a covered person shall make available to a consumer, upon request, information in the control or possession of the covered person concerning the consumer financial product or service that the consumer obtained from such covered person, including information relating to any transaction, series of transactions, or to the account including costs, charges and usage data. The information shall be made available in an electronic form usable by consumers.

The purpose of the Small Business Regulatory Enforcement Fairness Act Outline is “to assess the impact on small entities that would be directly affected by the proposals under consideration prior to issuing a proposed rule regarding section 1033.”

The Outline consists of 149 questions on various topics, including how a consumer could authorize a third-party business to request and receive the consumer’s financial information from a financial institution with which the consumer is currently doing business, thus allowing the third party use that information to prepare an offer for a competing product or service, possibly with better terms.

The RMAI Data Privacy & Security Working Group prepared the comments identifying potential conflicts with existing laws and the burdens that some of the proposals would impose on smaller members.

The Working Group has also recently submitted comments on proposed rules for the California Consumer Privacy Act and Colorado Privacy Act, proposed amendments to New York State’s Cybersecurity Regulations, and on legislation that would create a New York Privacy Act.  At this time, the Working Group is tracking over 20 state privacy bills introduced since the beginning of the year.