The Consumer Financial Protection Bureau issued a report and Request for Information (RFI) regarding the bureau’s sources of data and how data is used. The report provides transparency into how the bureau collects and uses data and the accompanying RFI gives the public an opportunity to comment on those practices.
The report released by the CFPB addresses questions concerning the sources of the bureau’s data and its use. It describes what data the bureau collects, where it comes from, and how it is accessed and reused within the bureau. In addition, it publishes the full text of the bureau’s internal data governance policies and charters, a press release stated.
The accompanying RFI will give the public an opportunity to submit feedback on the bureau’s data governance program and data use and suggest ways to improve outcomes for both consumers and covered entities.
The introduction to the report notes that, “Outside of the Bureau’s Operations Division, three divisions of the bureau conduct most of the bureau’s data-driven work: the Division of Supervision, Enforcement and Fair Lending (SEFL) is responsible for conducting supervisory, enforcement and fair lending activities; the Division of Research, Markets, and Regulations (RMR) is responsible for conducting research and monitoring the consumer financial products and services markets as well as developing, implementing, and assessing regulations; and the Division of Consumer Education and Engagement (CEE) is responsible for providing financial education to consumers and collecting, monitoring, and responding to consumer complaints regarding consumer financial products or services.”
It stated that the bureau obtains data to inform its decisions to fulfill its statutory functions obligations, including:
- Writing rules, supervising companies, and enforcing the law
- Taking consumer complaints
- Providing financial education
- Researching the consumer experience of using financial products, and
- Monitoring financial markets for new risks to consumers.
The report noted that the bureau had data governance processes for each stage of the data lifecycle, including intake, management, publication and disposition of data. It further stated that the bureau’s data governance policies govern how information and data are: “brought into the bureau; shared internally across divisions; released to the public; securely stored, classified, and used; and ultimately disposed. In addition, some data collection authorities related to the day-to-day activities are delegated to specific divisions or offices.
“The bureau manages its data through a centralized data governance program. In 2011, the bureau stood up the Data Coordination Council (DCC) — chaired by the CIO with representation from every office in which data played an important role. A predecessor to the current Data Governance Board (DGB), the DCC served three primary objectives: 1) Coordinate internal data projects and policies; 2) Coordinate external data acquisition and sharing; and 3) Coordinate analytical resources. Subsequently, it was replaced by other data governance bodies, described below.”
The Request for Information seeks comments to “assist the bureau in assessing the overall efficiency and effectiveness of the bureau’s data governance program and its data collection in support of the bureau’s work and, consistent with law, the bureau is considering whether any changes to its data governance program or data collections would be appropriate.”
The RFI requested that the comments include:
- “Specific discussions of any potential changes to our data collection processes, consistent with the laws providing the bureau with data collection authority and the bureau’s statutory purposes and objectives, and including, in as much detail as possible, the nature of the requested change, and supporting data or other information on impacts, costs, benefits, or information concerning alignment with the processes of other agencies.
- Specific identification of any aspects of the bureau’s approach to its data collections that are working well, and including, in as much detail as possible, supporting data or other information on impacts, costs, benefits, or information concerning alignment with the processes of other agencies.”
The bureau is requesting feedback on all aspects of its data collections, including:
- Aspects of the bureau’s Data Governance Program;
- The bureau’s data collection practices related to privacy, including practices the bureau should maintain or changes that the bureau can feasibly make to further protect privacy without hindering the bureau’s ability to accomplish its objectives and statutory mandates;
- Changes the bureau should, or should not, make to the sources, uses, and scope of its data collections;
- How and when data collected primarily for one bureau function should, or should not, be used for other bureau functions consistent with applicable law;
- Ways to improve data collection processes that reduce reporting burden without hindering the bureau’s ability to accomplish statutory objectives;
- Changes the bureau could make to existing data collections, or potential new data collections the bureau could collect, consistent with its statutory authority, to more effectively meet the statutory purposes and objectives as set forth in section 1021 of the Dodd-Frank Act;
- Other activities that the bureau could engage in to make the data collection requests from financial institutions more effective and efficient; and
- Areas where the bureau has not exercised the full extent of its data collection authority; where data collections would be beneficial and align with the purposes and objectives of the applicable federal consumer financial laws; and/or where the bureau can better leverage data as a strategic asset to increase effectiveness.