The Consumer Financial Protection Bureau (CFPB) is developing a revised open banking proposal that would allow consumers to share their bank and credit card data with fintech companies at no initial cost, while permitting banks to charge those companies for access once a certain volume of data requests is reached.
The plan, which could be released as early as next month, represents a notable shift from earlier efforts to create a fully free data-sharing system.
Under the anticipated framework, individuals would retain the ability to authorize their financial institutions to provide account details, transaction histories, and related information to third-party apps and services.
This initial access would remain free for consumers. However, the proposal introduces a threshold—still to be defined—after which banks could begin imposing fees on fintech firms for additional data pulls.
Industry participants who have spoken with the agency describe this as a form of “data rationing” designed to balance consumer access with banks’ ability to manage and monetize high-volume data usage.
This approach forms part of a broader rewrite of rules stemming from Section 1033 of the 2010 Dodd-Frank Act. That provision grants consumers the right to access their own financial data.
A previous regulation finalized in late 2024 required larger banks and other covered institutions to build secure interfaces for data sharing and generally barred fees for consumer-directed transfers.
The earlier rule sought to increase competition by making it easier for people to move between financial providers or use innovative tools for budgeting, investing, and lending decisions.
Banks and industry groups had criticized the prior version over concerns about security risks, potential fraud exposure, and the costs of maintaining data systems without compensation.
They argued that unrestricted free access could strain resources and complicate efforts to verify third-party security standards.
The new proposal appears intended to address some of these objections by giving banks a pathway to recover costs from fintechs that make frequent or large-scale data requests.
For consumers, the core benefit would remain unchanged: the ability to direct data sharing without paying directly.
This could continue to support greater choice in financial products and services.
Fintech companies, however, may face new expenses once they exceed the free-access threshold.
Firms that rely on frequent data refreshes for real-time features—such as cash-flow analysis, automated savings tools, or credit decisioning—could see higher operating costs, potentially influencing pricing or service models.Banks stand to gain a revenue stream from data access while still complying with consumer access requirements.
The structure may also reduce some legal and operational friction that arose under the previous framework.
Regulators appear to be seeking a middle ground that preserves the goals of open banking—greater transparency and competition—while recognizing banks’ longstanding role as custodians of customer information.
As first reported by Bloomberg Law, details such as the precise number of free data pulls, safeguards against excessive fees, and implementation timelines remain under development.
Once released, the proposal will likely draw close scrutiny from consumer advocates, fintech trade groups, and traditional financial institutions. The outcome could shape how financial data flows between banks and technology companies for years to come, influencing both innovation in consumer-facing services and the economics of data infrastructure.