Embracing Open Banking: The Future of Financial Innovation with Section 1033


The 1033 Dodd-Frank Act has been a hot topic in the US financial industry ever since its announcement.  The Dodd-Frank Act is a comprehensive financial regulation law enacted in 2010 to increase oversight, transparency, and consumer protection in the U.S. economic system following the 2007-2008 financial crisis.  In October 2023, the Consumer Financial Protection Bureau (CFPB) proposed Section 1033 as part of the Dodd-Frank Act. This proposal, which is set to be implemented in late 2024, has sparked widespread discussion about its implications for financial institutions, third parties, and consumers.

There’s no doubt that this rule is set to propel open banking in the US to new heights and establish stronger financial rights. But before we dive into what Section 1033 entails and its impact on the various parties involved, it’s essential to understand the background of the financial industry in the US.

Banks vs Fintechs: Data vs Innovation

The current US financial industry is dominated by following major institutions: JP Morgan, Bank of America, Citi Bank, and Wells Fargo. In 2023, these four banks alone accounted for 45% of the total profit share among 4,400 banks. Additionally, they hold more than half (53.62%) of the total bank assets in the U.S

While larger institutions hold significant assets and extensive consumer data, they often face challenges in rapidly adopting new technologies due to their established processes and organizational structures. In contrast, fintech companies and smaller banks demonstrate remarkable innovation and agility, enabling them to develop and implement solutions swiftly. However, their progress can be limited by a lack of access to the comprehensive data that traditional banks possess, which is essential for transforming innovative concepts into meaningful consumer products. 

This disparity highlights the need for an ecosystem where financial institutions of all sizes and fintechs can not only compete on a level playing field but also collaborate effectively. By working together, banks can leverage fintechs’ technological prowess, and fintechs can access the data they need to build more targeted and personalized offerings. Such collaboration would ultimately benefit consumers by providing them with more innovative, efficient, and tailored financial products and services, and break the inertia in the market.

This is where the Section 1033 rule of the Dodd-Frank Act comes into play.

What is CFPB and Section 1033?

The Consumer Financial Protection Bureau (CFPB), is a federal government regulator established in 2011 as part of the Dodd-Frank Act. The CFPB is responsible for implementing and enforcing federal consumer laws to protect and maintain the welfare of consumers. It ensures that consumers have access to fair, transparent, and competitive financial services and products.

In October 2023, the CFPB announced Section 1033, part of the Dodd-Frank Act. This rule mandates consumers’ right to access and share their financial data with third parties, with the ability to revoke this access at any time. It also enforces certain obligations on data providers and third parties concerning the sharing and use of data. 

The objective of this rule is to empower consumers by giving them more control over their data and to foster innovation and competition in a market characterized by monopolistic tendencies.

“With the right consumer protections in place, a shift toward open and decentralized banking can supercharge competition, improve financial products and services, and discourage junk fees.” Rohit Chopra, CFPB Director

Section 1033 - In Depth


Let’s go into the specifics of Section 1033 within the Dodd-Frank Act. This rule aims to achieve four main objectives:

  1. Consumer Empowerment: By providing consumers the right to access, share, and revoke their data it empowers them to have more control over their financial data and how it is being used. 
  2. Data Security: Section 1033 imposes obligations on third parties regarding the responsible use of accessed data, ensuring consumer privacy and data security are prioritized.
  3. Data Interoperability: The rule seeks to implement a standardized format for data sharing, fostering data interoperability among financial institutions and third parties. 
  4.  Build Competitive and Collaborative  Landscape: It aims to promote the establishment of secure, fair, and transparent industry standards and create an ecosystem where competition and collaboration thrive while keeping consumer satisfaction their focus.

Data Covered

  1. Account Balances
  2. Transaction history, typically covering a period of up to 24 months. This includes details of deposits, withdrawals, transfers, and other transactions.
  3. Information related to electronic fund transfers, including details of recipients, and any associated fees or charges
  4. Upcoming bills, including scheduled payments to third-party billers
  5. Basic account information including name, age, contact information, and other identifying information associated with the account.
  6. Terms & Conditions including fee schedules, interest rates, reward programs, and other relevant terms.

Who Does it Apply to

The proposed rule under Section 1033 of the Dodd-Frank Act applies to two main categories: data providers and data recipients. Data providers, as defined by Section 1033, encompass:
  • Depository Institutions: These are institutions that accept deposits from consumers, including banks, credit unions, savings and loan associations.
  • Non-Depository Institutions: This category includes insurance companies, investment banks, and brokerage firms, credit card issuers which operate without accepting consumer deposits but play significant roles in financial services.
Data Recipients include third-party service providers that interact with consumer financial data on behalf of depository and non-depository institutions, such as fintech companies, data aggregators, and other technology providers

Obligations on Data Providers

  1. Maintain Consumer and Developer Interfaces: Data providers are required to uphold consumer interfaces and establish developer interfaces, facilitating access to data for both consumers and third parties. According to reports, developing and maintaining these interfaces will require significant investment. Various trade groups estimate development costs to be in the“high tens of millions of dollars,” with ongoing maintenance costs ranging from “millions of dollars each year” to “approximately $15 million. Additionally, ensuring data security during transfers in response to access requests will incur substantial expenses.                
  2. Public Disclosure of Developer Interface: They must publicly disclose the developer interface, including contact information, on a website to streamline access and address inquiries effectively.
  3. Prohibition of Screen Scraping and Development Fees: The act prohibits screen scraping and the imposition of development fees or charges on consumers or third parties, ensuring fair access to data without unnecessary financial burdens.
  4. Standardized Data Format: Covered data must be made available in a standardized format, either based on “qualified industry standards” or in a format widely used by developer interfaces of similar data providers. This standardization promotes consistency and compatibility across data-sharing platforms.

Obligations on Data Recipients

  1. Limit Data Use: Section 1033 Dodd-Frank Act restricts the use, retention, and collection of covered data to what is reasonably necessary to provide a consumer’s requested product or service. The rule prohibits, as not “reasonably necessary,” the use of covered data to provide targeted advertising, to cross-sell other products or services, or to sell the data itself.
  2. Authorization Disclosure: Third parties or data recipients must provide consumers with a comprehensive authorization disclosure. This disclosure must include details of any data aggregators that may assist in accessing the data, as well as information about the services the aggregator will provide.
  3. Express Informed Consent: They must obtain “express informed consent” from the consumers in writing or print.                                      
  4. Reauthorization: If data collection extends beyond 1 year, institutions must obtain reauthorization from consumers to continue collecting data, reinforcing ongoing consent and consumer control over their data.

So far, we have discussed Section 1033 and its specific provisions. Now, let’s explore the significance of this rule on open banking in the US and the broader financial industry. As noted earlier, a few large institutions heavily dominate the US banking sector. However, with the implementation of Section 1033, the CFPB aims to foster an environment where smaller banks and fintech companies can compete more effectively with these major players.

Impact of Section 1033

  1. Consumer Empowerment: With consumers gaining access and control over their data, they can make more informed decisions about their financial products and services. Not only that, but with easier access to their financial data, the cost of switching banks will reduce significantly. 
  2. Competitive Market: The access to consumer data, granted by their consent, and the standardization of data-sharing formats will lower entry barriers for many new banks and fintech companies. With these changes, financial institutions will need to work harder to retain their customers, as consumers will now have access to a wider range of better products and services.
  3. Innovation & Technological Advancement: With third parties gaining access to consumer data, they will be able to develop personalized and tailored products and services. This, in turn, will push traditional financial institutions to enhance their offerings. To stay competitive, both third parties and traditional institutions will need to invest more in innovation and technology, developing products and services that not only outperform the competition but also meet and exceed customer expectations.
  4. Regulation & Compliance: Financial institutions will need to invest in systems and processes to comply with Section 1033 requirements, including data sharing, security, and interoperability standards. Regulatory bodies will need to monitor and enforce compliance, potentially leading to increased scrutiny and oversight of financial institutions.
  5. Collaboration: As the need for innovation and advanced technology infrastructure becomes crucial for survival, banks, credit unions, and other financial institutions will increasingly collaborate with fintechs and technology companies. These collaborations will undoubtedly result in better offerings for the consumer and benefit the industry as a whole.

Consumer Protection Laws Across the globe

Section 1033 may be new to the US, but it is not a novel concept globally. Over the years, several acts on consumer data access and protections have been passed globally. The General Data Protection Regulation (GDPR), enacted in 2016 in Europe, introduced the right to data portability, allowing consumers to transfer their data from one provider to another. Similarly, the Sahmati Account Aggregators Act also passed in 2016 in India, mandates that banks and institutions provide access to consumer data in a standardized format on API-driven aggregators’ platforms. The Open Banking Act in the UK, passed in 2018, obligates financial institutions to share consumers’ data with third parties through secure APIs, with the consumers’ consent.


Section 1033 of the Dodd-Frank Act marks a transformative shift towards open banking in the US. By empowering consumers with greater control over their financial data and fostering competition and collaboration, this rule promises to reshape the financial landscape, encouraging innovation and offering better services for all. Financial institutions must navigate these changes with agility, embracing the collaborative opportunities with fintech companies to stay ahead in this evolving market.

Stay informed about the latest developments in financial regulations and open banking. Follow our LinkedIn page for more insights and updates

Share Article

Table of Contents