Senate Banking FinTech Hearing

Senate Banking Committee

“FinTech: Examining Digitization, Data, and Technology”

Tuesday, September 18, 2018

 

 

Key Topics & Takeaways

  • Data Aggregators: The hearing featured substantial discussion of data aggregators, including technology companies such as Facebook and Google that gather vast amounts of data on consumers. Stuart Rubinstein argued that there should be a level playing field for the handling of and liability for consumer data that applies to both financial institutions and data aggregators. Rubinstein also used the hearing to urge that credential sharing be replaced with APIs as the main method of allowing aggregators to access data.
  • Breach Notification Standards: Republican Senators asked witnesses several questions about the merits of a national data breach notification standard, as well as H.R. 6743, the Consumer Information Notification Requirement Act. Republicans generally expressed support for a national standard, as did several of the witnesses.

 

Witnesses

 

Opening Statements

Chairman Mike Crapo (D-Idaho)

In his opening statement, Crapo said that the rise of digitization and advances in financial technology could bring enormous benefits to consumers. Crapo said that while technological developments are positive, the ease of collecting and storing data creates a new set of challenges, and that in the financial technology (“fintech”) sector, there is not always a great deal of transparency about how customer data is being used.

 

Ranking Member Sherrod Brown (D-Ohio)

In his opening statement, Brown said that before 2008, “innovations” in financial products harmed consumers during the financial crisis, and that these innovations contributed to the financial crisis. Brown also criticized the view that any regulation would stifle innovation and harm consumers. Brown also argued that the Treasury Department’s fintech report “embraces the short-sightedness of pre-crisis regulators” and focuses on innovation instead of consumer protection.

 

Testimony

Steven Boms, on behalf of Consumer Financial Data Rights (CDFR)

In his testimony, Boms argued that the most “fundamental” first step towards improving the financial health of consumers is to ensure that they can understand their entire financial picture by aggregating their financial data on a platform of their choice. Boms praised the user permission model, which allows customers to grant access to their data to a third party of their choosing. Boms also said that the Bureau of Consumer Financial Protection (BCFP) should ensure that third parties are able to obtain data from financial institutions with customer permission, and also discussed the Treasury Department’s recommendations in their report on fintech.

 

Stuart Rubinstein, President, Fidelity Wealth Technologies

In his testimony, Rubinstein outlined Fidelity’s views on data aggregation. Rubinstein said that currently, data aggregators generally use customers’ passwords and usernames to access accounts directly, but said that new safer methods, such as using an API, would be better for consumers. Rubinstein said that Fidelity’s view of data aggregation relies on five principles, which are: 1) customers should be able to share data with aggregators if they want 2) sharing should be safe, secure, and transparent 3) affirmative consent should be given by customers, who should also be able to give direct instructions to aggregators about the permissible uses of data 4) third parties should only be allowed to access necessary information and not all the customer’s information, and 5) consumers should be able to monitor account access rights. Rubinstein also said that aggregators should be liable for data that is compromised from their systems, and that aggregators should not be allowed to limit liability.

 

Brian Knight, Director of the Innovation and Governance Program, Mercatus Center

In his testimony, Knight defended financial technological innovation as good for consumers, both by increasing access to financial services and for making credit markets less discriminatory. Knight said that policymakers should be concerned about potential risks created by information sharing, including privacy and discrimination risks, but that unduly burdensome regulation on Fintech companies could hurt consumers and stifle innovation.

 

Saule Omarova, Professor, Cornell University

In her testimony, Omarova criticized the arguments being used to “defend Fintech from regulations” as being the same ones that created the 2008 financial crisis. Omarova criticized the Treasury Department’s recent paper on Fintech that encouraged data aggregation in financial services despite the risks that aggregators create. Omarova said there could be “many Equifaxes” occurring frequently and with devastating consequences in a world without strong consumer data protections.

 

Question & Answer

Data Aggregators

The hearing featured substantial discussion of data aggregators, including technology companies such as Facebook and Google that gather vast amounts of data on consumers. Crapo noted a recent Wall Street Journal article that discussed the negotiations between Facebook and financial institutions over the use of data that passes through Facebook Messenger. Omarova said that the article highlights the stakes of data regulation today, as companies like Facebook may use data gathered in one part of its platform to boost other businesses, and that this practice should not be allowed or encouraged.

 

Sen. Catherine Cortez Masto (D-Nev.) asked if there should be a “level playing field” regarding data security requirements across the financial services industry as well as data aggregators. Rubinstein agreed and said that if firms hold consumer data they should be held to the same standard. While witnesses generally agreed with this assessment, Knight argued that regulatory requirements should be based on risk, resulting in different institutions facing different requirements.

 

Brown asked Omarova if current fair lending laws should be updated to cover new technologies and methods of distributing loans, as well as advertising about certain financial products. Omarova agreed and said that algorithms raise a new set of discrimination concerns.

 

Breach Notification Standard

Sen. Mike Rounds (R-S.D) noted Rep. Blaine Luetkemeyer’s (R-Mo.) bill H.R. 6743, the Consumer Information Notification Requirement Act, which was recently approved by the House Financial Services Committee. The bill would create a national standard for data breach notification, preempting many state laws on the topic. Rubinstein argued that while large firms can manage multiple notification standards, notification and consumer protection could be enhanced by a national standard. Omarova said that a standard could be helpful but the metrics of that standard are important.

 

Sen. Tim Scott (R-S.C.) asked about the beneficiaries of a national notification standard. Boms argued that consumers and industry would benefit from more consistency in notification requirements. Sen. Mark Warner (D-Va.) also asked about the merits of federal leadership on breach notification and said this was an issue he was working with Republicans on.

 

Credential Sharing

Throughout the hearing, Rubinstein stressed that the current method used by many aggregators to collect data, credential sharing, poses numerous risks to consumers. In response to a question from Sen. Jack Reed (D-R.I.) Rubinstein noted that once credentials are shared with an aggregator, there is nothing stopping the aggregator from gathering all the information related to the account, including transaction information (and other information not needed by the aggregator for finance management platforms). Rubinstein noted that from the financial institution point of view, credential sharing means a robot access an account to scrape data, and it may be difficult to determine when an aggregator is accessing an account compared to when a customer is accessing an account.

 

Scott noted that other countries are moving ahead with APIs to replace screen scraping, and asked what the US should do to stay competitive. Boms said that APIs are “not a panacea” and that it is critical that APIs be robust and secure.

 

Alternative Credit Scores

Scott also asked the witnesses how alternative credit scores could help “credit invisible” Americans get access to credit. Knight said that alternative underwriting mechanisms could make credit invisible consumers visible and improve the amount of credit available to others by providing more information to lenders.

 

Treasury Report on Fintech

Sen. Elizabeth Warren (D-Mass.) asked about the Treasury Department’s report on fintech, which she noted has advocated for deregulation to stimulate development of new financial technologies and fintech companies. Omarova said she was concerned that if implemented, the regulatory changes endorsed in the report would allow banks to “open up the treasure trove” of financial data by nonbank companies. Omarova said that data gathered by aggregators in one context could be used without customer permission in other businesses. Omarova also argued that without proper controls, fintech and data digitization could hurt the ability of regulators to protect markets, as information may migrate outside regulators’ ability to access it.

 

Banks and Social Policy

Crapo asked Knight if it is acceptable for banks to target business customers for social purposes, and hold some businesses out for more rigorous reporting requirements. Knight said that because banks derive market power from public power (i.e., through their deposit insurance and charters) when they use their market power to effect public policy, they are wielding public power. Knight said that individuals cannot rely on market protections when that happens in highly-regulated industries, like financial services.

 

For more information on this hearing, please click here.