I'll start. Then my colleagues will likely want to weigh in.
As noted, because financial data will now be deemed sensitive information, consumer-directed financing, as it's understood, will rely on the data portability obligations that are found within later sections of the CPPA, which would have a direct one-service provider for consumers to provide their information to another service provider. However, that doesn't obviate or shift away the realities of the financial services sector that then would follow.
That new fintech player is probably more reliant than others on third party processors or other aspects, because they've made their niche in one aspect of financial innovation, which is potentially providing services, but that doesn't mean they're going to have the whole back end that would normally be accompanied by a larger financial services provider. Every single one of those disclosures will require the express consent of their client, which means that when they want to provide a seamless financial services environment for their client, they will be going back to their client on numerous occasions to reseek their consent for the continued disclosure of financial information.
I don't know if Samir and Runa want to weigh in.