The U.S. Consumer Financial Protection Bureau (CFPB) introduced long-anticipated rules on Tuesday designed to promote open banking, enabling consumers to control and share their financial data more freely when selecting services. The regulations aim to encourage competition between traditional banks and financial technology (fintech) companies, transforming how consumers manage their accounts and financial products.
The rules are expected to shift the balance of power between banks and fintech firms, with the latter offering a variety of consumer apps that have often clashed with banks over access to customer data. CFPB Director Rohit Chopra likened the change to the ease with which mobile phone users can switch providers while keeping their number, suggesting that the new framework will make the U.S. financial system more efficient and modern, bringing it in line with other developed economies.
Chopra emphasized the importance of privacy and consumer control in the new rules. “A company that ingests a consumer’s data can only use it for the product or service the consumer requested, and not for unrelated purposes the consumer hasn’t agreed to,” he explained during prepared remarks.
Years in the Making
The regulations have been over a decade in development, initially outlined in the 2010 Wall Street reforms following the 2008 financial crisis. Once implemented, the rules will give consumers greater flexibility to transfer their data between banks without fees or barriers, allowing them to benefit from improved loan terms and enhanced payment options.
For example, borrowers will be able to share financial data from other institutions to secure better loan terms, while payments can be made directly from bank accounts, bypassing card transactions. The CFPB has also ensured that consumers can instantly revoke access to their data, giving them full control over who holds their information.
Industry Adjustments and Compliance Timelines
The CFPB acknowledged concerns from banks and industry groups during the proposal’s public consultation phase. As a result, the final rules exempt banks with less than $850 million in assets from the data-sharing requirement, offering some relief to smaller institutions.
In terms of compliance, fintech companies and financial institutions will have staggered deadlines. The largest companies will need to comply by 2026, while smaller firms will have until 2030 to fully integrate the new standards into their operations.