SHARE

July 31, 2024

Navigating Section 1033 & open banking: A new solution for data providers

Allison Milton & Tara Jotwani

Allison Milton and Tara Jotwani

Allison and Tara are part of Plaid's Open Finance team. They are delivering solutions that help data partners not only prepare for regulatory standards but also meet consumers’ expectations around digital experiences and data connectivity.


The U.S. open banking rule, known as Section 1033, is expected to be released later this year. It will promote strong security and privacy standards throughout the financial ecosystem and protect consumer rights by giving people more control over where and how their financial data is shared. For data providers and recipients, open banking regulation will spur the development of new technology and standards that will serve consumers’ changing needs as hundreds of millions of people continue to manage their financial lives via digital apps and services. 

Plaid is committed to helping all data providers and recipients prepare for new compliance obligations and a future of open finance. Our open finance solution, which includes Core Exchange and our newly released Permissions Manager and App Directory, is designed to meet the industry's need for API connectivity and more visibility into consumer connections while simplifying compliance for data providers. Read on to learn how you can start planning for the upcoming regulation in a way that meets consumers’ expectations around digital experiences and data connectivity.

Editor’s Note: The final 1033 rule was released on October 22, 2024. This blog post reflects Plaid’s understanding of the proposed rule as released in October 2023. We are currently evaluating the final 1033 rule and will continue to update this blog post to align with the final rule.

Transition to API connectivity in weeks, not months

As the rulemaking proposes, data providers must make covered data available at consumers' direction through a safe and reliable developer interface (i.e., APIs). We released Core Exchange in 2022, which has helped hundreds of organizations of all sizes build APIs, regardless of their tech resources.

Core Exchange is an easier way to build an API to Financial Data Exchange (FDX) standards—which is expected to be an accepted open banking standard in the final 1033 rule. We reduce the technical complexity for data providers by providing a simple implementation guide to follow. The guide helps you build, test, and manage a seamless API integration in a few weeks with developer-friendly tools, all from a single dashboard—and with support from Plaid’s FDX experts. Since the API is interoperable, it will be compatible across the digital finance ecosystem, enabling consumers to securely link their accounts to thousands of apps and services in the Plaid network and everywhere else. 

As more consumers choose to manage their financial lives online, secure connectivity has become an expectation and strategic imperative. According to the Harris Poll’s Fintech Effect report, 80% of Americans say it’s important to be able to connect their bank account to the digital financial apps and services they choose. For data providers, open banking capabilities can help drive primary account usage, resulting in higher customer engagement and life value. 

"Core Exchange is the best solution out there. Its easy-to-use APIs allowed us to plug in, start testing, and deliver meaningful solutions to our customers in no time at all. The integration could not have been any easier."

- Nick Craven, SVP Commercial & Consumer Banking, TAB Bank

View and manage consumers’ connections in one place

Under the proposed 1033 rulemaking, when a consumer authorizes sharing covered data with a third party, the data provider generally must make the data available, retain authorization records, and can optionally provide consumers with a way to revoke authorization.

With Plaid Link, a consumer’s authorization to share their data is obtained and captured on behalf of third parties (data recipients) and will meet the requirements outlined in the proposed rule. Data providers can feel confident that Plaid Link captures authorization in a compliant way. They can then easily access and track authorization records with our Permissions Manager product, which helps meet anticipated 1033 compliance obligations and improve data providers’ ability to monitor connections in an increasingly digital world. 

Permissions Manager gives data providers complete visibility into their customers' connections across the Plaid network through a convenient no-code dashboard. It provides customer-level insights into connected apps, shared accounts, and other key actions. These insights can streamline technical support processes and offer a better customer service experience. Additionally, data providers can receive real-time alerts (via webhooks) for new authorizations and revocations that have occurred on Plaid Portal or Plaid-powered apps.

All authorization records in the dashboard are also available through the Permissions Manager APIs, which can integrate into a data provider's system as a single source of truth for Plaid-enabled connections in the ecosystem. Data providers can also use the APIs to create their own consumer consent portal and empower consumers to view and manage their connections, which can increase engagement while reinforcing transparency and trust. When consumer permissions and authorizations change, whether in a Plaid-powered app or via Plaid Portal, the Permissions Manager APIs automatically update to keep connections we enable across the ecosystem in sync, as required in the rulemaking.

“Permissions Manager helps MSU Federal Credit Union to have a holistic view of our members’ connections via Plaid. This gives our technical support team visibility to the same information our members are able to view with Plaid Portal. Having a tool that confirms the status of account connections helps to rule out errors and streamlines how we provide solutions.”

- Chelsea Potter, AVP of Digital Design & Support, MSU Federal Credit Union

Manage third-party onboarding at scale

To get secure data access, third parties such as digital finance apps must make company details available and give data providers evidence of adequate data security. With thousands of third parties across the ecosystem, it can be challenging for data providers to engage with all of them to get the necessary information under the rule.

That’s where Plaid comes in: App Directory gives data providers insights about the thousands of apps on Plaid’s network that their customers have connected to, including categories and number of connections. It complements internal processes by providing visibility for risk, compliance, and customer support teams; it is available via a no-code dashboard or an API integration.

App Directory matches FDX standards, so we’ll continue to enhance it with more app-level information. For each app, this includes its legal entity name, website URL, and contact information, which is an expected requirement in the final 1033 rule. By using App Directory, data providers can have peace of mind knowing that they only share consumer data with apps that have gone through Plaid’s onboarding process—which aligns with industry standards and will reflect anticipated 1033 requirements. Additionally, Plaid monitors our network continuously to ensure we champion safety and security for consumers and ecosystem stakeholders. 

"App Directory gives Lili visibility into all the apps our customers are connecting to on the Plaid network. We use the app-level insights in the dashboard to equip our teams with better data to manage risk and compliance."

- Liran Zelkha, Co-founder, Lili

Get ready for tomorrow’s open banking regulation—today

Plaid is helping to drive best practices that move the industry towards API connectivity and open finance. We’ve already helped thousands of financial institutions and fintechs align their roadmaps and implement solutions for a seamless transition to APIs. We see an open finance future where consumers can more freely and securely share their data across the digital finance ecosystem and control how they use it. 

Navigating and planning for upcoming regulation can be complex, but Plaid can help, no matter where you are in your open finance journey. Plaid has dedicated policy, product, compliance, and engineering teams ready to partner with data providers to stay ahead of regulation and enhance our solution for their needs. We want to enable a seamless transition to a post-1033 world, and data providers can expect easy-to-adopt products built with the industry and FDX standards in mind.

Stay tuned for updates throughout the year, including before and after the final rule is issued. Together, we can continue delivering better and safer financial experiences for consumers.

Lastly, many data providers will also qualify as authorized third parties under Section 1033. For that, we have a different solution that may apply to you.