The Consumer Financial Protection Bureau released a set of principles to better protect consumers when they authorize third party companies to access their financial data to provide certain financial products and services.

However, the CBFB clarified that these principles do not establish binding requirements or obligations relevant to the bureau’s exercise of its rulemaking, supervisory, or enforcement authority.

CFPB Director Richard Cordray instead said, “These principles express our vision for realizing an innovative market that gives consumers protection and value.”

For context around the new principles, many companies, including fintech firms, banks, and other financial institutions, get authorization from consumers to access their account data that reside in separate organizations to provide a variety of products and services.

Examples of this includes fraud screening and identity verification, personal financial management, and bill payment.

The products and services are intended to help consumers make smarter spending, savings, and investment decisions and live their lives more efficiently and effectively.

But, while the products are services are meant to benefit consumers, the bureau stated that there are many consumer protection challenges to be considered as these technologies continue to develop.

As it stands, there are some industry stakeholders currently working on improvements to consumer-authorized data access.

These improvements relate to the agreements, systems, and standards involved in consumer-authorized data access, the bureau noted

The nine main principles are below and can be found in more detail here

  1. Data access
  2. Data scope and usability
  3. Control of the data and informed consent
  4. Payment authorizations
  5. Data security
  6. Transparency on data access rights
  7. Data accuracy
  8. Accountability for access and use
  9. Disputes and resolutions for unauthorized access.