Section 1033 of the Dodd-Frank Act gives consumers the right to access and share their financial data. Soon, this rule is going to have some teeth.
Last October 19, 2023, the Consumer Financial Protection Bureau (CFPB) announced the release of a proposed rule requiring U.S. financial firms such as banks and credit unions to give consumers access to their personal financial data at no charge, so it can be shared with another provider.
Rollout is expected to start by the end of 2024.
Here’s what you need to know about Section 1033 of the Dodd-Frank Act, what the proposed U.S. open banking rule will mean for financial institutions, and why there is a unique opportunity right now to turn the cost of compliance into opportunity.
What is Section 1033 of the Dodd-Frank Act – and what does it mean for financial institutions?
The proposed U.S. open banking rule is aimed at leveling the playing field, empowering smaller financial institutions to better compete and giving consumers more freedom and access to new services.
It ensures that financial institutions provide access to various types of data, including transaction details, account balances, and terms and conditions of financial products. See the full text here: CFPB Proposed Rule
Concretely, the U.S. open banking rule will mean that financial institutions need to:
- Be able to easily share data with authorized third-party apps via secured APIs and eliminate screen scraping
- Invest in robust data security measures (such as encryption methods and 2FA) to protect consumer information
- Develop clear data access protocols and consumer consent mechanisms
- Stay informed about evolving CFPB regulations regarding Section 1033 implementation
“At Axway, we’ve been championing open banking for years, and the CFPB proposed rule represents an exciting shift in the North American financial services landscape,” says Mourad Jaakou, General Manager, Amplify Platform at Axway.
“This is an opportunity for financial institutions to eliminate sharing customer data via unsecured screen scraping and to seize first-mover advantage”
Similar to U.S. phone number portability regulations that helped open the market for telecommunications services, the new rule promises to help firms move forward with open banking, fostering new opportunities for smaller fintech firms to thrive alongside traditional banks.
For example, the proposed U.S. open banking rule could help open the door for smaller, more nimble organizations to offer their services as part of open banking ecosystems, connecting multiple companies.
Open banking U.S. timeline
In June 2024, the CFPB took another step forward to launching open banking standards, outlining the qualifications to become a recognized industry standard setting body. Another announcement is expected later this year, likely to plan finalization and implementation of a rule.
Once the U.S. open banking rule takes effect, it will serve as implementation of Dodd-Frank Section 1033. The effective deadline is expected to roll out on a tiered basis by size of the financial institution, as follows:
Six months: Depository institution data providers that hold at least $500 billion in total assets, and
Non-depository institution data providers that generated at least $10 billion in revenue in the preceding calendar year, or are projected to generate at least $10 billion in revenue in the current calendar year. (i.e. the six largest U.S. banks)
One year: Depository institutions that hold at least $50 billion in total assets but less than $500 billion in total assets; or
Non depository institutions that generated less than $10 billion in revenue in the preceding calendar year and are projected to generate less than $10 billion in revenue in the current calendar year.
Two and half years: for depository institutions that hold at least $850 million in total assets but less than $50 billion in total assets.
Four years: for depository institutions that hold less than $850 million in total assets.
U.S. open banking standards: keeping data timely and secure
Per the CFPB’s proposed rule, the accuracy of data exposed to third-party entities must be the same as in the internal systems. In terms of data privacy, consumers must be able to give restricted access to their data, while it’s incumbent on the data provider to ensure secure access.
Efforts to create open banking rules in North America underscore the importance, within financial institutions, of providing fast, secure access to quality data, with APIs as the enabling technology.
Screen-scraping is how many digital banking experiences were made possible in the last 25+ years. It is a method of data collection where a consumer shares their banking credentials with a third-party provider, who then uses these credentials to log in on behalf of the customer (typically using bots).
Nowadays, standardized financial APIs make it possible to communicate and exchange data in a more efficient, granular, and secure way. There is nearly universal consensus that APIs are safer and more accurate than web scraping.
Yet, the CFPB estimates only about half of third-party data access currently occurs through APIs – while screen-scraping comprises the bulk of the balance.
Read a deeper dive on the shift from screen-scraping to APIs here.
This means that FIs will need to enable very granular access protection, so that consumers remain in control of who can access their data at any time.
And they need to adopt advanced, financial-grade API security, privacy and data sharing standards.
Learn more about API security tools and best practices
In North America, market-driven efforts are already underway to implement open banking and ensure a common set of standards to exchange data, not least of which is the Financial Data Exchange. This consortium of key stakeholders maintains a free, common API standard that provides interoperability around financial data sharing.
It has quickly established itself as the de facto North American open banking standard, with 76 million consumer accounts using the FDX API at last count.
Invest in tech, invest in trust
For consumers, the new rules represent a meaningful way to control how their data is used, beyond opt-out data privacy rules.
New user-centric use cases, such as bill payments via open banking, have been driving increased adoption, given open banking’s simplicity of use versus alternatives like card payments.
As a result, consumers today are more willing to give consent. Financial services firms will face more pressure to maintain or win customer loyalty, compete on individual products, and integrate third-party services into their own offerings.
Europe is expected to reach 63.8 million open banking users in 2024 as consumers get comfortable with consent.
And while open banking does require banks to securely expose data for greater interoperability and competition – essentially becoming an API provider – it’s important to note that open banking also offers up a goldmine of actionable intelligence. This data can lead to valuable cross-selling opportunities and other strategic advantages.
At the heart of these evolutions, the question of trust will remain critical to success.
“Trust is the lynchpin of the banking industry, and [Sopra Steria’s Digital Banking Experience Report 2023] reveals a full 80% of consumers trust their banks. However, this trust cannot be taken for granted,” says Eric Bierry, CEO of SBS.
Turn U.S. open banking regulation into opportunity with Axway
Consumers are demanding open banking capabilities, and now it’s up to banks to implement them. It seems that many FIs are beginning to grasp the vision: 74% of banks feel driven towards collaborative business models, according to Sopra Steria’s Digital Banking Experience Report 2023.
Axway’s State of Enterprise API Maturity 2024 Report finds that the financial services industry is most inclined to use value-based pricing when monetizing APIs – a glimpse at the opportunity for new revenue streams.
Axway gives financial services firms the tools, flexibility, and scalability they need to unlock their customer data securely and comply with new CFPB rules as they come into force.
Our solution for open banking, open finance, and beyond is a powerful tool for financial institutions in North America, enabling them to stay compliant with evolving regulatory frameworks, such as Section 1033 of the Dodd-Frank Act and industry standards like FDX.
Amplify Open Banking helps financial institutions (FIs) avoid screen scraping by offering secure, API-based data sharing, ensuring transparency and improving customer trust through robust security, identity, and consent management services.
It simplifies collaboration by providing efficient authorization management for third-party providers (TPPs) and partners, reducing the friction FIs face when integrating with external applications and partners.
With the solution’s low-code/no-code capabilities, APIs built to common open banking standards are easily discoverable and consumable, allowing FIs to quickly deploy business processes.
Financial institutions can explore new revenue streams by monetizing APIs, similarly to successful models implemented in Europe where banks have offered premium data access services to third-party developers.
Coupled with Amplify Enterprise Marketplace, the solution lets companies govern and control the APIs they need to stay securely connected to customers and partners. Beyond the technology, Axway helps you take your open banking initiative from compliance to business acceleration.
Follow us on social