Response to Docket No. CFPB-2025-0037
Introduction
The Consumer Choice Center is an independent, non-partisan consumer advocacy group championing the benefits of freedom of choice, innovation, and abundance in everyday life. We champion smart policies that are fit for growth, promote lifestyle choice, and defend technological innovation.
Herein, we will offer our comments on the CFPB’s review of Section 1033 of the Dodd-Frank Act related to portability of financial data.
Open banking as principle
The principle of open banking and data sovereignty over financial data is paramount for consumers, and one we believe to be inherent. Consumers own their accounts and financial data, and they should have portability over that information while seeking banking and finance relationships based on those criteria, whether that be at a FinTech institution, a digital asset brokerage or exchange, or a digital platform for budgeting finances.
Open banking, in our view, enables a consumer to connect their contracted financial institution to the services they wish to choose in order to expand their spectrum of choice in how they conduct their financial transactions. This naturally connotes certain financial property rights that are vital in a market economy such as the United States.
This is also an established principle in the European Union, codified through the Payment Services Directive, recognizing the ability of consumers to claim ownership over their financial transactions and information.
For the last decade, American consumers fully embraced the fairly open, competitive, and tech-friendly solutions that have allowed them to connect their financial accounts to outside providers. We would endeavor that this should continue to be encouraged, though not necessarily dictated by regulatory rules.
The question of liability
While open banking is a vital standard and principle that is already recognized throughout the financial industry, the original CFPB 1033 rule was flawed primarily because it did not narrowly define fault liability in the event of data breaches, hacks, or fraud.
Data leaks, hacks, and breaches are now an ordinary occurrence for the American consumer that routinely puts their information, data, and security at risk.
Where the 1033 rule still lacks clarity is in how liability is assigned when data moves between financial institutions and third-party providers and what happens when data leaks, hacks, and breaches occur. Consumers should not lose protections simply because they exercised their right to use another service.
The current text does not clearly define how responsibility is allocated in the event of a breach or improper disclosure — whether liability rests with the data holder, the party transmitting the data, or the receiving provider. A functioning open banking ecosystem needs portability and predictable accountability so consumers are protected without discouraging innovation.
Section 1033 and personal financial data rights representation
Regarding Question 9, the prohibition on fees is the most faithful reading of the statute. A right to data portability is not meaningful if it can be paywalled. Regarding Question 10, even nominal fees create switching friction that obstructs the choice Congress intended to enable. The no-fee rule therefore advances competition and protects consumer autonomy.
There are no special algorithms or proprietary methods that should be necessary to allow customers to query their balance history, view financial transactions, and easily make payments to the entities and people they wish to transact with.
The CFPB’s top-down mandates
Where the CFPB’s approach in the 1033 rule is most helpful is in cementing portability as a consumer right. But the implementation should support what the market has already built voluntarily rather than replacing it with a prescriptive framework.
While setting standards is helpful, the convoluted process has mostly served to give permission to certain institutions to create new opportunities for rent-seeking and cost collection when it comes to customers simply connecting their accounts to other service providers.
Recognizing existing standards on APIs, developer access, and open access was a vital policy put forward by the CFPB, but the existing rules are far too strict in those areas where guidelines would be the more helpful contribution by CFPB and other government agencies.
Much of the infrastructure envisioned by the CFPB already exists in the marketplace, created voluntarily by innovative institutions responding to consumer demand. Where the rule should improve is not by adding regulatory layers, but by ensuring that existing interoperability and permission-based access remain open and market-led. The goal should be to set a floor for consumer rights — not to dictate technical implementation in a way that unintentionally advantages incumbents or creates new chokepoints.
Simplifying these mechanisms and allowing market-led processes to determine how customers can best connect their accounts to other service providers would be the best path forward.
As such, we would recommend adjustments to the 1033 rule to recognize the principle of open banking while recognizing consumers’ inherent financial freedoms to transact with whom they want by whatever means they wish.
Thank you for your attention to this matter.
Sincerely yours,
Yaël Ossowski
Deputy Director
Consumer Choice Center
