An article by Market Institute President Charles Sauer, originally published in RealClearMarkets, highlights how the Consumer Financial Protection Bureau (CFPB) has strayed far from its stated mission—using its authority under Dodd-Frank to expand its reach, distort markets, and put consumers at greater risk.
At the center of the issue is the CFPB’s implementation of Section 1033 of the Dodd-Frank Act—a provision intended to ensure consumers can access their own financial data. But under the Biden-era rule, that mandate has been transformed into something far broader and far more concerning.
“The CFPB drafted a rule enforcing Section 1033 that forced private financial institutions to turn over their customers’ data to private companies including fintechs and data aggregators… free of charge.”
Rather than empowering consumers, the rule effectively mandates that financial institutions subsidize third-party access to sensitive data—costs that won’t stay hidden for long.
“Of course, the covered persons will find a way to make their customers pay for this subsidy to fintechs, data aggregators, and other businesses.”
The risks extend beyond cost. While banks and credit unions operate under strict data security requirements, the same standards do not necessarily apply to all third parties gaining access under the rule.
“The rule allows fintechs and others to obtain consumer data without adopting adequate safeguards… making these consumers vulnerable to data theft, identity theft, and fraud.”
For now, the courts have intervened.
“The U.S. Court for the Eastern District of Kentucky has enjoined the government from enforcing the rule until the CFPB finishes drafting a replacement.”
That pause creates an opportunity to return to the law as written. Section 1033 was designed to give consumers control over their data—not to redefine companies as “consumers” or force the transfer of proprietary information.
“Fintechs and other financial service companies should be defined as covered persons—not as customers.”
Importantly, the market is already addressing data-sharing through voluntary agreements between financial institutions, fintechs, and aggregators—without the need for sweeping federal mandates.
“The market can ensure companies have the data they need without risking the security of consumers…”
The broader concern, however, is structural. Dodd-Frank did not eliminate “too big to fail”—it accelerated consolidation by placing disproportionate burdens on smaller banks while entrenching larger institutions.
Now, through Section 1033, the CFPB risks repeating that mistake—layering on new mandates that increase costs, reduce competition, and expose consumers to unnecessary risk.
Efforts to rein in the CFPB are already underway. While eliminating the agency outright may not be politically feasible, limiting its authority is both achievable and necessary.
“Restricting the agency’s regulatory authority would be the next best thing.”
Reversing the Biden-era Section 1033 rule would be a strong step in that direction—restoring the balance between access and protection, and reaffirming a simple principle:
Government mandates shouldn’t come at the expense of consumer security.
Read more in RealClearMarkets by clicking here.
