May 30, 2024
New solutions to help Plaid customers prepare for open banking regulation
Justina Chen, Vicky Margolin, & Jimmy Hang
Open banking regulation is coming to the U.S. (commonly known as the CFPB’s 1033 rule). It’s been in the works for a long time and is expected to officially arrive this fall. The rule will ensure consumers have control over data about their financial lives which is good for consumers and the financial ecosystem broadly. New obligations are expected for both data providers and authorized third parties (if you’re a Plaid customer, that’s you!).
Plaid is here to support you through this change. Today, we’re excited to share details about our open banking readiness tool kit, built to empower Plaid customers to start planning for evolving regulation more easily and confidently. We’ve been closely monitoring regulatory changes and will be releasing a suite of readiness solutions over the next few months with our first offering, Data Transparency Messaging, available for testing starting today.
Editor’s Note: The final 1033 rule was released on October 22, 2024. This blog post reflects Plaid’s understanding of the proposed rule as released in October 2023. We are currently evaluating the final 1033 rule and will continue to update this blog post to align with the final rule.
Will 1033 create new requirements for my business?
Although the rule is not yet final, the proposal sheds light on areas Plaid customers should be aware of and start planning for. Plaid likely already helps you to meet or exceed some requirements. For others, you may have to make changes to your business, possibly under swift deadlines.
For Plaid customers, there are three key requirements in the CFPB’s 1033 proposal to note:
Authorization management and data deletion: The proposed rule will govern how consumer authorization is captured, and how often. This includes providing information about the data being collected during the initial authorization, allowing consumers to revoke data access at any time (which Plaid already enables today for many consumers through Plaid Portal), and reauthorizing account connections every 12 months.
Record retention: The proposed rule would require Plaid customers to retain records that show they’ve followed the authorization management requirements. They’ll also need to retain records of consumer authorization.
Onboarding: Under the proposed rule, third parties accessing consumer data will need to provide certain company details to data providers to help verify you are a legitimate entity. This includes fields such as Legal Entity Name, Contact Information, and Website URL. Third parties will also need to provide evidence of adequate security practices.
Compliance can be complex, but Plaid can help
Understanding and complying with new or evolving regulations is no small effort. New regulatory obligations can be costly and a strain for compliance teams of all sizes. Potentially tight timelines, as suggested for portions of the 1033 rule, can add to that strain.
Plaid can help to simplify the compliance work for you with our readiness solutions that are informed by:
Over 10 years of experience building a safer, trusted, and privacy-centric open banking ecosystem.
Our commitment to consumers, helping people securely connect and share data from their financial institutions with the apps they love.
Our in-house policy, legal, and compliance teams monitor and maintain an ongoing dialogue with industry leaders, analysts, trade groups, and other financial services experts.
Our position as a network—covering thousands of apps and more than 12,000 financial institutions globally—enables and promotes consumer-friendly innovation.
Start planning for upcoming regulations with Plaid’s solutions
As a network that supports both data providers and authorized third parties (data recipients), we focus on making data access safe, fast, and secure. Offering solutions for open banking is not new to Plaid. We’ve had tools in the market for a few years that enhance ecosystem safety and transparency, including Plaid Portal, which has helped consumers view and control the connections they’ve made through Plaid. Since 2020, our Core Exchange solution has supported financial institutions to more easily migrate to API connections aligned with industry standards.
As open banking regulation nears, we are launching several solutions over the coming months to help address the key expected requirements for authorized third parties mentioned above. These solutions will be a mix of new offerings designed to help meet expected requirements, as well as enhancements to our existing privacy and security tools.
We’re excited to announce our first solution, Data Transparency Messaging (DTM) which is available starting today. In Plaid Link, DTM addresses expected requirements related to consumer authorization - read on for more details on how you can start testing DTM now!
Check out the readiness guide to stay ahead of expected requirements. We will continue to invest in and update our solutions and the guide as the regulatory landscape evolves.
Streamline authorization capture with Data Transparency Messaging
Plaid was founded on the principle that people should be in control over where and how they share their financial information, and we remain committed to furthering consumer control and privacy. Available today, Data Transparency Messaging (DTM) provides a standardized way for thousands of apps and services on the Plaid network to give an even greater level of information to consumers about how their data is being used ahead of the anticipated 1033 rule’s requirements for authorization capture, and further Plaid’s commitment to consumer privacy and control.
The proposed rule creates new limits and requirements on data use, access, and consumer permission. Plaid simplifies the compliance work for you by including data disclosures in Plaid Link and capturing the consumer’s authorization on your behalf. All data confirming authorization will be readily available to Plaid customers, consumers, and data providers.
In Plaid Link, consumers can view the types of data requested by your business and understand what the data will be used for. Giving consumers more information about their data sharing can help them to make more informed decisions for their financial lives.
The data disclosures will appear either on the Account Select or pre-OAuth panes. DTM has undergone testing over the last two years so you can still expect a seamless experience for your users to securely connect their accounts.
Data Transparency Messaging during authorization capture in Plaid Link
We encourage you to begin testing DTM now given the expected compliance deadlines later this year. To get started, check your API integration to ensure you’re using a client library version that supports additional consented products. Next, determine which products and additional consented products to request data for. When you initialize Plaid Link with those products, Plaid will then automatically show the data types for those products to the user for authorization.
Finally, use the Plaid Dashboard and navigate to Link Customization. Under Data Transparency:
Review the use case that Plaid has selected on your behalf.
Turn on the toggle to show DTM for your Plaid Link Customization.
See our API docs to learn more about getting started with DTM.
Future-proofing for a regulated open banking world
As the final 1033 rule nears, Plaid will continue to update these tools to help our customers meet their new compliance obligations. While the final rule is not expected until later this year, you can start preparing now by downloading our Customer Section 1033 Readiness Guide below.
Questions about how your business can prepare for open banking compliance? We want to hear from you. Reach out to your Plaid account manager or contact us.