The Consumer Financial Protection Bureau this week announced its final personal financial data rights rule.
The rule will require financial institutions, credit card issuers and other financial providers to “unlock” the consumer’s financial data and allow them to transfer it to another provider at no charge.
CFPB Director Rohit Chopra said the rule will allow consumers the opportunity to gain better interest rates and also lead to lower loan prices.
“Too many Americans are stuck in financial products with lousy rates and service,” Chopra said in a press release. “Today’s action will give people more power to get better rates and service on bank accounts, credit cards, and more.”
Along with allowing consumers to take personal financial data with them if they switch banks, the rule will allow consumers to share it with authorized third parties. Institutions are not allowed to charge fees for accessing the data.
The rule will be implemented in phases, with large institutions, holding $250 billion in assets and $10 billion in receipts in 2024, required to comply by April 1, 2026. Institutions, with less than $1.5 billion in assets and more than $850 million, will have until April 1, 2030. Small banks with less than $850 million in assets are exempt from the rule.
The rule has already been challenged by the Bank Policy Institute and the Kentucky Bankers Association, filing suit in the Eastern District of Kentucky U.S. District Court.
“BPI supports a competitive marketplace where consumers control how their personal financial data is used and with whom it is shared, so long as their data remains protected,” said Greg Baer, the President and CEO of the Bank Policy Institute. “Unfortunately, the CFPB delivered a rule that treats sensitive financial data with as little care as a consumer’s web browsing history. If left unchallenged, technology companies subject to little to no oversight will have access to very sensitive information, like how much is in your account and where you spend your money. Banks have a responsibility to protect customers and their data, and this rule compromises these responsibilities, putting bank customers at risk.”