IPA Responds to CFPB’s Reconsideration of Personal Financial Data Rights Rule

The Innovative Payments Association (IPA) has submitted a comment letter to the Consumer Financial Protection Bureau (CFPB) in response to its Advanced Notice of Proposed Rulemaking (ANPR) on Personal Financial Data Rights under Section 1033 of the Dodd-Frank Act.

The CFPB’s ANPR, published August 22, 2025, reopens several elements of the agency’s 2024 final rule, including how to define a “representative,” how to manage costs associated with data sharing, and how to address privacy and security concerns. The IPA’s letter, filed October 10, 2025, provides feedback on each of these areas on behalf of its members, who represent the broad electronic payments industry—from prepaid products to mobile wallets and person-to-person payment technologies.

Clear Consent and Consumer Control

IPA supports the idea that consumers should control access to their financial data and that any third-party representative should obtain clear, informed consent. The letter recommends that consent be explicit and affirmative—an “opt-in,” not hidden in lengthy terms and conditions.

However, the association cautions that limiting representatives only to those with fiduciary duties could slow innovation and reduce consumer choice. IPA encourages the CFPB to maintain flexibility that allows new types of financial technology providers to participate responsibly in open banking.

Cost, Security, and Privacy Considerations

The IPA urges the CFPB to engage directly with stakeholders to develop a fair framework for sharing the costs of data access. It points to the recent Plaid–JPMorgan Chase agreement as an example of how private-sector collaboration can advance responsible data-sharing practices. The association supports allowing reasonable fees to help data providers maintain secure systems.

IPA also recommends creating a safe harbor from liability for financial institutions and data providers that comply in good faith. This would help mitigate risks related to fraud or unauthorized access to sensitive data.

Regarding privacy, the IPA notes that some federal requirements may overlap or even conflict with state laws, such as the California Consumer Privacy Act. It encourages the CFPB to provide clear guidance to help providers navigate these evolving frameworks.

Collaboration and Implementation

Finally, the IPA recommends that the CFPB engage industry representatives through joint discussions rather than litigation and allow additional time, up to two years after technical standards are finalized, for implementation of any new rule.

IPA appreciates the CFPB’s willingness to revisit these important issues and remains committed to supporting policies that foster innovation, protect consumers, and strengthen confidence in the payments system

For additional information, download the comment letter.

Download Comment Letter