The Consumer Financial Protection Bureau (CFPB) made a bold move today, October 22, by unveiling the final version of its much-anticipated Rule 1033, aimed at strengthening consumer rights over personal financial data. As expected, the rule marks a pivotal shift toward open banking in the United States, but it also extends its reach to regulate payment apps, leaving room for smaller financial institutions like credit unions and community banks to stay competitive.
Rule 1033, part of the Dodd-Frank Act, is designed to give consumers more control over their financial data and enable them to securely share it with third-party service providers. Under the new regulation, banks, credit unions, and other financial institutions must make consumer financial data—including transaction details, fees, and usage related to deposit accounts, credit cards, and payment services—available upon request to consumers or authorized third parties.
The scope of the rule is broader than expected, extending beyond traditional bank accounts to include payment apps and digital wallets. A section of the rule reads, “Digital wallet providers hold similar valuable data that can provide a complete understanding of a consumer’s finances.” The rule highlights that digital wallets can initiate payments from various accounts, such as credit cards and checking accounts, and are considered data providers under the regulation, even when facilitating pass-through payments from other institutions.
Strict guidelines are also laid out for third parties seeking access to consumer data. These entities must obtain explicit consent from consumers, limit data collection to what is necessary for their services, and implement robust data security measures. Importantly, the rule bans the use of consumer data for targeted advertising or resale, while prohibiting financial institutions from charging fees for data access. It also mandates the development of standardized APIs for secure data sharing, phasing out riskier methods like screen scraping.
Implementation of the rule will be gradual, focusing initially on deposit accounts, credit cards, and payment services. Larger financial institutions are required to comply between 2026 and 2030, depending on their asset size. Notably, depository institutions with assets under $850 million are exempt.
Reactions to the rule have been limited so far, with Bank Policy Institute President and CEO Greg Baer criticizing it, stating, “The CFPB’s rule disrupts established processes, requiring banks to share financial data with any third party without adequate safeguards.” As the financial industry digests the details of Rule 1033, the impact on open banking and data privacy will likely become clearer in the coming months.
About The Author
Related posts:
Bugesera: Hatangiye kubakwa imihanda izatwara asaga Miliyari Ebyiri
Leta yiyemeje kwigurira toni 31 000 z’umuceri wabuze isoko
Uganda yatangiye gushakisha peteroli mu tundi turere 2 ikekwamo
Inzego z’ibanze zanenzwe kunanirwa kugaragaza ikibazo cy’ibura ry’isoko ry’umuceri
MINICOM iri gushaka igisubizo ku ibura ry’ibyo gupfunyikamo
Ecobank Rwanda yinjiye mu bufatanye na RTN butuma igera mu gihugu hose
Banki nkuru y’Igihugu (BNR) yagaragaje ko ubukungu buhagaze neza
Elon Musk Warns of U.S. Bankruptcy Amid Escalating National Debt
