The Consumer Financial Protection Bureau (CFPB) is reconsidering a major rule that governs how Americans share their financial data, sparking a fierce debate among consumers, banks, and technology companies. With a federal court halting the previous version of the rule, the agency is now reviewing nearly 14,000 public comments as it decides whether financial institutions can charge fees for data access and how to protect consumer privacy.
The outcome will impact more than 100 million Americans who use payment apps and financial services that rely on "open banking" to connect to their bank accounts. The central conflict pits banks, who argue for the right to charge for maintaining secure data pipelines, against fintech firms, who claim such fees would stifle innovation and competition.
Key Takeaways
- The CFPB is rewriting its open banking rule, known as Section 1033, after a court sided with banking groups in a lawsuit.
- A central point of contention is whether banks should be allowed to charge fees to third-party apps for accessing consumer financial data.
- Consumers have submitted thousands of comments expressing deep concerns over data security, fraud, and confusing consent agreements.
- Small and large banks are divided on exemptions, while fintech companies advocate for a fee-free system to ensure consumer access.
A Flood of Public Concern
While the industry debate focuses heavily on fees, thousands of consumer comments submitted to the CFPB highlight a more personal issue: the security and use of their financial information. Many individuals expressed feelings of vulnerability and confusion about where their data goes after they grant access to an app.
"My family and I frequently use open banking apps … because they offer a convenient way to transfer money quickly and easily," one consumer, Melanie White, wrote in a public letter to the agency. However, she explained her surprise upon learning her data could be shared with and sold by data brokers. "Now, my information is exposed and likely circulating on the dark web," she stated. "I didn't realize I was consenting to these practices. The consent forms are confusing, filled with complex language and legal jargon."
By the Numbers
- 14,000: Approximate number of public comments the CFPB received on its plan.
- 100 Million: Estimated number of Americans who currently share financial data through open banking.
- 74%: Percentage of community banks that would be exempt from the rule under certain proposals, according to the American Bankers Association.
This sentiment was echoed by others who feel they lack control and understanding. "I'm concerned about the security of my personal information," wrote Connie Kempf. "I'll admit, I don't fully understand how my data is being used or who has access to it. I don't think I'm alone."
The Core Debate: Who Pays for Data Access?
The previous version of the open banking rule, finalized in October under the Biden administration, prohibited banks from charging for data access. Following a lawsuit from banking groups, a judge has paused enforcement of that rule, opening the door for the CFPB to introduce a new framework that could permit fees.
The Banking Perspective
Financial institutions argue that building and maintaining the secure technology needed to share data with third parties is a significant expense. They believe they should be able to charge reasonable fees to cover these costs, rather than passing them on to all of their customers.
"Financial institutions are expected to build and maintain complex interfaces to support third-party access, yet those third parties are not subject to the same supervisory standards or compliance obligations," said Rose Oswald Poels, president and CEO of the Wisconsin Bankers Association. "This imbalance forces regulated institutions to subsidize the operations of unregulated entities."
Large banking associations also argue that allowing fees would encourage smaller institutions to adopt modern, secure data-sharing methods instead of relying on older, riskier practices like "screen scraping," where apps use a customer's login credentials to access their account.
The Fintech Argument
Conversely, financial technology companies and their advocates warn that fees would create a barrier for consumers trying to access their own information. They argue that Section 1033 of the Dodd-Frank Act establishes a consumer's right to their data, and that right should not come at a cost.
"Legacy data providers have a direct economic incentive to charge high, deterrent fees in order to block the transfer of data they would prefer to hold captive," wrote Penny Lee, president and CEO of the Financial Technology Association. "Constitutional and statutory 'rights' in America are not subject to gatekeeping fees."
These groups contend that allowing fees would harm competition, favor large incumbent banks, and ultimately limit the innovative financial tools available to consumers.
A Divide Among Banks
The banking industry itself is not unified on the new rule. A key point of disagreement is whether smaller institutions should be exempt from the requirements.
What is Section 1033?
Section 1033 is a provision of the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act. It grants consumers the right to access information about the financial products or services they use. The CFPB's rule is intended to implement this provision by setting standards for how consumers can securely share their transaction data with third-party applications like budgeting tools, payment apps, and investment platforms.
The Independent Community Bankers of America has requested an exemption for all community banks with assets of $10 billion or less. They argue that the cost of compliance would be a disproportionate burden on smaller banks that lack the resources of their larger competitors.
However, the American Bankers Association, which represents banks of all sizes, opposes such a broad exemption. They claim it would leave over 74% of community banks and nearly 90% of credit unions outside the rule's reach. According to Ryan T. Miller, an ABA vice president, this would perpetuate screen scraping, create inconsistent consumer protections, and ultimately harm the competitiveness of community banks in an increasingly digital world.
Next Steps for Regulation
Consumer advocates are urging the CFPB to retain strong privacy protections from the original rule, regardless of the decision on fees. These include limits on how data can be used, requirements for clear disclosures, and the consumer's right to revoke access and have their data deleted.
The CFPB is now tasked with balancing these competing interests. The agency must weigh the security concerns of consumers, the operational costs cited by banks, and the innovation arguments from the fintech sector. After reviewing the thousands of comments, the bureau will issue a formal proposal, which will be followed by another public comment period before a final rule is established. The decision will shape the future of digital finance and determine who controls—and potentially profits from—consumer financial data.
