Search
Choose a style
Dark
Light
Time to read: 4 min

CFPB faces tough choices on what could be its last rule

CFPB to make final decision on financial data.
Editorial credit: DCStockPhotography / Shutterstock

Credit unions, crypto advocates and tech companies have offered advice on how best to give consumers access to and control over their financial data.

The Consumer Financial Protection Bureau (CFPB) has received almost 14,000 responses to its consultation on updating rules for consumer access to financial data. 

The CFPB issued an Advance Notice of Proposed Rulemaking (ANPR) earlier this year to revisit Section 1033, which provides consumers the right to access and share information about their financial accounts in a usable electronic format.

The law, passed as part of the 2010 Dodd-Frank Act, has been considered vital for open banking in the US, enabling fintech firms, third-party developers and digital asset platforms to build tools.

The ANPR invited public input on four core issues, including who can request consumer data, the defrayment of costs for providing data, information security concerns and privacy considerations. 

Credit unions push for consumer protection

Many traditional financial institutions, particularly credit unions, focused comments on consumer safety, fairness and equal access to financial data. America’s Credit Unions (ACU), a national trade association, warned the current Personal Financial Data Rights (PFDR) Rule “does little to assuage industry concern about managing data security or privacy risks.”

A letter addressed to the CFPB from ACU added the rule “will likely drive further consolidation within the credit union industry, and could further cement the advantage of large technology companies that are unlikely to prioritise the brick-and-mortar relationships credit unions cultivate with their communities.”

ACU highlighted the burdens on smaller institutions, urging the CFPB to allow reasonable fees for third-party access to offset secure API costs. The group also stressed the need for clear accountability for third parties which mishandle data.

The letter urged limiting access to only those acting in the best interest of consumers, cautioning “granting entities who are not subject to substantially similar laws and regulations broad data access privileges would be irresponsible.”

Finally, the association stressed both large and smaller credit unions need extended timelines to implement technically complex requirements, a sentiment echoed in August when a consortium of banks and fintechs criticised the CFPB’s open banking proposals for costly compliance. 

Crypto sector highlights innovation

The Crypto Council for Innovation (CCI) offered a different perspective, stating rules must protect consumer autonomy and support new technologies. 

CCI said reliable access to financial data is essential for consumers using crypto, stablecoins and Web3 platforms due to digital asset users moving tokens and interacting with dApps and self-custody assets. These are activities which depend on the principle that consumers, not intermediaries, control their financial information.

The group also warned against rules which would require third-party data providers to meet special legal responsibilities, saying such rules could benefit established companies and block innovation.

“Section 1033 is not abstract… it is a practical necessity for participation in one of the fastest-growing areas of financial innovation,” CCI CEO Ji Hun Kim said in the organisation’s submission. 

Senator Cynthia Lummis has also voiced support for strong open banking rules. In her letter to the CFPB, she said the agency should “finalise this rule as soon as possible” and noted open banking “enables access to financial services for rural communities via phones and computers” and “supports small businesses and agriculture operations with better cash flow and credit access.” 

She added that without clear rules, banks “could prevent customers from connecting accounts to platforms like Kraken and Gemini and completely throttle consumer choice.”

Apple’s perspective 

Following the views of credit unions and crypto advocates, Apple took a middle-ground approach. The company supported crypto’s focus on consumer control and flexible technology, while also acknowledging credit unions’ concerns about privacy, security and practical implementation.

Apple’s submission focused on giving consumers control over who can access their financial data, with easy ways to give consent, revoke it or delete data. The company suggested updating reauthorisation so access expires after inactivity, instead of requiring yearly reconfirmation.

Apple also said rules should apply only to entities that own or control the account data, like banks and card issuers, not digital wallets or other intermediaries. The tech giant believes this would ensure data comes from reliable sources. 

What happens next?

Now the initial comment period has closed the CFPB is set to start a new rulemaking process to revisit its final rule on personal financial data rights.

The timeline for the updated rule is still unclear. The CFPB has said it wants to create a framework which gives consumers control over their financial data while supporting innovation, competition and strong privacy protections.

However, the agency faces challenges. Questions about its rulemaking authority and possible budget limits have raised doubts about its future. If resources are cut or the agency is reorganised, the Section 1033 rule could be one of its last moves.

Subscribe to our newsletter