ALBANY, N.Y.–With former proposals around open banking now stalled at the CFPB, New York lawmakers are moving to establish a first-in-the-nation state framework governing consumer financial data access.
Companion bills introduced in the New York State Assembly and Senate would create a comprehensive “open banking”-style regime requiring financial institutions to share consumer-permissioned data while restricting fees and imposing penalties for violations.
Key Provisions
The proposed New York Financial Data Rights Act would grant consumers, small businesses and authorized representatives the right to access and transfer financial data in a secure, machine-readable format, according to an analysis by the lawfirm Davis Wright Tremaine.
Covered data would include transaction histories, account balances, payment initiation details, product terms, upcoming bill information and identity verification data, while exempting certain confidential or fraud-prevention information.
Financial institutions would be required to maintain developer interfaces, such as application programming interfaces, to enable secure data sharing and would be prohibited from unreasonably denying access, the firm said.
The legislation would also prohibit fees for accessing or transferring data and for maintaining the required interfaces—going beyond the CFPB’s prior rulemaking proposals, Davis Wright Tremaine said.
In addition, the bills would impose civil penalties of up to $10,000 per violation and establish requirements for third-party “authorized representatives,” including obtaining consumer consent and maintaining data security programs.
Broader Impact
According to Davis Wright Tremaine, the proposal mirrors core elements of Section 1033, including consumer control over financial data and third-party access rights, but expands coverage to include small businesses.
The firm said the legislation could serve as a model for other states and potentially influence future federal regulation of consumer-permissioned data sharing.
At the same time, the analysis noted potential legal and regulatory questions, including how state-level rules would interact with any eventual federal framework and whether federal preemption challenges could arise.
“Even in the absence of a federal rule, regulatory expectations around consumer-permissioned data sharing are continuing to evolve,” Davis Wright Tremaine said in its analysis.
