Digital Policy Alert logo

United States of America: Implemented obligations for depository institutions with at least USD 250 billion in total assets outlined in Rule on Personal Financial Data Rights

Policy overview

Description

Implemented obligations for depository institutions with at least USD 250 billion in total assets outlined in Rule on Personal Financial Data Rights

On 1 April 2026, the final rule on personal financial data rights came into force for depository institutions with at least USD 250 billion in total assets and non-depository institutions with at least USD 10 billion in revenue. The rule mandates fi…

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
digital payment provider (incl. cryptocurrencies), other service provider
Implementation Level
national
Government Branch
executive
Government Body
consumer protection authority

Complete timeline of this policy change

Hide details
2022-10-27
in consultation

On 27 October 2022, the Consumer Financial Protection Bureau (CFPB) announced its intention to issu…

2023-01-25
processing consultation

On 25 January 2023, the Consumer Financial Protection Bureau (CFPB) closed the consultation on its …

2023-10-19
in consultation

On 19 October 2023, the Consumer Financial Protection Bureau (CFPB) opened a consultation as part o…

2023-12-29
processing consultation

On 29 December 2023, the Consumer Financial Protection Bureau (CFPB) closed its consultation as par…

2024-10-22
adopted

On 22 October 2024, the Consumer Financial Protection Bureau (CFPB) adopted the final rule on perso…

2026-04-01
in force

On 1 April 2026, the final rule on personal financial data rights came into force for depository in…

2027-04-01
in force

On 1 April 2027, the final rule on personal financial data rights came into force for depository in…

2028-04-01
in force

On 1 April 2028, the final rule on personal financial data rights came into force for depository in…

2029-04-01
in force

On 1 April 2029, the final rule on personal financial data rights came into force for depository in…

2030-04-01
in force

On 1 April 2030, the final rule on personal financial data rights came into force for depository in…