The OpenID Foundation (OIDF) has submitted comments to the Consumer Financial Protection Bureau (CFPB) regarding the reconsideration of Rule 1033 on personal financial data rights. The OpenID Foundation brings expertise from working with open banking implementations across 12 global ecosystems. This submission represents the Foundation’s third response to this regulation, after providing comments in December 2023 and May 2024.

The OpenID Foundation's comments respond to four questions posed by the CFPB in August 2025:

1. Who can serve as a "representative" making requests on behalf of consumers
2. Fee assessment approaches for institutions responding to consumer data requests
3. Data security threats and cost-benefit considerations for Rule 1033 compliance
4. Data privacy threats associated with implementation.

The comments reflect feedback from experts in the OpenID Foundation’s FAPI Working Group and Ecosystem Support Community Group.

Read the full CFPB submission here: OIDF Response to CFPB.

Why the OpenID Foundation’s contribution matters

The OpenID Foundation develops open identity standards for security, interoperability, and privacy. It created the FAPI 2.0 Security Profile, which has been adopted as the standard for open banking implementations worldwide.

Current deployment demonstrates the standard's effectiveness:

• 3,500 certified implementations globally
• Billions of secure API calls processed
• 55 million active users in Brazil (25% of the population)
• 15 million unique users in the UK (22% of adults monthly), with 2 billion API calls per month.

Beyond open banking, the OpenID Foundation standards include OpenID Connect, used by 3+ billion users daily for login, and digital wallet specifications adopted by 38 jurisdictions.

Gail Hodges, Executive Director for the OpenID Foundation, said “The Foundation is currently working with 12 open banking and open data ecosystems, in the US and all over the world. We're sharing what we've learned to help the CFPB craft a ruling that works in practice." 

Below is a summary of the ecosystems that have selected the OIDF’s FAPI 2.0 specification for Open Banking and Open Data use cases: 

About the OpenID Foundation

The OpenID Foundation (OIDF) is a global open standards body committed to helping people assert their identity wherever they choose. Founded in 2007, we are a community of technical experts leading the creation of open identity standards that are secure, interoperable, and privacy preserving. The Foundation’s OpenID Connect standard is now used by billions of people across millions of applications. In the last five years, the Financial Grade API has become the standard of choice for Open Banking and Open Data implementations, allowing people to access and share data across entities. Today, the OpenID Foundation’s standards are the connective tissue to enable people to assert their identity and access their data at scale, the scale of the internet, enabling “networks of networks” to interoperate globally. Individuals, companies, governments and non-profits are encouraged to join or participate. Find out more at openid.net.