Table of Contents
What is the CFPB? What is the Dodd-Frank Act and how does it relate to Section 1033? How is the CFPB putting Section 1033 into practice?What does this mean in the simplest terms?When was the final rule issued?What data is covered by Section 1033? What are the compliance dates?How can Plaid help? Editor's Note: The final 1033 rule was released on October 22, 2024. This article has been updated to reflect Plaid's current understanding of the final rule. We will continue to update this article if our ongoing evaluation changes.
Nearly 9 out of 10 people use some type of fintech app, and their reliance on those apps continues to grow. In fact, 47% of consumers use three or more fintech apps today and 13% use six or more.
As demand for data connectivity grows, financial organizations, aggregators, and industry groups are working to make it easier for consumers to safely share their financial data via open banking APIs.
In October 2023, the Consumer Financial Protection Bureau (CFPB) proposed a rule to accelerate the shift to open banking and establish stronger financial data rights. The final 1033 rule was released in October 2024 which requires banks and other data providers to allow consumers to access and share their financial data through safe, secure, and reliable developer interfaces (APIs).
This article shares insights for planning your organization’s digital finance strategy in accordance with the open banking regulation.
→ Need to get ready for open banking regulation? See our Open Banking Readiness Guide, which includes a checklist of action items to help you prepare for 1033.
What is the CFPB?
The Consumer Financial Protection Bureau (CFPB) is a federal government regulator that was founded in 2011 as part of the Dodd-Frank Act. It implements and enforces federal consumer financial laws and protects consumers in the financial marketplace by ensuring they have access to fair, transparent, and competitive markets for consumer financial products and services.
What is the Dodd-Frank Act and how does it relate to Section 1033?
The Dodd-Frank Wall Street Reform and Consumer Protection Act, also known as Dodd-Frank, was enacted in 2010 as a direct response to the financial crisis of 2007-2008. Dodd-Frank established a series of rules and agencies, including the CFPB, to promote the financial stability of the United States by improving accountability and transparency across the financial services ecosystem.
Section 1033, part of Dodd-Frank, gives consumers the right to access and share their financial data. Section 1033 requires financial services providers to make available to consumers – and representatives acting on their behalf – certain information in those providers’ control. This can include information like a consumer’s transactions or the balance in their financial account.
Plaid's Fintech Effect Survey
Navigate the latest consumer trends, create lifetime customers, and grow your business
How is the CFPB putting Section 1033 into practice?
In October 2024, the CFPB released the final rule on personal financial data rights to implement Section 1033 of the Consumer Financial Protection Act.
Section 1033 is written to do four basic things:
What does this mean in the simplest terms?
Under the rule, consumers’ power to share their financial data from their bank accounts with the apps of their choosing is reinforced and protected. Data providers subject to the rule are required to make personal financial data available at consumers' direction and at no charge through safe and reliable digital interfaces.
"With the right consumer protections in place, a shift toward open and decentralized banking can supercharge competition, improve financial products and services, and discourage junk fees," said CFPB Director Rohit Chopra.
When was the final rule issued?
The CFPB released the final rule on October 22, 2024. Visit the CFPB’s website to review the final rule.
What data is covered by Section 1033?
What are the compliance dates?
For data providers, the CFPB has issued a tiered approach ranging from April 2026 to April 2030 for compliance based on size. Institutions with less than $850 million in assets are exempt, which is a key change in the final rule vs. the draft rule.
Compliance deadlines for third parties appear to be tied to bank API deadlines–the first of which, for the largest data providers, is April 1, 2026.
How can Plaid help?
Authorized third parties can more easily meet many of the key areas of Section 1033 compliance with our solutions for authorization management, record retention, and new onboarding requirements.
For data providers, we can help them transition to API-based data connectivity. Plaid’s Open Finance solution enables data providers, including banks, credit unions, fintechs, and digital wallet providers, to meet consumers’ growing demand for data connectivity and get ahead of the regulatory deadlines to deliver the secure, seamless data access that consumers expect.
Core Exchange is a set of tools that enables a data provider to build, test, and launch their API in the most efficient way. It streamlines the process of building to the FDX-aligned API spec with clear guidelines for authentication, aggregation, and authorization management.
Permissions Manager enables data providers to build a permissions portal that empowers consumers to view and control the data they share with financial apps through Plaid. Additionally, Permissions Manager gives data providers visibility into their users’ authorizations across Plaid’s network of fintech apps and services, which can be used to answer consumers' questions or for risk management. Our APIs support the creation and synchronization of user consents across the ecosystem.
Finally, App Directory helps data providers manage app registration at scale. Access detailed information about all the apps and services that customers are using on the Plaid network from a single dashboard.
We’ll continue enhancing our Open Finance solution to align with the requirements from the final rule and to help data providers support financial access for consumers.