Section 1033 of the Dodd-Frank Act gives consumers the right to access and share their financial data. Now, this law is going to have some teeth.
On October 22, 2024, the Consumer Financial Protection Bureau (CFPB) published its final rule requiring U.S. financial firms such as banks and credit unions to give consumers access to their personal financial data at no charge, so it can be shared with another provider.
“Too many Americans are stuck in financial products with lousy rates and service,” said CFPB Director Rohit Chopra. “Today’s action will give people more power to get better rates and service on bank accounts, credit cards, and more.”
Rollout starts in April 2026 and goes through 2030 for smaller financial institutions, meaning it’s time to speed up your API strategy. Here’s what you need to know about Section 1033 of the Dodd-Frank Act, what the final U.S. open banking rule means for financial institutions, and why there is a unique opportunity right now to turn the cost of compliance into opportunity.
What is Section 1033 of the Dodd-Frank Act – and what does it mean for financial institutions?
The CFPB’s newly published U.S. open banking rule serves as implementation of Dodd-Frank Section 1033. It is aimed at leveling the playing field, empowering smaller financial institutions to better compete and giving consumers more freedom and access to new services.
It ensures that financial institutions provide access to various types of data, including transaction details, account balances, and terms and conditions of financial products. See the full text here: Final Rule on Personal Financial Data Rights
Concretely, the U.S. open banking rule will mean that financial institutions need to:
- Be able to easily share data with authorized third-party apps via secured APIs and eliminate screen scraping
- Invest in robust data security measures (such as encryption methods and 2FA) to protect consumer information
- Develop clear data access protocols and consumer consent mechanisms
- Stay informed about evolving CFPB regulations regarding Section 1033 implementation
“At Axway, we’ve been championing open banking for years, and the CFPB final rule represents an exciting shift in the North American financial services landscape,” says Mourad Jaakou, General Manager, Amplify Platform at Axway.
“This is an opportunity for financial institutions to eliminate sharing customer data via unsecured screen scraping and to seize first-mover advantage”
Similar to U.S. phone number portability regulations that helped open the market for telecommunications services, the new rule promises to help firms move forward with open banking, fostering new opportunities for smaller fintech firms to thrive alongside traditional banks.
For example, the U.S. open banking rule could help open the door for smaller, more nimble organizations to offer their services as part of open banking ecosystems, connecting multiple companies.
Financial Times: US rolls out ‘open banking’ rules to make sharing financial data easier
Open banking U.S. deadlines and enforcement
The CFPB’s U.S. open banking rule will be enforced in phases, on a tiered basis by size of the financial institution, as follows:
April 1, 2026: depository institution data providers that hold at least $250 billion in total assets, and
Non-depository institution data providers that generated at least $10 billion in total receipts in either calendar year 2023 or calendar year 2024. (i.e. the 10+ largest U.S. banks)
April 1, 2027: Depository institutions that hold at least $10 billion in total assets but less than $250 billion in total assets; or
Non-depository institutions that did not generate $10 billion or more in total receipts in both calendar year 2023 and calendar year 2024.
April 1, 2028: for depository institution data providers that hold at least $3 billion in total assets but less than $10 billion in total assets.
April 1, 2029: for depository institution data providers that hold at least $1.5 billion in total assets but less than $3 billion in total assets.
April 1, 2030: for depository institution data providers that hold less than $1.5 billion in total assets but more than $850 million in total assets.
Note that in June of 2024, the CFPB took another step forward to launching open banking standards, outlining the qualifications to become a recognized industry standard setting body.
U.S. open banking standards: keeping data timely and secure
Per the CFPB’s rule, the accuracy of data exposed to third-party entities must be the same as in the internal systems. In terms of data privacy, consumers must be able to give restricted access to their data, while it’s incumbent on the data provider to ensure secure access.
Efforts to create open banking rules in North America underscore the importance, within financial institutions, of providing fast, secure access to quality data, with APIs as the enabling technology.
Screen-scraping is how many digital banking experiences were made possible in the last 25+ years. It is a method of data collection where a consumer shares their banking credentials with a third-party provider, who then uses these credentials to log in on behalf of the customer (typically using bots).
Nowadays, standardized financial APIs make it possible to communicate and exchange data in a more efficient, granular, and secure way. There is nearly universal consensus that APIs are safer and more accurate than web scraping.
Yet, the CFPB estimates only about half of third-party data access currently occurs through APIs – while screen-scraping comprises the bulk of the balance.
Read a deeper dive on the shift from screen-scraping to APIs here.
This means that FIs will need to enable very granular access protection, so that consumers remain in control of who can access their data at any time.
And they need to adopt advanced, financial-grade API security, privacy and data sharing standards.
Learn more about API security tools and best practices
In North America, market-driven efforts are already underway to implement open banking and ensure a common set of standards to exchange data, not least of which is the Financial Data Exchange. This consortium of key stakeholders maintains a free, common API standard that provides interoperability around financial data sharing.
It has quickly established itself as the de facto North American open banking standard, with 94 million consumer accounts using the FDX API at last count.
Invest in tech, invest in trust
For consumers, the new rules represent a meaningful and respectful way of controlling how their data is used, beyond opt-out data privacy rules.
New user-centric use cases, such as bill payments via open banking, have been driving increased adoption, given open banking’s simplicity of use versus alternatives like card payments.
As a result, consumers today are more willing to give consent. Financial services firms will face more pressure to maintain or win customer loyalty, compete on individual products, and integrate third-party services into their own offerings.
Europe is expected to reach 63.8 million open banking users in 2024 as consumers get comfortable with consent.
And while open banking does require banks to securely expose data for greater interoperability and competition – essentially becoming an API provider – it’s important to note that open banking also offers up a goldmine of actionable intelligence. This data can lead to valuable cross-selling opportunities and other strategic advantages.
At the heart of these evolutions, the question of trust will remain critical to success.
“Trust is the lynchpin of the banking industry, and [Sopra Steria’s Digital Banking Experience Report 2023] reveals a full 80% of consumers trust their banks. However, this trust cannot be taken for granted,” says Eric Bierry, CEO of SBS.
Turn U.S. open banking regulation into opportunity with Axway
Consumers are demanding open banking capabilities, and now it’s up to banks to implement them. It seems that many FIs are beginning to grasp the vision: 74% of banks feel driven towards collaborative business models, according to Sopra Steria’s Digital Banking Experience Report 2023.
Axway’s State of Enterprise API Maturity 2024 Report finds that the financial services industry is most inclined to use value-based pricing when monetizing APIs – a glimpse at the opportunity for new revenue streams.
Axway gives financial services firms the tools, flexibility, and scalability they need to unlock their customer data securely and comply with new CFPB rules as they come into force. This flexibility is important, because this month’s announcement made it clear the CFPB intends to continue developing additional rules to address more products, services, and use cases.
Our solution for open banking, open finance, and beyond is a powerful tool for financial institutions in North America, enabling them to stay compliant with evolving regulatory frameworks, such as Section 1033 of the Dodd-Frank Act and industry standards like FDX.
See also: How to securely participate – and thrive – on the open banking marketplace
Amplify Open Banking helps financial institutions (FIs) avoid screen scraping by offering secure, API-based data sharing, ensuring transparency and improving customer trust through robust security, identity, and consent management services.
It simplifies collaboration by providing efficient authorization management for third-party providers (TPPs) and partners, reducing the friction FIs face when integrating with external applications and partners.
With the solution’s low-code/no-code capabilities, APIs built to common open banking standards are easily discoverable and consumable, allowing FIs to quickly deploy business processes.
Financial institutions can explore new revenue streams by monetizing APIs, similarly to successful models implemented in Europe where banks have offered premium data access services to third-party developers.
Leveraging the power of Amplify Enterprise Marketplace, the solution lets companies govern and control the APIs they need to stay securely connected to customers and partners. Beyond the technology, Axway helps you take your open banking initiative from compliance to business acceleration.
The CFPB’s newly finalized rule is an opportunity for Financial Institutions to truly put consumers at the center of their services. It brings the U.S. closer to a competitive, secure, and reliable open banking marketplace.
If banks, credit unions, and other FIs look beyond compliance constraints and truly embrace this, they can build innovative business models and unlock new revenue streams.