With the issuance of the CFPB 1033 final rule in late October 2024, the countdown to Open Banking compliance has officially begun for financial institutions of all sizes. Due to the overwhelming complexity involved, it’s shaping up to be a major undertaking.
In our recent webinar — the final event in our Open Banking Compliance Series — experts from Akoya and Capgemini shared the challenges financial institutions will face. They also shed light on actionable steps that financial institutions can take to reduce complexity and get ahead of potential problems before they arise.
Why Section 1033 compliance matters
CFPB Section 1033 of the Dodd-Frank Act is designed to empower consumers by giving them greater access to their financial data. While the intent is clear — data transparency and security for consumers — the responsibility for enabling this access falls squarely on the shoulders of financial institutions.
Compliance involves far more than checking a box. It includes:
- Ensuring a secure data-sharing infrastructure.
- Managing third-party access effectively.
- Maintaining ongoing compliance with evolving regulatory standards.
The stakes are high. Failure to comply doesn’t just mean regulatory penalties — it could also mean losing customer trust in an already competitive market.
“When it comes to any sort of compliance in a financial institution, things will be put off until they are absolutely 100% necessary because it’s a simple matter of resourcing,” said Courtney Robinson, Head of Policy and Communications at Akoya. “Setting up compliance in this new era is not just a matter of being compliant for the sake of being compliant, it’s also about staying competitive. This is doing positive work in service of your customers.”
Technology infrastructure overhaul
To meet Section 1033 requirements, financial institutions must update their technology to provide secure, seamless access to consumer data. However, many institutions still operate on legacy systems that weren’t designed for Open Banking or real-time data sharing.
What to consider:
- Are your systems secure enough for real-time data access?
- Can they integrate with third-party applications without compromising security?
- What upgrades or replacements are needed to meet compliance deadlines?
Policy and procedure changes
Section 1033 doesn’t just introduce new operational requirements — it fundamentally changes how banks and credit unions manage data-sharing policies. Financial institutions must create internal processes to handle:
- Customer data access requests.
- Records demonstrating compliance.
- Procedures for revoking third-party access if security risks arise.
It’s not a one-and-done process. Institutions will need to continuously train staff, update protocols, and ensure adherence to evolving rules.
Managing third-party risk
The most daunting challenge for financial institutions will be managing the risks associated with third-party data recipients, such as fintechs and aggregators. Unlike other jurisdictions where regulators certify third parties, the U.S. places this burden on individual financial institutions.
What this means for you:
- You must vet and approve every third-party requesting access to customer data.
- You will need ongoing monitoring and due diligence to ensure compliance.
- You will need to create a scalable system for managing the sheer volume of third-party relationships.
“The regulation is not static,” said Jeroen Holscher, Global Head of Payments for Capgemini. “It will continue to evolve, requiring institutions to manage compliance proactively.”
The long-term commitment to Section 1033 compliance
Meeting the initial requirements for Section 1033 compliance is just the beginning. Financial institutions must also be prepared for:
- Regulatory updates: The CFPB’s guidance will evolve, and institutions need to stay ahead of the curve.
- Consumer expectations: With transparency comes heightened scrutiny from customers about how their data is handled.
- Market competition: While smaller institutions may benefit from delayed compliance deadlines, embracing Open Banking early presents an opportunity to gain a competitive edge.
“This is not just about meeting a deadline,” Robinson said. “It’s about setting up systems and processes that work for your institution and your customers long-term.”
How Akoya can help
Section 1033 compliance is complex, but you don’t have to go it alone. At Akoya, we offer a comprehensive compliance solution designed to help financial institutions navigate the technical, operational, and regulatory challenges ahead.
Our solution includes:
- A developer portal for API access and documentation.
- Tools to help you manage third-party relationships and risk assessments.
- Support for maintaining policies and procedures in alignment with evolving regulations.
- Expertise in standard-setting organizations like FDX to ensure ongoing compliance.
Ready to get started?
We know this journey can feel overwhelming, but preparation is key. Don’t wait — compliance deadlines are coming fast, and the time to act is now.
Test your 1033 readiness level.
Learn more about Akoya’s 1033 Compliance Solution.