FDATA calls for clear rules on FinTech data access

By Vriti Gothi

The Financial Data and Technology Association (FDATA) has asked U.S. banking regulators to make a clear distinction between consumer-permissioned data access under Section 1033 of the Dodd-Frank Act and the way banks manage traditional third-party vendors.

FDATA submitted its comments to the Office of the Comptroller of the Currency (OCC) in response to a request for information on how community banks work with their core service providers. The group warned that treating FinTech firms that receive consumer-approved data like regular bank vendors could create confusion and make it harder for consumers to access their financial information.

The organisation highlighted that community banks, which often operate with smaller teams and limited budgets, could face heavy compliance burdens if forced to apply full vendor management processes to every FinTech that handles consumer-approved data. FDATA said this could effectively let risk management rules stand in the way of consumers exercising their legal rights to share their financial data.

The comments come amid growing discussion about how banks and FinTechs interact. While banks have strong procedures to manage risks from outsourced vendors—covering security, operations, and compliance FDATA said these rules were not meant for consumer-permissioned data sharing. Applying them in this context could slow innovation and make it harder for consumers to use FinTech services for budgeting, payments, lending, and other financial tasks.

Steve Boms, Executive Director of FDATA, said, “The distinction matters for banks, regulators, and the more than 100 million Americans who rely on consumer-permissioned financial tools. Making sure vendor rules aren’t applied incorrectly protects consumer rights, keeps smaller banks operating efficiently, and allows FinTech innovation to grow.”

The OCC’s request for information is focused on understanding how community banks work with core service providers and whether current rules are effective. FDATA’s submission makes the case that consumer-directed data access should not be treated the same as outsourced vendor services. Without clear guidance, banks may face uncertainty, and consumers could encounter barriers to sharing their financial information.

The group is calling on regulators to provide clear instructions that preserve the legal rights of consumers while allowing banks to manage risk responsibly. Doing so, FDATA argues, will help community banks stay compliant without creating unnecessary hurdles and ensure that consumers continue to have easy access to the FinTech tools they rely on.

As more Americans use digital financial tools, the way regulators treat consumer data sharing could have significant effects on access, competition, and innovation in the U.S. banking sector. FDATA’s submission seeks to ensure that these rights are protected while maintaining safe and efficient banking operations.