In our webinar, "It’s time to act. Prioritize CFPB 1033 compliance for your customers," Open Banking experts from Akoya and Capgemini delved into the far-reaching implications from the Consumer Financial Protection Bureau’s final Section 1033 rule for financial institutions.
The session brought together Ramandeep Singh, VP & Cloud Engineering Security Leader at Capgemini, and Behram Panthaki, Chief Operating Officer at Akoya, to provide their insights into how organizations can prepare for and achieve 1033 compliance while at the same time leveraging potential opportunities presented by the rule. Watch the webinar on-demand below.
The final CFPB 1033 rule, announced in late October 2024, aims to ensure consumers have secure access, use, and control of their financial data.
Panthaki, who led digital payments and platforms at JPMorgan, Chase, and Citi prior to joining Akoya, explained that the rule builds on previous proposals to protect consumers by limiting screen scraping practices and enhancing informed consent for data sharing.
The final 1033 rule mandates that consumers can revoke or modify their data sharing preferences easily, and it requires third-parties to adhere to strict data security and minimization practices.
The rule also sets obligations for data providers, requiring them to develop API-based interfaces for data sharing. These interfaces must be secure and fast, allowing authorized third-parties to access permissioned consumer data.
In addition, data providers will need to conduct due diligence on third-parties to verify compliance with security standards.
Importantly, the rule expands the definition of covered data to encompass credit cards and buy-now-pay-later (BNPL) product data.
One significant change from the proposed rule is the extension of compliance deadlines. The largest banks, with assets over $250 billion, must comply by April 1, 2026. Subsequent tranches of institutions have deadlines extending to 2030.
However, Panthaki cautioned that while the deadlines appear relaxed, the complexity of implementing a comprehensive compliance solution, including the technology and the third-party management required, means that financial institutions should not wait and need to act now.
Singh, drawing on his experience with open banking implementations in Europe and Australia, highlighted the challenges and opportunities presented by the CFPB 1033 rule.
He noted that the approach in the United States, being market-driven rather than strictly regulatory, offers flexibility but also necessitates consensus-building among stakeholders. The integration of multiple systems, testing, and alignment of data standards will require significant effort and collaboration.
Singh also emphasized the importance of viewing compliance not solely as a regulatory burden but as an opportunity to enhance customer offerings.
By leveraging the data shared through compliant interfaces, financial institutions can develop tailored products and services, improving customer satisfaction and competitive advantage.
Singh and Panthaki also addressed the broader implications for consumers. The rule empowers consumers by providing them with more control over their data and ensuring that data sharing is done transparently and securely.
This aligns with the CFPB's goal of fostering trust in the financial system and enabling consumers to make informed decisions about their financial health.
The session concluded with clear instruction for financial institutions to prioritize their compliance efforts.
While the extended timelines offer some breathing room, the complexity of the requirements and the potential benefits of early compliance mean that institutions should act swiftly to implement the necessary changes.
By focusing on consumer protection, data security, and collaboration, financial institutions can navigate the challenges of compliance while seizing the opportunities to enhance their offerings and build stronger relationships with their customers.
You can see where your organization stands currently by taking our 1033 readiness assessment.
Learn about Akoya’s 1033 Compliance Solution.