As of December 2025
The CFO message lands before the first coffee: why did our finance app lose bank data overnight? The app did nothing wrong. The rule changed.
US open banking was finalized under CFPB Section 1033 in October 2024, then a court enjoined enforcement a year later, and it is now back in reconsideration. That is not legal trivia. It hits treasury first, where a data-access pause breaks payment runs and reconciliation long before the legal memo reaches operations.
What actually happened
Three dates, often blurred. The CFPB finalized the Personal Financial Data Rights rule under Section 1033 on October 22, 2024. On October 29, 2025, a federal court in Kentucky issued a preliminary injunction barring the CFPB from enforcing it, pending the agency’s own revised rulemaking - the rule was enjoined, not struck down. And the CFPB had already reopened the rulemaking earlier in 2025, so the rule sits on the books, unenforceable, while the terms are rewritten.
Why it lands on you
Your data layer was built against a rule that is now moving. If third-party access pauses, the payment runs that depend on it fail, reconciliation breaks, and vendor trust erodes - all of it downstream of a legal change you did not make and cannot control.
Finalized
Oct 22 2024
CFPB finalized the Personal Financial Data Rights rule under Section 1033 (US open banking).
Enjoined
Oct 29 2025
a federal court barred enforcement pending the CFPB reconsideration - the rule was not vacated.
Status
Reconsidered
the CFPB reopened the rulemaking in 2025, so the rule stands on the books but is unenforceable for now.

The real deliverable is not the API. It is a data layer that stays reliable when the rulebook moves - and if it cannot absorb a rule change, it breaks exactly when finance needs it most.




