FS-RA-Navigating the future under CFPB Section 1033 rule

The financial landscape is on the cusp of significant change with the Consumer Financial Protection Bureau’s (CFPB) proposed Section 1033 rule on open banking.

The Section 1033 rule could redefine data accessibility and sharing within the financial sector, empowering consumers to control and share their financial data securely.

While this transformation brings exciting opportunities for innovation, the Section 1033 rule also requires banks to navigate new compliance, security and operational complexities.

Our Wipfli team dedicated to financial institutions provides their perspective on how clients should ensure they are well-positioned to leverage the potential of open banking.

Understanding CFPB Section 1033 and open banking

At its core, open banking is about giving consumers greater control over their financial data.

Through secure digital channels — such as application programming interfaces (APIs) — consumers can share their financial information with authorized third parties.

This capability enables a more integrated financial experience, allowing consumers, for instance, to consolidate data from multiple financial institutions or seamlessly apply for loans with real-time access to their transactional history.

CFPB Section 1033 aims to standardize and safeguard this data-sharing process.

The proposed rule mandates that financial institutions provide consumer-authorized access to covered financial data, which includes transaction histories, account balances, payment information and even basic personal information like email addresses. By enabling this data access, the rule promotes transparency, encourages competition among financial players, and ultimately provides consumers with more control and choice in financial services.

Key compliance requirements and industry implications

The CFPB’s Section 1033 proposal introduces several key obligations for financial institutions:

• Data accessibility: Institutions must enable consumers to access their data and share it with third parties in a secure and standardized format.
• Privacy and security: The rule requires stringent privacy and security measures, especially when sharing data through APIs, to protect consumers against unauthorized access.
• Accuracy and uptime standards: Banks must ensure high standards of data accuracy and maintain a reliable interface uptime of at least 99.5%, promoting a seamless user experience.

Compliance deadlines are tiered based on the institution’s size and type, with expected finalization in late 2024. Given these requirements, banks must be proactive in developing compliant processes and data-sharing infrastructure to avoid potential compliance pitfalls and penalties.

Challenges and risks for financial institutions

While open banking offers a path to increased consumer engagement, it also introduces several operational challenges and risks. The financial sector will need to address:

• Consumer data privacy and security: With increased data accessibility, banks must enforce robust privacy safeguards. Unauthorized data access, particularly through APIs, could lead to data breaches or unauthorized transactions, posing both regulatory and reputational risks.
• Data accuracy and integrity: To provide value, data shared through open banking must be reliable. Inaccurate or outdated data can erode consumer trust and hinder the adoption of open banking services.
• Third-party risk management: Banks must carefully vet third-party providers to ensure compliance with data protection standards, as failures by these providers could reflect poorly on the originating institution.

Additionally, with the expanded access to data, banks may be subject to overlapping regulations such as the Fair Credit Reporting Act (FCRA), the Electronic Funds Transfer Act (EFTA) and the Gramm-Leach-Bliley Act (GLBA), further complicating the compliance landscape.

Insights from Europe’s open banking experience

European markets offer valuable lessons for U.S. financial institutions as they prepare for open banking — namely that compliance is more than a regulatory checkbox; it requires strategic planning to balance innovation with data security, privacy and consumer trust.

Through the General Data Protection Regulation (GDPR) and the Payment Services Directive 2 (PSD2), Europe has pioneered data-sharing regulations, fostering a competitive and secure financial ecosystem.

GDPR’s stringent requirements for data privacy and consumer rights protection highlight the importance of building trust through transparency. Meanwhile, PSD2’s guidelines on secure communication between banks and third-party providers underscore the need for robust technical standards.

How Wipfli supports open banking readiness

As financial institutions grapple with the complexities of open banking, Wipfli stands ready to support them with comprehensive services across compliance, technology and strategic advisory.

Our expertise spans several key areas critical to open banking readiness:

1. API Management and integration: Our team specializes in API readiness, helping banks implement secure and efficient data-sharing interfaces with solutions like Azure, MuleSoft, and Boomi. This ensures that data transfer meets regulatory requirements and industry standards, allowing banks to securely share information with authorized parties.
2. Data strategy and governance: Open banking demands a cohesive data strategy and stringent governance frameworks. Wipfli’s advisory services guide banks in establishing data roadmaps, implementing data governance policies, and helping ensure data accuracy and reliability. With Wipfli, banks can be confident in their data management practices, enabling secure and compliant data flows.
3. Privacy and security compliance: In line with GLBA and emerging open banking regulations, Wipfli supports banks in developing robust privacy and security controls. Our services include network security assessments, data access controls, and comprehensive risk assessments to mitigate exposure to unauthorized data access.
4. Vendor selection and due diligence: Open banking requires collaboration with third-party technology providers. Wipfli aids banks in conducting thorough due diligence on vendors, ensuring they meet regulatory and security standards. By vetting FDX-enabled platforms, banks can safely engage in data-sharing partnerships with trusted providers.

As this regulatory shift unfolds, Wipfli remains committed to empowering financial institutions with the tools and knowledge they need to succeed. Together, we can help banks not only meet regulatory requirements but also capitalize on the new possibilities open banking brings, creating lasting value for clients in a dynamic financial ecosystem. Reach out to us to learn more.

Read more about the benefits and challenges of open banking, and technology that can help:

• 7 ways open banking can benefit your financial institution
• Open banking is more than just a standard
• Bridging the gap: How iPaaS integrates with legacy banking systems for a digital tomorrow
• iPaaS as the catalyst for open banking innovation