Contact: Laine Williams, (202) 897-4757, lwilliams@allonadvocacy.com
Washington, DC, January 27, 2025 – The Financial Data and Technology Association (FDATA), a trade association representing more than 30 financial technology companies and consumer-permissioned data access platforms in Canada and the United States, today submitted comments to the Office of the Comptroller of the Currency (“OCC”) in response to its Request for Information (“RFI”) on community banks’ engagement with core service providers and other essential third-party service providers.
In the letter, FDATA urged the OCC to provide supervisory clarity distinguishing consumer-permissioned financial data access under Section 1033 of the Dodd-Frank Act from traditional, bank-initiated third-party outsourcing arrangements subject to prudential third-party risk management (“TPRM”) frameworks. FDATA emphasized that data access directed by a consumer pursuant to statute is legally and operationally distinct from discretionary vendor relationships initiated by financial institutions.
“Section 1033 establishes an affirmative consumer right to access and share financial data with a representative of their choosing,” said Steve Boms, Executive Director of FDATA. “When a financial institution facilitates consumer-permissioned data access, it is responding to a consumer’s instruction and complying with a statutory obligation, not outsourcing a bank function. Applying traditional TPRM frameworks in this context creates regulatory ambiguity that can unintentionally restrict consumer choice and innovation and undermine consumer financial data rights.”
FDATA’s response explained that treating consumer-permissioned data access as a conventional third-party relationship risks inconsistent supervisory outcomes, particularly for community banks. In the absence of clear regulatory delineation, institutions may default to overly cautious interpretations of non-binding guidance, leading to degraded data access, increased compliance burdens, and reduced participation in consumer-directed financial services.
FDATA encouraged the OCC to use the RFI process as an opportunity to reaffirm clear lines of regulatory responsibility and to work closely with the Consumer Financial Protection Bureau and other regulators as consumer-permissioned financial data rights are operationalized across the market. FDATA also noted that it looks forward to continuing to engage constructively with the OCC as it considers feedback submitted in response to the RFI.
A full copy of the letter is available here.
About FDATA
FDATA is the leading trade association advocating for consumer-permissioned access to financial data. FDATA’s members enable millions of consumers and small businesses to securely access and use their financial information for payments, account aggregation, personal financial management, credit underwriting, fraud prevention, and other legitimate financial services. FDATA works with policymakers, regulators, and industry stakeholders to advance open finance frameworks that empower consumers while promoting safety, soundness, and innovation.
