Contact: Laine Williams, (202) 897-4757, lwilliams@allonadvocacy.com
Washington, DC, February 26, 2026 – The Financial Data and Technology Association (FDATA), a trade association representing more than 30 financial technology companies and consumer permissioned data access platforms in Canada and the United States, today submitted comments to the California Department of Financial Protection and Innovation (“DFPI”) in response to its second invitation for input on proposed registration and reporting requirements under the California Consumer Financial Protection Law (“CCFPL”).
In the submission, FDATA urged DFPI to adopt a function-based regulatory approach that clearly distinguishes consumer-permissioned data access services—operating at the express direction of consumers—from consumer reporting activities governed by the federal Fair Credit Reporting Act (“FCRA”). FDATA warned that, as currently drafted, Financial Code Section 90005(k)(9) risks sweeping in consumer-permissioned tools that enable Californians to access, monitor, and share their own financial data under Section 1033 of the Dodd-Frank Act, potentially limiting access to everyday financial services that improve financial stability.
“California has long been a leader in consumer protection and technology-driven innovation,” said Steve Boms, Executive Director of FDATA. “But regulation only works when it attaches obligations to the right activities. Consumer-permissioned data access platforms act as conduits at the direction of the consumer—they do not determine eligibility, make credit decisions, or control dispute outcomes. Treating these fundamentally different functions as interchangeable risks regulatory overreach, duplicative oversight, and reduced consumer choice.”
FDATA’s comments emphasized that consumer-permissioned data access under Section 1033 is already subject to clear federal guardrails, and that activities involving credit decisioning remain comprehensively regulated under the FCRA. The letter also cautioned that imposing state-level registration, reporting, bonding, or fee requirements on technical data-access services could deter market entry, slow innovation, and reduce the availability of consumer-beneficial tools such as payment initiation, overdraft avoidance, income verification, and cash-flow underwriting.
The association also called on DFPI to calibrate any fees or reporting obligations to California-specific, FCRA-regulated activity only, rather than applying them broadly to enterprise-wide revenue or non-credit use cases. According to FDATA, such an approach would better align regulatory accountability with actual consumer risk while preserving competition and access to affordable financial products.
FDATA concluded by reaffirming its support for strong consumer protections and its willingness to continue engaging with DFPI as the Department considers next steps.
A full copy of the letter is available here.
About FDATA
FDATA is the leading trade association advocating for consumer-permissioned access to financial data. FDATA’s members enable millions of consumers and small businesses to securely access and use their financial information for payments, account aggregation, personal financial management, credit underwriting, fraud prevention, and other legitimate financial services. FDATA works with policymakers, regulators, and industry stakeholders to advance open finance frameworks that empower consumers while promoting safety, soundness, and innovation.
