The top U.S. consumer finance watchdog announced a new "open banking" rule to help consumers easily switch between financial services providers by enabling free sharing of personal data between fintech firms and traditional banks, requiring them to unlock and transfer data at the consumer's request, while also enhancing consumer rights, privacy, and security.
The Consumer Financial Protection Bureau's (CFPB) "open banking" rule is designed to uphold consumer rights, as established by the Consumer Financial Protection Act of 2010.
Under the rule, consumers can either access their own data or give permission to a third party to do so. It includes information related to transaction details, account balances, payment initiation information, upcoming bills, and basic account verification. Financial providers are required to provide the information without charging any fees.
According to the CFPB, this rule will also enable consumers to borrow on better terms, such as by allowing lenders to use data from other financial institutions to issue loans and enabling payments to be made directly from bank accounts instead of through cards, Reuters reported.
The new rule aims to encourage competition and expand consumer choices, which is expected to lower loan prices and enhance customer service across the payments, credit, and banking sectors.
"Too many Americans are stuck in financial products with lousy rates and service," CFPB Director Rohit Chopra said in a statement. "Today's action will give people more power to get better rates and service on bank accounts, credit cards, and more."
The rule will be rolled out in phases, with larger financial providers having to follow it sooner than smaller ones. The biggest institutions must comply by April 1, 2026, while the deadline for the smallest ones is until April 1, 2030. Some small banks and credit unions are not required to follow this rule at all.
Financial institutions, credit card companies, and other financial service providers are required to allow consumers to access their personal financial data and transfer it to another provider upon request, at no cost. It enables customers to easily switch to providers that offer better rates and services.
Additionally, the rule aims to reduce the use of "screen scraping," a risky practice where consumers give their account passwords to third parties, allowing them to access data from online banking without restrictions.
The rule also prohibits third parties from engaging in bait-and-switch data harvesting, which means they are allowed to collect or use consumer data only to provide the requested product. It prevents them from secretly using this data for unrelated business purposes, such as targeted advertising.
"A company that ingests a consumer's data can use the data to provide the product or service the consumer asked for, but not for unrelated purposes the consumer doesn't want," Chopra said while speaking at a financial technology event on Tuesday.
CFPB officials announced that the agency made changes to the original proposal based on feedback from the industry and public comments, including exempting banks with less than $850 million in assets from having to provide data.
Data aggregators like Plaid and Akoya, along with the Financial Technology Association, praised the move for promoting secure transfers of consumer data, while some trade groups and banks expressed their dissatisfaction.
Banks, concerned about potential risks to consumer data security and claiming the agency exceeded its legal authority, voiced strong opposition. Two U.S. banking groups — the Bank Policy Institute and the Kentucky Bankers Association — filed a lawsuit in U.S. District Court on Tuesday, arguing that the regulator overstepped its authority and seeking to block the rule from being implemented.
Although the open banking rules were first proposed a year ago, they originated from the Wall Street reforms implemented in 2010 after the 2008 financial crisis and have been in development for 14 years.