Introduction
Nearly 9 out of 10 people use some type of fintech app, and their reliance on those apps continues to grow. In fact, 47% of consumers use three or more fintech apps today and 13% use six or more.
As demand for data connectivity grows, financial organizations, aggregators, and industry groups are working to make it easier for consumers to safely share their financial data via open banking APIs.
In October 2023, the Consumer Financial Protection Bureau (CFPB) proposed a rule to accelerate the shift to open banking and establish stronger financial data rights. The proposed rule, which would be the first to implement Section 1033 of the Consumer Financial Protection Act, would require banks and other data providers to help consumers access and share their financial data through safe, secure, and reliable developer interfaces (APIs).
This article shares insights for planning your organization’s digital finance strategy as the CFPB works to finalize its 1033 rulemaking.
What is the CFPB?
The Consumer Financial Protection Bureau (CFPB) is a federal government regulator that was founded in 2011 as part of the Dodd-Frank Act. It implements and enforces federal consumer financial laws and protects consumers in the financial marketplace by ensuring they have access to fair, transparent, and competitive markets for consumer financial products and services.
What is the Dodd-Frank Act and how does it relate to Section 1033?
The Dodd-Frank Wall Street Reform and Consumer Protection Act, also known as Dodd-Frank, was enacted in 2010 as a direct response to the financial crisis of 2007-2008. Dodd-Frank established a series of rules and agencies, including the CFPB, to promote the financial stability of the United States by improving accountability and transparency across the financial services ecosystem.
Section 1033, part of Dodd-Frank, gives consumers the right to access and share their financial data. Section 1033 requires financial services providers to make available to consumers – and representatives acting on their behalf – certain information in those providers’ control. This can include information like a consumer’s transactions or the balance in their financial account.
Plaid's 2023 Fintech Effect Survey
Navigate the latest consumer trends, create lifetime customers, and grow your business
How is the CFPB gearing up to put Section 1033 into practice?
On October 19th, 2023 the CFPB announced a proposed rulemaking on personal financial data rights to implement Section 1033 of the CFPA.
What does this mean in the simplest terms?
Under the proposed rule, consumers’ power to share their financial data from their banks with the apps of their choosing would be reinforced and protected. Data providers subject to the rule would be required to make personal financial data available at consumers' direction and at no charge through safe and reliable digital interfaces.
"With the right consumer protections in place, a shift toward open and decentralized banking can supercharge competition, improve financial products and services, and discourage junk fees," said CFPB Director Rohit Chopra.
When is the rule likely to be released?
The CFPB is expected to release the final rule sometime in the fall of 2024. It accepted public comments on the proposed rule from a wide range of stakeholders until December 29, 2023. It’s reviewing and considering comments before finalizing the rule and releasing it to the public.
What data is covered by Section 1033?
What are the compliance dates?
The CFPB has proposed a tiered approach ranging from 6 months to 4 years for compliance based on assets or revenue. The details may change before the rule is finalized and released to the public.
How can Plaid help?
Plaid helps data providers make the transition to API-based data connectivity. Plaid’s Open Finance Suite enables data providers, including banks, credit unions, fintechs, and wallet providers, to meet consumers’ growing demand for data connectivity and get ahead of the proposed regulatory deadlines to deliver the secure, seamless data access consumers expect.
Core Exchange is a set of tools that enables a data partner to build, test, and launch their API in the most efficient way. It streamlines the process of building to the FDX-aligned API spec with clear guidelines for authentication, aggregation, and authorization management.
In addition, Plaid continues to develop new data connectivity tools to meet the evolving demands of our stakeholders. Permissions Manager enables data partners to build a permissions portal that empowers consumers to view and control the data they share with financial apps through Plaid. Additional tools provide data partners visibility into the app connections their users are making across Plaid’s network of 8,000 fintech apps and services, e.g., to answer consumers' questions or for risk management.
We’ll be closely following the CFPB’s efforts to solidify the 1033 rulemaking as we help our partners support financial access for consumers and continued innovation.