A New Rule Will Force Banks to Protect Your Data
Over the shoulder view of young Asian woman using laptop, logging in online banking account with digital security mobile device at office. Internet security and digital privacy protection concept. Two-Factor Authentication (2FA) concept.
If a government watchdog has its way, it may be easier to fire your bank in the coming years. The Personal Financial Data Rights rule will improve consumer security and privacy, adding safeguards to financial information. The rule will also simplify the safe transfer of customer data, so if you don’t like one bank’s saving rate, for example, you can switch banks more easily.
The banking industry has tremendous control over consumer data under current law. Banks may crosssell or use consumer data for marketing, while consumers may be unable to revoke sharing permissions or are in the dark when it comes to knowing how their data is being used.
This initiative finalizes a rule in Section 1033 of Dodd-Frank, which enables consumers to access and share their financial data. The Consumer Financial Protection Bureau (CFPB), a government watchdog of the financial sector, spearheaded the new rule. Such regulation should encourage “open banking,” in which consumer data is shared between banks and fintech companies, in a way that may enhance banking efficiencies and unlock value for the consumer.
How will the rule change banking?
The rule requires credit card issuers, financial institutions, and other financial providers to allow customers to request a transfer their personal financial data to another provider, free of charge. This will enable consumers to switch to a provider offering better services, rates and fees more easily. As a result, competition should increase, leading to lower loan prices and improved customer service. Additionally, the rule is expected to motivate financial institutions to enhance their products, helping them attract new customers and retain existing ones.
“Too many Americans are stuck in financial products with lousy rates and service,” said CFPB Director Rohit Chopra. “Today’s action will give people more power to get better rates and service on bank accounts, credit cards, and more.”
The rule will also allow consumers to access their data or grant permission to a third party to access information like account balances, transactions and basic account verification information at no cost. It will also provide greater privacy protections against practices such as screen scraping and require personal financial data only to be used for the purposes requested by the consumer. The rule will ensure that third parties cannot use consumer data for other purposes that benefit the third party but that most consumers do not want.
You will have more control when banking
The Personal Financial Data Rights final rule will spur greater choice and increase competition by making it possible for consumers to:
The rule also strengthens consumer data protections:
Implementation
The banking industry is complex, so these changes won’t happen overnight. Compliance with the rule will be implemented in phases, requiring larger providers to comply by April 1, 2026, and smaller ones by April 1, 2030. Certain small banks and credit unions are not subject to this rule.
Some industry stakeholders have criticized the rule, filing a lawsuit alleging that the rule will endanger customer data and unfairly favor the fintech industry. Others have complained that the rules are too onerous to implement within the time permitted.
Read the regulatory text of the final Personal Financial Data Rights rule. Consumers can submit complaints about financial products or services by visiting the CFPB’s website or calling (855) 411-CFPB (2372).
