.svg)
Amid confusion around the regulation of open banking in the US, the Consumer Financial Protection Bureau (CFPB) has issued a request for comment to clarify industry views on key points.
In a notice published on August 22, 2025, the CFPB asked for comments within 60 days on four specific areas:
- The proper understanding of who can serve as a “representative” making a request on behalf of the consumer.
- The optimal approach to the assessment of fees to defray the costs incurred by a “covered person” in responding to a customer-driven request.
- The threat and cost-benefit pictures for data security associated with Section 1033 compliance.
- The threat picture for data privacy associated with Section 1033 compliance.
The request comes as the CFPB drafts regulations to implement Section 1033 of the Consumer Financial Protection Act of 2010, amid a growing dispute between banks and fintechs over data-sharing fees.
Open letter
Last week, as covered by Vixio, the Financial Technology Association (FTA) sent a public letter, signed by more than 80 CEOs, to President Trump urging him to use the “full power” of his office to block the fees, which are set to come into effect in September.
It said: “Large banks are taking aggressive action to preserve their market position by imposing exorbitant new ‘account access’ fees that would prevent consumers from connecting their accounts to better financial products of their choice.”
In response, US banks accused the FTA of attempting to “mislead” the Trump administration on the legality of the proposed fees.
In a joint statement, the BPI, the American Bankers Association (ABA) and the Consumer Bankers Association (CBA) accused the FTA of attempting to “undermine free markets” and engage in “government pricing fixing”.
The Section 1033 rule requires covered financial institutions to provide standardised access to data such as transaction history and balances, either directly to consumers or to authorised third parties with consumer consent.
It also includes strict limits on data use and retention, capping retention at one year unless reauthorised, and permits the creation of recognised standard-setting bodies to guide data access and security practices.
The rule echoes elements of European open banking frameworks, but with a lighter regulatory touch. Compliance deadlines are staggered according to institution size.
Normally, a regulatory consultation would help clarify a complex situation. However, the role and future of the CFPB remain uncertain.
Fate of Section 1033
Section 1033’s prospects have fluctuated with the changing political landscape.
Finalised in October 2024 under the Biden administration, it was then abandoned under President Trump. In May 2025, the CFPB determined that Section 1033 is unlawful and should be set aside.
Since the start of the second Trump administration in January 2025, the agency has been led by two acting directors, Scott Bessent and Russell Vought, and there is still no indication of who its permanent leader will be.
The agency experienced a temporary shutdown in February and has been involved in a legal dispute over proposed redundancies. It has also signalled a retreat from regulating smaller businesses.
Although the latest consultation seeks to clarify the implementation of Section 1033, the agency’s internal challenges are likely to complicate effective rulemaking.
