Client Alert: CFPB Officially Reopens Section 1033 “Open Banking” Rulemaking

On August 22, 2025, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) published an Advance Notice of Proposed Rulemaking (“ANPRM”) on the Federal Register, initiating a fresh comment period to revamp its open banking final rule before the rule takes effect in 2026.

The Bureau’s decision to revisit Section 1033 at this moment reflects a recalibration under the current administration. In the ANPRM, the CFPB stated it would replace the Biden-era final rule with a new version “more suited to market realities.” The CFPB posed broad questions indicating it could revisit several elements of the final rule:

1. Scope of Who Can Request on Behalf of the Consumer: Whether the term “representative” should be limited to fiduciaries (like agents and trustees) or also include third-party service providers authorized by consumers to access their financial data, and what the implications of each interpretation would be.

2. Defrayment Costs: Whether the current final rule’s prohibition on fees for consumer data access under Section 1033 should be maintained or modified, and if modified, how costs should be allocated between consumers and financial institutions—including what cost levels are reasonable, whether caps should apply, and whether all consumers should share in those costs.

3. Information Security: Whether the open banking rule provides sufficient information security protections for consumer financial data, what the costs and benefits of current safeguards are, and whether changes—such as stronger standards, reduced reliance on screen scraping, or new obligations—are needed to better protect data in storage, transmission, and authorization.

4. Consumer Privacy: Whether the open banking rule adequately protects consumer privacy, particularly regarding the licensure or sale of sensitive financial data and what modifications may be needed to limit any misuse.

5. Implementation Timeline: Whether the phased compliance deadlines (April 2026–2030) should be adjusted to reflect the cost and complexity of building compliant infrastructure.

The CFPB finalized its open banking rule in late 2024 as the implementing regulation of Section 1033 of the Dodd-Frank Act (2010). Section 1033 directs the CFPB to issue regulations granting consumers the right to access and share their financial data.

The open banking rule generally requires certain financial institutions to provide data about transactions, costs, charges, and usage to consumers upon request. The rule also contains  provisions establishing authorization procedures and obligations for third parties seeking to access covered data from data providers.  

Compliance dates for the 2024 open banking rule begin April 2026. The CFPB indicated it  would decline enforcement of the rule while a new rulemaking process is underway. Institutions can consider the following in the interim:

• Evaluate Whether to Submit Comment Letters: Companies have until October 21, 2025, to submit comment letters to the ANPRM for consideration by the CFPB.

• Review Compliance Policies and Protocols: Section 1033 provides statutory rights to consumers and obligations on providers which would remain in effect irrespective of how the CFPB decides to revamp its implementing rule. Companies should assess whether to elect to continue with planned operational changes to make an informed decision on whether to continue forward in light of the ANPRM.

For questions please do not hesitate to contact Chris Napier and Shelby Schwartz.

Download a PDF of this article here.

About The Authors

SIGN UP FOR UPDATES

Never miss our news, insights or events.

FEATURED NEWS