The Consumer Finance Protection Bureau has filed a motion for summary judgment asking a Kentucky federal court to strike down its Biden-era Open Banking Rule, amid litigation challenging its legality. The Open Banking Rule would have created rights for consumers to efficiently access and transmit banking account information to third parties, and establish guardrails to prevent data misuse.
The Kentucky Bankers Association and Bank Policy Institute (BPI) brought suit in Kentucky federal court shortly after the rule’s publication last October, arguing that it made customers’ data less safe, and that it was arbitrary, capricious, and exceeded the CFPB’s statutory authority.
By asking a judge to set the rule aside, the CFPB circumvented the formal notice-and-comment withdrawal process mandated by the Administrative Procedure Act.
According to a report by Bloomberg, sources said that the agency will now seek to rewrite the rule with a mind toward limiting banks’ data breach liability and expanding the rule beyond deposit and credit card accounts.
But that article also notes the request to vacate the rule could be complicated by an intervention by the Financial Technology Association, a fintech trade group that would benefit from streamlined data sharing rules.
“CFPB has taken the appropriate step of acknowledging Section 1033’s clear legal deficiencies, and we urge the big tech companies to do the same, rather than protracting a legal dispute that endangers consumer financial data,” the Kentucky Bankers Association and the BPI said in a joint statement. “Banks have already made it possible for hundreds of millions of Americans to safely access and share their data – the current rule undermines and disrupts that ecosystem to the benefit of tech companies looking to profit even further from consumers’ data.”
Account data
The Open Banking Rule, which was unveiled in October of last year as part of the agency’s final spurt of rulemaking under the tenure of Biden-era director Rohit Chopra, expanded financial rights granted under Section 1033 of the Dodd-Frank Act. It would have allowed access between financial services providers of “transaction information, account balance information, information needed to initiate payments, upcoming bill information, and basic account verification information.”
The primary goal of the rule was to allow customers to easily switch depository financial services institutions while retaining account data like transaction, balance and billing information. But it also created a means to efficiently share account data with third-party nonbank payment accounts such as Venmo or Paypal, and Cash App.
To achieve that goal, the rule required that banks and other depository institutions provide free access to personal financial data in a standardized electronic format. The rule also placed responsible use obligations on authorized third-party account data accessors and aggregators.
The rule did not mandate specific technologies for data transfers but instead implemented a process for standard-setting organizations to apply for official CFPB recognition. Compliance dates were scheduled in staggered installments between April 1, 2026, for the largest financial services institutions to April 1, 2030, for the smallest.
Before Trump’s inauguration and subsequent cuts to the CFPB, there was speculation that the rule might survive in substantially similar form, with changes made to ban “screen scraping,” implement relief on compliance deadlines, and permit data access fees to offset compliance costs.
The Open Banking Rule previously enjoyed bipartisan Congressional support, including from members of the House financial services committee French Hill (R-Ark) and Patrick McHenry (R-NC).
