BID® Daily Newsletter
May 30, 2024

BID® Daily Newsletter

May 30, 2024

What Does CFPB’s 1033 Regulation Mean for You?

Summary: The CFPB is finalizing a rule that allows consumers and their representatives to access and share consumer data through secure interfaces. We explain the benefits and challenges of its implementation.

First adopted by the NBA in 1979, the three-point shot — a shot from beyond the 23-foot arc surrounding the basket — revolutionized basketball. The three-pointer now accounts for 35% of all shot attempts. What’s more, since the Miami Heat beat the Charlotte Hornets on February 5, 2016, no NBA game has been won without a shot beyond the arc. The invention of the three-point shot has quite literally changed the game of basketball. The upcoming implementation of rule 1033 by the Consumer Financial Protection Bureau (CFPB) could also be a game-changer for community financial institutions (CFIs).
The Basics of Section 1033
Part of Dodd-Frank, section 1033 will require financial institutions (FIs) to give consumers — and their authorized representatives — access to their financial data, including financial transaction data, account balances, upcoming bill information, terms and conditions, and basic account verification information. The rule will also help standardize data-sharing practices and establish obligations for third parties accessing the data. Essentially, customers will gain control of their data and be able to access and share it at no extra cost, through safe, reliable digital interfaces, enabling such tools as embedded finance and open banking.
The CFPB is planning to implement the rule in Q4 2024. Compliance dates will range between six months and four years from implementation, depending on the size of the organization. FIs with assets below $50B will have between 30 and 48 months, while CFIs with no digital interface with their customers will be exempt.
An Opportunity To Level the Playing Field
While the consumer is the target beneficiary of this rule, its introduction gives CFIs an opportunity to improve their customer service and differentiate themselves from the competition. If a customer can connect all their preferred apps to a single bank account, then they will be able to access a wide range of digital financial services, including investment apps, digital payments, budgeting tools, and more — without switching financial providers.
CFIs can also leverage the data they receive to better tailor their own offerings to customers’ needs. Finally, the seamless transfer of data between applications has the potential to streamline processes such as digital account opening, direct deposit switching, and account verification, among others.

Challenges and Risks
While the rule is yet to be finalized and certain details still need to be ironed out, FIs have raised some concerns about the risks and challenges of implementing the new rule, aside from the obvious issue of timely compliance.
  1. Third-party access. Nowadays, customers already have access to the financial data they need, although it may be stored in disparate places. It is the access granted to third parties that raises risk management issues. FIs will need to have robust controls in place to ensure the data is going to reliable organizations that have adequate protection measures in place. How this will be achieved is still up for debate, as FIs argue that they cannot be expected to vet potentially thousands of third parties that consumers want to share data with.
  2. Data readiness. Most institutions store data across many different systems. It will be a challenge to identify where the required data is located and organize it in such a way that it can be transferred to designated parties. 
  3. Interfacing. The rule guidance states that data should be exchanged through application programming interfaces (APIs), which may require some institutions to accelerate development in this area. Cornerstone Advisors found that 71% of respondents to their What’s Going On In Banking 2023 survey have already invested in APIs. Rule 1033 will drive further adoption, with off-the-shelf API integration products potentially helping to ease the way.
Best Practices for Implementation
  1. Get started now. Even if your compliance date is years down the line, it is key to start preparations early. This will allow you to stay ahead of the competition and capitalize on the opportunities afforded by open banking.
  2. Understand the implications of the rule. Take time to understand what data your CFI is required to share, where it’s located, and what you need to do to get it ready, including API development.
  3. Review existing risk frameworks. Identify what adjustments you might have to make to your risk management protocols to incorporate the new rule. 
  4. Plan for the long term. As the rule has been designed to evolve with innovation in technical standards, it is important to understand what the future looks like and establish the architecture that will get your CFI there. 
The introduction of rule 1033 has the potential to greatly enhance the services your CFI can provide to existing customers and help attract new ones. As a result, you can strengthen relationships and build loyalty by offering all the services customers need in one ecosystem, as well as leverage new data and insights to personalize your offerings. 
Subscribe to the BID Daily Newsletter to have it delivered by email daily.

Related Articles:

2024 in Review: Part 2 of 3 — Regulations & Digital Banking
In this second part of our review of 2024, we look at the challenges and opportunities arising from increased regulatory scrutiny, the rise of open banking, and the adoption of faster payments.
Heightened Regulation Is Making BaaS a Risky Proposition
As regulatory oversight of BaaS increases, CFIs need to be aware of the risks in their third-party relationships. We provide examples of BaaS flubs and how to avoid them.