Senate Banking Committee Warns of Fintech Privacy Risks

September 25, 2018 by Tae Kim, Esq.

The financial services industry uses an open architecture system to transfer common data between multiple external systems, hoping to eliminate double-entry. Moreover, for years they have been looking for a better solution to integrate those outside systems in a way that reduces conflicts and saves time.

Now, with advances in fintech, full integration is possible with more efficiency, bringing new systems online to make data sharing simpler, faster, and with better compatibility.

However, with the emergence of new data control systems, which are generally run by third-party aggregators, some regulators worry about advisor firms’ ability to protect client privacy.

Recently, the Senate Banking Committee held hearings to examine how to handle regulation of fintech, with a focus on data aggregation and consumer’s privacy.

“I think it’s critical that the government move methodically on a regulatory approach to fintech, so we encourage productive innovation but we don’t expose consumers to a lot of unnecessary risks,” Sen. Elizabeth Warren, D-Mass., said during the hearing entitled “Fintech: Examining Digitization, Data, and Technology.”

The Chairman of the committee, Sen. Mike Crapo, added the government must continually evaluate the regulatory and oversight framework to ensure that as the fintech marketplace develops, the regulatory environment can evolve along with it.

“To the extent that there are improvements that can be made to better foster and not stifle innovation, we should examine those,” Crapo said during opening remarks to the committee.

The hearing also focused on the Treasury Department’s fintech report released in early August. That report went into detail about how fintech will change the way broker-dealers operate and allow smaller firms to compete in a growing marketplace.

The report also talked about how the use of data and mobile devices, coupled with the increasing speed of information flow “all have broken down barriers to entry for a wide range of startups and other technology-based firms that are now competing or partnering with traditional providers in nearly every aspect of the financial services industry.”

Warren cited Treasury’s reporting with concern in saying, “In almost every instance, [Treasury’s report] advocates for deregulation in an effort to stimulate the fintech industry.” She went on to detail such concerns about the Treasury’s recommendations and, in particular, how they advocate “rolling back rules about how banks can share personal and financial information with third-party data aggregators.”

Democratic Senators are worried about consumers knowing how and when their personal and financial data is being used and shared. As many fintech products revolve around big data analytics, aggregation, and other technologies that make use of investor data, there is a concern that the processes operate in the background and do not always present the consumer with transparency about how their information is shared.

Some of the concern revolves around the banks and financial firms’ ability to use consumer data to offer ancillary products and services. They fear that sensitive financial data may get caught up in the web and be disseminated among parties that may not hold the consumer’s privacy protection as a high priority.

Stuart Rubinstein, president of Fidelity Wealth Technologies and head of data aggregation, told the committee that Fidelity has offered third-party data aggregation-based services to its customers and that they have been able to use their Fidelity data in third-party applications for many years.

However, he added that he believes the “cybersecurity environment has significantly changed over that time and we have a responsibility to protect the very sensitive personal financial data and assets of our more than 30 million customers from misuse, theft, and fraud.”

He told the committee that he believes certain principles should be followed to protect consumer data. These principles include providing consumers with the ability to see how their data is being shared, sharing data safely and transparently, providing consumers the capacity to consent to have their data shared, and allowing consumers to monitor how, and with whom their data is shared.