Skip to main content

CFPA Personal Financial Data Rights – Part 1033

''Open Banking '' Rule

CFPB’s Final Rule 1033 - Open Banking’s Future

A shift towards open banking and granting consumers control of their financial information

Currently, financial institutions control access to consumer financial data. Section 1033 of the Dodd-Frank Act aims to create a more transparent and competitive financial ecosystem in an open banking environment.

Rule 1033 strengthens the open banking ecosystem by enabling consumer-authorized data sharing with a focus on security and collaboration among consumers, data providers, third parties, and aggregators. It drives innovation, competition, and transparency while ensuring robust data security and regulatory compliance across all participants.

What does the 1033 Rule do?

The CFPB’s final rule on financial data rights was issued on October 22, 2024. CFPB Rule 1033 implements Section 1033, which allows consumers to access and securely share their financial data (“covered data”) with third-party services and is intended to facilitate open banking. Key takeaways of the rule include data safety, clear consent, and giving consumers more control over their information:

  • Empowers Consumer Rights - Enhance consumer rights related to accessing and sharing financial data.
  • Facilitates Secure Data Sharing - Allow secure sharing of financial data with third-party service providers.
  • Ensures Transparency and Consent - Data sharing is conducted safely with clear consent and transparency.
  • Strengthens Consumer Control and Privacy - Provide consumers with greater control over their financial information through privacy protections.

What is “covered data”?

Data providers must provide consumers and authorized third parties with access to: 

  • Financial Transaction Data
  • Payment Initiation Data
  • Account balances
  • Upcoming Bill information
  • Terms and conditions
  • Basic Account Verification Information

Rule 1033 facilitates open banking by enabling secure sharing of consumer financial data. Under the rule, data providers are required to maintain a consumer interface and a developer interface. Interface requirements include data formats (machine-readable files), performance conditions, and security specifications.

Who are the impacted parties of the 1033 Rule?
What is Open Banking and its Relationship with Rule 1033

Compliance Dates

The rule has a phased rollout, determined by annual revenue or asset size. Larger institutions are subject to implementation by April 1, 2026.

The April 2026 compliance date has been put on hold due to ongoing changes with agency policy from the current administration.

Compliance Dates

Challenges and Future of Rule 1033

The fate of the rule hangs on two challenges. In October 2024, the rule was immediately challenged following its release. A Kentucky-based national bank, along with groups such as the American Bankers Association and The Bank Policy Institute filed lawsuits asserting that the CFPB was overstepping in its authority and concerns about liability and cost remained unaddressed. The CFPB filed an answer to the amended complaint in late December 2024, and the courts directed the involved parties to confer regarding a case schedule.  The second challenge arose with the change in the presidential administration and Congress, and the expected changes at the CFPB. Now that Congress is in session, it may disapprove of any rule finalized by the CFPB within the last six months of the former presidential administration. Whether Congress will reject the open banking rule remains to be seen. Adding to the already uncertain future of the rule, the incoming CFPB director may use the lawsuit to determine the fate of the rule.

Regardless of what happens to Rule 1033 and whether the CFPB will get to enforce it, the concept of open banking is likely here to stay. As industry groups and regulators work toward a resolution, financial institutions should assess ways to comply as data providers in an open banking environment.

How We Can Support You in Implementing the 1033 Rule

By combining expertise in regulatory compliance, data privacy, and technology integration, Sia can help data providers navigate the complexities of Rule 1033. Our services would enable data providers to efficiently manage consumer data access, enhance transparency, and maintain compliance with evolving regulations.

Our team members have a practical, deep understanding of embedding regulatory requirements into our tailored, data privacy and cybersecurity solutions. From a readiness assessment and gap identification to a customized target operating model recommendation and full-scale implementation, we are equipped to confidently support clients with every step of this complex rule implementation.

We have a solid understanding of the ever-evolving regulatory landscape and strive to keep abreast of industry trends.

How We Can Support You in Implementing the 1033 Rule

Contact us for more information

Sia Partners integrates this data in its client database to send you marketing communications (invitations to events, newsletters and new commercial offers).
This data will be kept for 3 years before being deleted and you can withdraw your consent to the processing of your data at any time.
To learn more about the management of your personal data and to exercise your rights, please consult our Data Protection Policy.

CAPTCHA

Your data are used by Sia Partners to process your contact request. Please note that you have rights regarding your personal data. For more information, we invite you to read our data protection policy