On October 19, 2023, the Consumer Financial Protection Bureau issued a long-awaited proposed rule that would require depository and nondepository entities to make available to consumers and authorized third parties certain data relating to consumers’ transactions and accounts. The proposed rule, issued under Section 1033 of the Dodd-Frank Act, also would establish obligations for third parties accessing a consumer’s data, including privacy protections for that data, provide basic standards for data access. Data providers that are depository institutions that do not have a “consumer interface” would be exempt. A consumer interface is an interface through which a data provider receives requests for covered data (e.g., transaction information, account balance, payment initiation information, terms and conditions, upcoming bill information, basic account verification information) and makes available covered data in an electronic form usable by consumers in response to the requests.
According to the CFPB, the proposed rule “would accelerate a shift toward open banking, where consumers would have control over data about their financial lives and would gain new protections against companies misusing their data.” If adopted, the proposed rule will have significant impacts for banks and financial technology companies. For consumers, greater portability of their data will enable them to switch providers more easily.
Comments on the proposal are due by December 29, 2023. CFPB Director Rohit Chopra has indicated his intent to finalize the proposal by next fall.