Navigating Section 1033: Open Banking & Financial Data Providers

Introduction

As the open banking landscape continues to evolve, the need for increased financial rights, privacy and security in the U.S. has become more apparent. With the ongoing momentum, the Consumer Financial Protection Bureau’s (CFPB) 1033 Rule brings significant shifts for financial institutions and consumers alike. In this post, we’ll unpack Section 1033 and explore its impact on data providers.

What is Section 1033?

At its core, Section 1033 "requires banks, credit unions, and other financial service providers to make consumers’ data available upon request to consumers and authorized third parties in a secure and reliable manner."

Let’s dive a little deeper. 

Section 1033, finalized and released on October 22nd, 2024, is the most recent and significant addition to the Dodd-Frank Wall Street Reform and Consumer Protection Act, which aims to continue increasing financial stability and freedom in the United States. Under Section 1033, the CFPB mandates that financial institutions allow customers to access their financial information. The rule is intended to empower consumers to securely share their data with third-party providers, enhancing competition and innovation in the financial services market.

According to the press release on the CFPB website, Section 1033 aims to accomplish 4 key goals: 

1. Address the restrictions that consumers have felt due to being tied to specific financial providers. The increased access and shareability of financial data will allow consumers to easily find better alternatives, products and rates
2. Accelerate safe, secure and responsible open banking in the U.S. which in turn will boost competition within the financial landscape and encourage providers to build improved and personalized financial products that address consumer needs
3. Address privacy concerns by establishing protocols that allow financial institutions to utilize personal financial data solely for the purposes requested by the consumer. Third-party providers cannot collect, use, or retain data for unrelated business reasons
4. Phasing out 'screen scraping,' as the CFPB deems it neither a safe nor a long-term solution for financial data sharing

Now that we understand the core expectations of the Section 1033 Rule, let’s look into how this new regulation will impact data providers.

Data Providers and Section 1033

What is a data provider according to Section 1033?

Before we dive into the impact of this rule on data providers, let’s define a data provider. According to Section 1033, a data provider is defined as any entity:

1. That holds demand deposit (checking), savings or other consumer asset accounts that are primarily established for personal, family or household purposes (Regulation E accounts)
2. That issue credit cards, plates or other single credit devices that may be used from time to time to obtain credit - including hybrid-prepaid credit cards (Regulation Z accounts)
3. That facilitates payments from a Regulation E or Regulation Z account

Section 1033 excludes depository institutions without a consumer interface and those with $850 million or less in deposits.

Key obligations for Data Providers

Data providers need to meet certain obligations at a customer’s request to comply with the new requirements outlined in Section 1033. Below is a quick overview of the key obligations:

1. Data providers need to have a consumer and developer interface. The developer interface must support authorized third parties and data aggregators in securely providing requested financial data. The consumer interface is established to allow financial data access to the end consumer. A key point to note here (referring back to the intent to move away from “screen scraping”) is that data providers cannot provide access to the developer interface through credential sharing.
2. A data provider needs to grant access to covered data in an electronic format through the developer interface. Data providers also cannot impose a fee for providing access to this data.
3. A data provider needs to provide publicly accessible data policies and procedures, including how covered data is made available, as well as the performance metrics of the developer interface.

How Does the 1033 Rule affect Data Providers?

1. Data Management and Security Requirements: Data providers will need to ensure their data-sharing practices align with the latest security standards. As consumers share their data with third parties, the risk of data breaches rises, making robust security a top priority.
2. Technology and Compliance Investments: Adapting to the 1033 Rule involves investments in technology that can securely handle data sharing, including APIs and data aggregation tools. Compliance costs may rise as data providers adapt to new standards and navigate complex data governance.
3. Competitive Pressures and Partnerships: As third-party providers gain access to customer data, banks face increased competition. However, the rule also offers banks an opportunity to establish partnerships with fintech firms to drive innovation and enhance customer experience.
4. Customer Empowerment and Transparency: With greater access to their financial information, customers will likely expect more from their financial services provider. Financial institutions can use this opportunity to build trust and demonstrate transparency in their data-handling practices, turning compliance into a strategic advantage.

Conclusion

The 1033 Rule is more than a regulatory hurdle; it represents a transformative opportunity for financial service providers to strengthen customer relationships, drive innovation, and gain a competitive edge in the evolving financial services landscape. By partnering with Flinks, providers can achieve compliance and unlock new avenues for growth in a secure, efficient, and customer-focused way.

As the CFPB’s open banking vision continues to take shape, Flinks remains committed to helping financial service providers meet the demands of this new era while staying agile, compliant, and competitive. Let us help you navigate this change—because, at Flinks, we believe the future of banking is open.