Principle 6:

Consumer Agency and Control

AI financial products must support meaningful consumer agency, ensuring users can understand, question, and influence decisions that affect them. This includes the right to understand, oversee, and override actions taken autonomously on their behalf by AI systems.

Right to Access, Control, and Delete Data

  • Users retain meaningful control over how their data is used, with opt-in and opt-out choices for non-essential data uses that do not compromise core functionality or service quality.
    • The product sets the most restrictive privacy-protective options as the default and prompts users to opt in to individual features rather than assuming consent.
    • The product offers users granular settings options that address individual features separately.
    • The product allows user controls to adjust fraud detection sensitivity and notification preferences.
    • The product seeks explicit, informed consent from users to share data with new recipients or use data for new categories of use cases.
    • Settings that implicate the user’s data are clearly labeled and easy to access.
    • The product offers simple mechanisms to withdraw consent for, or decline, data collections that are not essential for service delivery.
    • Product controls must be clear, accessible, and effective in practice, rather than relying on complex settings, defaults, or disclosures that obscure user choice.
  • Users can download, delete, and manage their data.
    • The product allows users to download their personal data.
    • The product allows users to delete their account.
    • The product allows users to delete data that the entity offering the product is not required to retain, and does not require users to delete or close their account in order to delete any information not required to maintain the account.
  • The product complies with or exceeds applicable federal and state privacy laws governing financial data, and users can exercise their statutory data rights effectively.
    • Financial data collected through the product receives enhanced protection, including privacy notices that are compliant with existing federal, state and local regulations, opt-out rights for sharing with nonaffiliated third parties, and documented safeguards for nonpublic personal information.
    • Users can exercise their rights under applicable state privacy laws, including rights of access, deletion, correction.
    • The entity that offers the product responds to requests within applicable statutory timelines.

Consumer Safeguards

  • Consumers in financial distress receive appropriate care and support.15
    • The product is able to accurately recognize signals of financial distress or vulnerability during interactions.
    • When a user expresses financial distress, the product offers appropriate assistance resources, including connecting the user to a live representative.
    • The product does not upsell products or apply sales pressure when the user shows signs of financial distress or vulnerability.
    • Default product ordering and placement reflect and prioritize user-stated preferences.
  • Where the product facilitates end-to-end transactions, the transition from advice to transaction execution is clearly disclosed, and AI systems must not initiate execution without explicit, informed user confirmation.
    • Users are explicitly notified when the interaction shifts from information-gathering or recommendation to initiating a purchase or financial transaction.
    • Post-transaction cancellation and return rights are proactively disclosed.
    • Where applicable, cooling off periods are communicated to users and the product reminds users of their right to rescind or cancel.
  • Users are not subject to inherently unfair terms and conditions.
    • Contractual terms and conditions do not include mandatory arbitration clauses.
    • Contractual terms and conditions do not allow the entity that offers the product to make unilateral changes to the contract.

Accessibility

  • Barriers to access and use of the product are reduced to the extent possible, such that a broad range of users can access and use the product with minimal friction, regardless of their background, ability, or technical familiarity.
    • The product’s interfaces are designed to be and tested to ensure they are accessible and intuitive.
    • Users can access the product’s core features across platforms.
    • Mobile apps and websites incorporate barrier-free design to facilitate access to all users.
  • Users with disabilities can fully access and use the product’s interfaces, with accessibility features meeting or exceeding applicable regulatory requirements.
    • Full functionality is accessible via screen readers, keyboard navigation, and assistive technologies.
    • The product is regularly evaluated for compliance with applicable frameworks and standards, such as Web Content Accessibility Guidelines (WCAG) 2.1 Level AA standards.
    • The product accommodates diverse communication needs, including options for simplified responses, plain language, and adjustable response complexity.
    • The product adapts to user-stated accessibility preferences.
  • AI products and services are designed to break down barriers experienced by communities traditionally excluded from the mainstream financial system.
    • The entity that offers the product engages with traditionally excluded communities to understand their wants and needs and modifies the product’s design and services accordingly.
    • Documentation and customer interfaces are available and accessible in multiple languages for users.
    • Non-English interfaces and outputs meet a standard of quality adequate for financial decision-making.
    • Non-English interfaces do not contain significant grammatical errors, culturally inappropriate terminology, or phrasing that would impede comprehension or mislead a native speaker.
    • Multiple options for identification and verification of identity are supported.
  • The product does not require sophisticated prompts to deliver useful responses and can be used by people unfamiliar with AI products.
    • The product is able to respond to prompts that use natural language or incomplete queries without significantly affecting the quality of its output.
    • The product guides users when a more sophisticated prompt is required and does not deflect in its responses.

Quality of User Experience

  • The product includes intuitive, user-friendly features that allow users to complete tasks quickly and effectively.
    • The product’s design and function are aligned with user goals and prioritize solutions that favor the user over the entity’s commercial interests.
    • The product provides solutions that adequately meet the user’s financial service needs, enabling them to complete desired tasks quickly, efficiently, and to the user’s satisfaction.
    • The product is easy for users to access and navigate, with straightforward, recognizable, and clearly labeled elements.
    • The product enables new users to carry out basic tasks without extensive help or tutorials.
    • The product is able to parse and respond to complex, multipronged prompts, addressing each discrete task or request.
  • The product contains clear help and assistance documentation and responds constructively when user errors occur.
    • The product contains clear help and assistance documentation, including contextual guidance, tool tips, FAQs, and tutorials to help reduce the incidence of user error.
    • The product provides clear feedback when a user error occurs, including contextual guidance on where the error occurred and actionable steps to correct it.
    • The product allows users to undo actions, correct invalid inputs, or find a path to resolution despite an error.
    • The product is able to identify when the resolution to a task or prompt is outside the scope of its capabilities, and does not deflect inquiries without offering an alternative resolution path.

Quality of Redress Mechanisms

  • Consumers can easily register complaints and obtain a resolution through accessible, straightforward, and easy to navigate pathways.
    • The entity that offers the product provides multiple straightforward ways for consumers to submit complaints about the product.
    • The product provides users immediate recourse for fraudulent or unwanted transactions and has fast, easy, and accessible dispute resolution mechanisms for AI-initiated transactions contested by the user.
    • The entity follows up with consumers regarding their complaint in a timely manner.
    • User complaints are resolved to the consumer’s satisfaction as measured by objective consumer satisfaction metrics.
  • Users have accessible, effective mechanisms to report AI-related harms and receive meaningful remediation.
    • A dedicated complaint channel exists for AI-related issues with fast, clearly defined resolution timelines.
    • Complaint data is tracked and analyzed for systemic issues, and findings feed back into product improvement.
    • Users harmed by AI-driven decisions receive meaningful remediation, including financial recovery for monetary losses caused by AI errors, correction of affected records, and prevention of recurrence.

Control over Autonomous and Agentic Actions16

Consumers retain control when an AI system acts autonomously on their behalf — they authorize the scope of what it may do, can see and intervene in the actions it takes, and retain human oversight and recourse for high-stakes decisions.

  • Authorization for autonomous action is granted explicitly, for defined scopes and durations, and cannot be implied from general product use or prior interaction history.
    • Each time the product takes any autonomous action, the consumer is clearly informed at minimum of: the categories of action the product may take; the circumstances that would trigger each action; the limits on value, frequency, and reversibility of autonomous actions; and the mechanism by which authorization may be revoked.
    • Ongoing or open-ended authorizations expire by default after a defined period and require affirmative renewal.
    • The scope of autonomous authorization may not be expanded by the product unilaterally, including through inference from user behavior or expressed preferences.
  • Consumers retain real-time visibility into and control over autonomous actions.
    • The product provides consumers with an accessible, near-real-time log of all autonomous actions taken, including the triggering condition, action taken, amount or value involved, and outcome.
    • Consumers can pause or otherwise discontinue all autonomous activity without closing their account or losing access to core services.
    • Consumers can contest or reverse autonomous actions through an accessible dispute mechanism with defined resolution timelines.
  • Human oversight is available for autonomous actions above defined thresholds of value, irreversibility, or complexity.
    • A human review mechanism is available before or immediately after the execution of autonomous actions that exceed defined risk thresholds, including but not limited to transactions above defined dollar amounts, permanent account changes, and actions with third-party financial consequences.
    • The product does not process high-value or irreversible autonomous actions during periods of known system instability, security incidents, or detected anomalous behavior.
Back to all principles Read next Principle
Back to Paragraph
15

For prohibitions on psychological manipulation and deceptive design, see Principle 4: Honesty and Non-Manipulation
16

Each principle in this standard applies equally to autonomous or agentic systems. This subprinciple captures additional protections of consumer control in agentic contexts