CFPB finalizes rule on personal financial data rights

The Consumer Financial Protection Bureau today announced its final rule on personal financial data rights under section 1033 of the Consumer Financial Protection Act. According to the bureau’s release, the rule will enable consumers to “fire fintechs and banks that provide lousy service” by enabling transfer of bank data to other banks; “shop for better rates on products and credit”…and “securely share payment information.”

Specifically, in taking a step toward an “open banking system,” consumers will be able to access their financial data and authorize third parties, acting on their behalf, to access their data safely. That is, data providers or financial institutions will be required to make the data available. However, third parties will not be authorized to collect, use, or retain consumer data for the benefit of entities other than the consumer. The data access will be standardized to promote competition, and to avoid access of others with interests inconsistent with a consumer’s interest. The rule also prohibits fees related to consumers’ and third parties’ data access. It also requires data providers to publicly disclose certain information about themselves “to facilitate access to covered data and to promote accountability.” It also provides protections for consumers to revoke access to their data.

The largest financial firms will have to comply with the requirements by April 1, 2026, while the smallest covered institutions will have until April 1, 2030. Certain small banks and credit unions are not covered under the rule.

Leave a Reply

Your email address will not be published. Required fields are marked *