The Consumer Financial Protection Bureau (CFPB) issued a much anticipated final rule implementing Section 1033 of the Dodd-Frank Act designed to give consumers greater control over their financial data. The rule stipulates data providers must create and maintain developer interfaces through which third parties can access data only with a consumer’s authorization.
“Too many Americans are stuck in financial products with lousy rates and service,” CFPB Director Rohit Chopra said in a press release. “Today’s action will give people more power to get better rates and service on bank accounts, credit cards, and more.”
The rule aims to allow consumers to transfer banking data easily between institutions, shop for better rates, and make secure payments. By doing so, the CFPB’s rule is intended to enhance competition in financial services. It also bans unauthorized data use by ensuring data collection is limited to the requested service. Consumers will be able to revoke access to their data and have data deleted promptly.
Compliance with the rule will be implemented in phases, the bureau said in the release. Larger providers will be subject to the rule sooner than smaller ones, with the largest institutions required to comply by April 1, 2026. The smallest covered institutions will have until April 1, 2030 to comply. Certain small banks and credit unions will be exempt from the rule.
Dodd Frank Update will have more details on this developing news shortly. Please stay tuned.