Blog

Back to Blog

Understanding CFPB Section 1033 — Establishing Consumer Financial Data Rights in the United States

October 22, 2024|0 min read

Copied

In this post, we will cover:

What is the Dodd-Frank Act Section 1033?
What is the Consumer Financial Protection Bureau (CFPB)?
Why is Section 1033 Important?
What Data is Covered by Section 1033?
When Will Financial Providers Need to be Compliant?
What’s Next?
Why Consumer Financial Data Rights Matter
Why Standardized APIs are Important
How MX Can Help
Additional 1033 Resources

At MX, core to delivering on our mission to empower the world to be financially strong is the ability for consumers to access, direct, and control their financial data to improve their financial outcomes.

We believe in the power of financial data to unlock new insights and drive better money experiences that benefit companies and consumers alike. To enable better decisions, experiences, and outcomes, financial data should be accessible and actionable for all consumers to better enable decisions, experiences, and outcomes. And, increased competition, a level playing field, and increased digital innovation can help improve financial outcomes for consumers.

However, until now, consumer financial data access and control has primarily been left up to the financial institutions, fintechs, and other third parties involved. MX has been working with our clients, partners, and the wider financial services ecosystem to accelerate Open Banking and secure, consumer-permissioned data sharing for nearly a decade.

On October 19, 2023, the Consumer Financial Protection Bureau (CFPB) published its long-awaited notice of proposed rulemaking (NPRM) for personal financial data rights under Dodd-Frank Act Section 1033. We believe that the success of the financial industry, future innovation, and the financial health of Americans can all be greatly enhanced by increased clarity of data rights and the promulgation of this 1033 rulemaking. Now, we’re likely just weeks away from the anticipated final rule from the CFPB.

Once final, the clock starts for financial data providers and recipients to meet outlined compliance timelines and requirements. The compliance period will vary depending on the size of each institution. But, that doesn’t mean wait. The time is now for financial institutions to begin getting ready to meet obligations under this new rule.

What is the Dodd-Frank Act Section 1033?

In 2010, Congress passed the Dodd-Frank Wall Street Reform and Consumer Protection Act, also known as the Dodd-Frank Act. Section 1033 is an important milestone to ensure consumers have the right to access and control their financial information.

It authorizes the CFPB to prescribe rules requiring “a covered person [to] make available to a consumer, upon request, information in the control or possession of the covered person concerning the consumer financial product or service that the consumer obtained from such covered person, including information relating to any transaction, series of transactions, or to the account including costs, charges and usage data.”

Getting ready for 1033? Schedule a strategy session to help you prepare for the final rule.

What is the Consumer Financial Protection Bureau (CFPB)?

The Consumer Financial Protection Bureau (CFPB) is a U.S. government agency that aims to protect consumers from unfair treatment by financial institutions. In its own words, the CFPB is “dedicated to making sure you are treated fairly by banks, lenders and other financial institutions.” It implements and enforces Federal consumer financial law and ensures that markets for consumer financial products are fair, transparent, and competitive.

Why is Section 1033 Important?

This rulemaking is one of the most substantive regulatory changes to happen in the financial industry in many years. It fundamentally changes, for the better, how consumers can access and share their financial data. And, it will lay the groundwork for the United States to move into the next chapter of fintech innovation.

A clear, cross-agency regulatory framework will accelerate adoption of Open Finance, improve the money experience, and help drive better financial outcomes for millions of Americans.

But, Open Finance isn’t simply a checkbox to meet forthcoming 1033 compliance and regulatory obligations. It provides significant benefits to consumers and financial services providers.

Consumers gain more choice and control over the data they share and how they engage with their finances with the freedom and flexibility that Open Finance enables. And, they gain unparalleled access to a broader range of products and services.

It also allows consumers to more easily connect their various financial accounts and data together into a single view — enabling a more seamless money experience.

For financial services providers, Open Finance enables:

Better Fraud and Risk Management

By leveraging an open finance API rather than screen scraping, consumers never have to share their username and password, and financial providers eliminate the risk of sharing credentials.

More Accurate Customer Profiles

Financial providers can gain access to real-time consumer-permissioned financial data. This helps them better understand their customer needs and identify product and partnership opportunities.

Enhanced Customer Experiences

By putting consumers in the driver’s seat, financial providers can build trust and improve relationships, leading to greater customer satisfaction and loyalty. And, with better visibility into a consumer’s financial life, financial providers can deliver more personalized, intuitive experiences to meet them where they are.

What Data is Covered by Section 1033?

It’s important to note that the CFPB isn’t attempting to cover the entire financial ecosystem with this initial rule under Section 1033. It specifically calls out Regulation E accounts and Regulation Z credit card accounts to start, as well as digital wallets and payment facilitation products.

This includes:

Checking accounts
Savings accounts
Credit cards
Prepaid cards
Digital wallets
Other electronic payments

But, it does exclude first-party payments as part of those payment facilitation products, which the CFPB defines as a transfer initiated by the payee or an agent on behalf of the underlying payee. First-party payments include payments initiated by a loan servicer.

Within these types of accounts, specific covered data outlined includes:

Transaction information, including historical transaction information
Account balances
Information to initiate payment to or from a Regulation E account
Terms and conditions related to providing a consumer financial product or service
Upcoming bill information
Basic account verification information

Exceptions to this covered data would include:

Any confidential commercial information, including an algorithm used to derive credit scores or other risk scores or predictors
Any information collected by a data provider for the purpose of preventing fraud or money laundering, or detecting, or making any report regarding other unlawful or potentially unlawful conduct
Any information required to be kept confidential by any other provision of law
Any information that a data provider cannot retrieve in the ordinary course of its business

When Will Financial Providers Need to be Compliant?

In the final rule, the CFPB has extended compliance deadlines beyond the NPRM to allow for more time for data providers and third parties to meet expectations. And, the smallest institutions (banks and credit unions with less than $850 million in assets), will not be required to provide data under the rule.

Compliance deadlines in the final rule for institutions with more than $850M in assets are:

1033 Compliance Deadlines

What’s Next?

With the final rule in place, now is the time to start understanding what it means for your organization and make plans to meet outlined compliance data.

In addition, the CFPB finalized a rule in June 2024 that outlines the qualifications to become a recognized industry standard-setting body, which can issue consensus standards that companies can use to help them comply with the CFPB’s upcoming Personal Financial Data Rights Rule. The rule identifies the attributes that standard-setting bodies must demonstrate in order to be recognized by the CFPB as an open banking standard setter, including:

Openness: The process must be open to all interested parties.
Transparency: Procedures must be transparent and publicly available.
Balanced decision-making: No single special interest should dominate the process. The decision-making power to set standards must be balanced across all interested parties, including consumer and other public interest groups.
Consensus: Standards development must proceed by consensus, with fair consideration of comments and objections.
Due process and appeals: The body must use documented, publicly available policies and procedures, including adequate notice of meetings, time for review, and an impartial appeals process.

The Financial Data Exchange (FDX) submitted the first application to be recognized as an industry standard-setting body for open banking. The CFPB is currently taking public comments on the FDX application. Today, more than 94 million consumer accounts are now actively using the FDX API for secure, permissioned data sharing.

Why Consumer Financial Data Rights Matter

Today’s money experience is inherently messy both for consumers and financial providers seeking to meet increasingly complex consumer needs. Consumers must look across a multitude of financial accounts to try to manage their financial life — with most maintaining relationships with an average of 5 to 10 different financial services organizations, from their primary bank to PayPal and Venmo to various credit cards, investment accounts, and loans. And, today’s closed financial ecosystem makes it difficult for consumers to switch to a new financial provider or take their financial data with them.

We’ve all heard the expression that knowledge is power. Engaging with their finances on multiple platforms means they don’t have a consolidated view of their financial data or who may be accessing it. And, if they ever choose to leave their current providers, it’s not easy to transfer and take their financial data with them.

Consumers should own, have access to, and have the ability to control all their financial data. Full stop. And, consumers overwhelmingly agree (82%) that they own their financial data and should be able to control who has access to it.

This empowers consumers to better understand their finances and make financial decisions that will improve their overall health (e.g., seek improved interest rates, increase savings rates, etc.) — as well as spur innovation and competition in the marketplace.

Why Standardized APIs are Important

Most financial data sharing still relies on less reliable and less secure methods that require consumers to share credentials with a third party. This screen scraping or credential sharing is less reliable and places a heavy technical burden on bank infrastructure, which creates an unstable customer experience. Connections frequently break as passwords, systems, and processes change.

This leads to frustration and could potentially cost businesses customers in the long run. Screen scraping also puts consumers and businesses at increased risk since it requires consumers to provide usernames and passwords to a third party. And, consumers may be left wondering who has access to their data while businesses have little visibility into where data is shared.

An open banking or open finance application programming interface (API) allows consumers to access their transaction data without the need to share usernames and passwords, and eliminates the technical burden of screen scraping. Direct connections replace credentials with tokens, delivering higher levels of security, faster speeds, and higher connection success rates.

How MX Can Help

MX is making it easier than ever for financial institutions of all sizes to accelerate open finance adoption and enhance the money experience for consumers through our Data Access solution.

Built to FDX standards, Data Access improves the data sharing experience with a secure, open finance API. It also enables financial institutions to better monitor and manage where data is shared, unlock actionable insights to drive growth and retention, and meet expected 1033 compliance obligations.

Financial providers can better monitor and manage what data is leaving their platform and where it goes, uncovering new opportunities to grow. Plus, automated notifications and reporting make it easy to detect anomalies, identify customer needs, and report on compliance requirements.

Let us help you get started with making sense of expected obligations — and opportunities — within your open banking journey. Talk to our experts today.