Skip to main content
Regulation

CFPB ruling makes way for open banking

Fintech Icon  On Abstract Financial Technology Background .

On Oct. 22, the Consumer Financial Protection Bureau (CFPB) shared its Personal Financial Data Rights final rule. The rule is a result of Section 1033 of the Dodd-Frank Wall Street Reform & Consumer Protection Act.

Immediately following the announcement of the rule, a lawsuit was filed challenging the validity of the ruling. Additionally, it is unclear if there will be any modifications to Section 1033 once the Trump administration assumes office in January. With these variables at play, we will continue monitoring the developments around Section 1033; however, we suggest credit unions of all sizes continue working on strategies that position them well for an open banking future.

So what does the long-awaited Section 1033 mean for data providers and consumers—and what are the implications for open banking and the financial services industry as a whole?

Impact on data providers

Section 1033 mandates that financial institutions with more than $850 million in assets share consumer-permissioned financial data subject to Regulation E (e.g., savings, checking, etc.). Credit unions will be data providers to the third party, which obtains a consumer’s permission for his or her data to be shared. Data providers will be required to make covered data available through a safe and reliable interface (like a standardized API). The data must be in a standardized format and the interface must meet a minimum response rate of 99.5%. Data providers cannot charge a consumer nor an authorized third party for access to data. Other requirements surrounding the rule include authorization, record retention and third-party risk management. The largest institutions must comply with Section 1033 by April 2026, while the smallest covered data providers have until April 2030.

Impact on consumers

The implementation of Section 1033 will ultimately lead to a decrease in screen scraping, which presents security and accessibility concerns. Screen scraping is a practice in which a consumer gives a third party his or her online banking login credentials. The third party can then log into the consumer’s account to “scrape” personal financial information. As data providers implement solutions that enable standardized API data sharing, the CFPB assumes the market will gradually move away from screen scraping.

Moving to standardized data sharing practices like APIs will provide consumers with more control over their personal financial data, including what information is shared and with whom, how that information is used and for how long.

Open banking

The Section 1033 ruling is a major step toward making open banking more accessible and comprehensible, positioning open banking as the next channel to help reshape financial institutions’ offerings and create new opportunities specifically for the credit union industry. It will further drive open banking (a market-driven initiative led by consumer demand thus far) by providing fintechs and financial service providers with clarity around data inputs—the specific data elements that will be shared, how the data will be formatted, the duration of access and reliability of uptime. This removes much of the guesswork around how solutions will perform, allowing providers to confidently design and implement creative strategies that respond to emerging opportunities.

The CFPB included payment data in the final rule, noting in their press release: “The rule ensures consumers are able to securely share payments information, which can help enable what is sometimes referred to as pay-by-bank.” When coupled with instant payment schemes, Section 1033 also has the potential to accelerate the adoption of pay-by-bank, thus driving the importance of an open banking strategy even further for credit unions. With participants in the open banking system now having the capability to verify ownership, account information and available funds via APIs, solutions that help merchants with smart transaction routing and offer innovative ways to incent consumers to adopt this type of payment are likely to enter the market. In fact, a Harris Poll Report found 86% of consumers surveyed recognize the benefits of using pay-by-bank, and 51% say they have used bank payments over cards in the past year, indicating this nascent market has the potential for substantial growth.

Impact on credit unions

While the nearly 5,000 credit unions under $850 million in assets are not directly affected by the ruling, skipping implementation will leave membership at risk if screen scraping is not properly controlled. Conversely, members could lose the ability to manage their financial lives if screen scraping is blocked entirely, cutting them off from tech-driven solutions that are solving traditional and new consumer challenges. Either scenario poses significant risks for credit unions in terms of member attrition.

Regardless of asset size, credit unions should carefully consider their response to the ruling and work toward an open banking strategy that keeps members and their data part of future opportunities and product offerings. Now is the time to leverage open banking as an opportunity to create a full financial picture of members’ financial lives—and customize product offerings to meet members’ needs and improve their financial futures.

Beyond the ruling

Use cases of open banking have already expanded beyond savings, checking and credit cards, such as payroll portability that allows accountholders to easily transfer their direct deposits and provide payroll verification without intervention needed from their financial institution. The CFPB is also starting to think of new data sets such as mortgage lending.

Visa found nine in 10 consumers are already linking their accounts with a third party, with one in three connecting their financial accounts to six or more apps or websites, indicating the practice of sharing personal financial data is firmly embedded in consumer behavior. This is standard practice with many big banks in the U.S., where they standardize data sharing practices with third-party providers.

Section 1033 will further fuel the emergence of innovative solutions built on an open banking framework and continue to fan the trajectory of future solutions. This is evidenced in the EU market with the evolution of the Payment Service Directive (PSD), of which the third version (PSD3), with a focus on an expanded data set to enable innovation and competition in emerging markets like crypto, is being released soon.

The key to success for credit unions is not to be dependent on the ruling to shape their direction, but to look at the value open banking brings members and the problems it solves for their organization. The credit union community should approach this new ruling as an opportunity and a game changer—not just to satisfy a regulatory requirement, but to look beyond that and assess how the ability to gather data on members can help shape and personalize future service and solutions for current and prospective members.

Contact Velera

Interested in learning more?

Get in touch