CFPB could shift focus of new open banking, small business lending data rules

September 2, 2025

The regulatory landscape is evolving, bringing significant changes to the CFPB under the Trump administration. In a recent webinar, America’s Credit Unions Director of Innovation and Technology, Andrew Morris addressed recent steps to undo previous rulemakings, regulations, and other actions, and how it will affect credit unions and other financial institutions.  

The CFPB rescinded the open banking proposed rule from the last administration and issued an advance notice of proposed rulemaking (ANPR) on what a new rule should look like. Morris notes that the ANPR resembles a request for information and questions the underlying foundation of the open banking rule.

“Fundamentally, the ability of a third party to act as a representative is a core tenet of the current regulation. To the extent that’s reconsidered, you could have a pretty radical shift in the direction of the rule,” he said, adding that the ability to issue a “600-page rule that goes line by line to fine-tune things may be a lot more limited with this CFPB than a past CFPB.” 

The bureau’s small business lending data collection rule will also likely see revisions in the future, Morris said, due to legal challenges and the CFPB’s new approach.

He also noted that many states may take consumer protection actions that go above the level of what the CFPB would require.

“We see more enforcement actions, more rulemaking activities coming out of the states and I think it highlights now that if you are a credit union that operates in multiple states you need to be on guard against the possibility that there will be a state standard that sits above the floor of the federal standard,” he said. “This could be in areas like data privacy, the Gramm-Leach-Bliley Act sets a floor for financial institutions, but states can build above that, California has.

“Being in position to comply with state laws is important to make sure you’re meeting supervisory expectations, but it also leads us as an association to want to advocate for a strong federal standard so the compliance burdens of having ou to adapt operations to meet the idiosyncratic requirements of all 50 states if it comes to that don’t weigh down the business.”

America’s Credit Unions wrote to the House Financial Services Committee last week noting that any federal data privacy and security standard should use Gramm-Leach-Bliley as a model for a future standard.