To: Russ Vought, Acting Director, Consumer Financial Protection Bureau
From: Thomas Aiello, Senior Director of Government Affairs at National Taxpayers Union
Subject: NTU comments on Docket No. CFPB-2025-0037
Date: October 21, 2025
Dear Acting Director Vought:
On behalf of National Taxpayers Union (NTU), the nation’s oldest taxpayer advocacy organization, I write to submit the following comments regarding Docket No. CFPB-2025-0037, in which the Consumer Financial Protection Bureau (CFPB) is seeking information and comments from the public related to Personal Financial Data Rights Reconsideration.
This Advance Notice of Proposed Rulemaking (ANPRM) revolves around Section 1033 of the Dodd-Frank Act, which specifically focuses on consumers’ access to their own data and is also known as the open-banking rule. The actual text of this section of Dodd-Frank is relatively straightforward and only contains a few more than 300 words, yet it has resulted in more than 15 years’ worth of rules, litigation, and uncertainty for businesses and consumers. As is the norm with Dodd-Frank, each provision has created a maze of complexities for financial institutions of all sizes to navigate—a maze which, ironically, traps the very consumers the law was intended to help.
NTU offers a few general observations of the CFPB’s approach to financial data regulations referenced in the ANPRM:
Millions of Americans now avail themselves of non-traditional banks in the “fintech” space for everything from retirement investments to personal loans. This innovation has been vital in driving America’s economic growth, upward mobility, and competitive leadership in the global economy.
Banks and credit unions invest billions of dollars in data and network security, which must somehow be financed through account fees, overdraft charges, fewer rewards for account holders, less attractive interest rates on deposits, etc.
Private sector actors should be permitted to arrive at voluntary agreements that provide access to data with fair compensation and risk protection.
A light-touch approach to regulation is the best way to support the financial services ecosystem.
Our comment is specific to the CFPB’s questions regarding the ability for banks and credit unions to charge a fee when selling bank data to a variety of stakeholders, including fintech companies. From our reading of Section 1033, there is nothing in the statute that permits the CFPB from imposing a price control on such a fee financial institutions charge third-parties, or a prohibition of a fee. We would strongly urge future rules to refrain from any cap or prohibition on fees charged to data aggregators for access to consumer information.
Numerous firms have built business models (and revenue generation) that depend on free and open access to raw consumer data that traditional financial providers have long curated. These businesses play an important role in the financial services sector, but simply to expect their input costs from data to be paid for by other entities that have invested significantly into consumer data protection is unrealistic in a complex system that demands safe movement of both money and information. According to government regulators themselves, the institutions generating and safeguarding this data bear the responsibility and cost of ensuring compliance, security, and accuracy—costs that aggregators may not currently share.
Allowing aggregators to profit from these investments without contributing to their upkeep distorts the market, discourages innovation, and undermines incentives for financial institutions to continue enhancing data infrastructure. A more balanced approach would ensure that data access fees or cost-sharing mechanisms reflect the true value of secure and responsibly-managed information. In arriving at this balanced approach, command-and-control regulations from CFPB or other entities would be unwise.
At a more fundamental level, the government should not get in the way of these financial institutions, data aggregators, and fintech companies from making fair-value deals.The CFPB’s 2024 rule in this area failed to sufficiently appreciate this free-market dynamic, and the result was a confusing edict that few, if any, industry actors could fully understand, much less implement. Private sector companies should be trusted to negotiate to determine pricing, address safety concerns, and other business details—which is the most efficient, durable way to resolve disputes.
At the same time, businesses should be allowed to arrive—without regulatory micromanagement—at a charge for their products that reflects the free-market factors of supply, demand, and added value for customers. There’s ample evidence that price controls on any commodity produce unintended but consistently detrimental effects and often exacerbate the problems they are intended to solve. Whether placed on gasoline, rental housing, interchange fees, or prescription drugs, setting prices at below-market rates leads to shortages and creates deadweight loss in our economy.
Consumers and taxpayers have seen the disastrous effects of Dodd-Frank’s price controls on debit card interchange first hand. In the aftermath of Dodd-Frank’s passage, consumers saw a reduction in free checking offerings and debit card reward offerings. Proponents of these price controls at the time also claimed they would ultimately lead to lower prices across the board, but data found the promised price drop hadn’t materialized even fifteen years later. Policymakers should avoid further interference into the financial services sector here too, because the laws of economics are applicable to data just as in other situations.
Given the complexity of the issue, regulators and industry stakeholders should work together to ensure this ANPRM is both practical and legally sound before full implementation moves forward. And there is no bigger or more important group of stakeholders than the nation’s taxpayers.