The CFPB has announced a Final Rule to implement Section 1033 of The Dodd-Frank Act. The Rule will require that certain financial data be made available to consumers upon request, in a secure and reliable manner. It also outlines responsibilities for third parties that may look to access the data.
The CFPB states the …rule moves the United States closer to having a competitive, safe, secure, and reliable “open banking” system. The CFPB expects it to fuel competition, lower prices, and improve customer service.
Again, the CFPB is using a tiered approach with respect to the mandatory compliance dates, based on asset size, running from April 1, 2026, through April 1, 2030. The dates are different for depository versus non-depository institutions.
Depository institutions with $850 million or less in total assets will generally not be required to comply with the Rule until a reasonable time after exceeding $850 million in total assets. However, even these institutions would be required to comply with certain authorization requirements if looking to access information on behalf of a consumer. There are then also limits on the collection, use and retention of that data.
An executive summary is also available. Stay tuned as we break these requirements down even further!
Published
2024/10/22