With the monetization of digital data and the increasing emphasis on consumers exercising more autonomy over their own data through the proliferation of data privacy laws, the Consumer Financial Protections Bureau (the CFPB) is implementing an array of new rules governing consumer financial data anticipated to take effect in fall 2024. This new rule is known as the Personal Financial Data Rights (the Data Rights Rule). Although the Data Rights Rule now imposes greater obligations on financial institutions and related entities, there is room for organizations to exercise the utility of AI to help them facilitate these novel changes while increasing efficiency and maintaining compliance.

CFPB Intent Behind the New Rule

The CFPB intends to pave an avenue for consumers to exert greater dominion over their financial data and to employ increased discretion when selecting certain financial products or services. The underlying premise seeks to foster a financial atmosphere that is ripe for expanded competition and for entities to further bolster the security surrounding consumer financial data. In the 2023 edition of the Data Security and Incident Response Report, the top three industries comprising 56% of cybersecurity threats were health care (24%), finance and insurance (17%), and business and professional services. While the Data Rights Rule will affect a tailored segment of organizations, the CFPB recognizes the concern for protecting consumer financial data in an increasingly technological environment; and has embedded additional obligations on subject financial institutions to comply with Section 501 of the Gramm Leach-Bliley Act.