CFPB finalizes open banking rule

Section 1033 requires financial institutions, credit card issuers and other financial institutions to transfer consumers’ personal financial data to another provider for free at the consumer’s request. The rule also requires personal financial information to only be used for reasons authorized by the consumer. Section 1033 bans “screen scraping,” when consumers provide their account passwords to third parties which then use the information to access data through online banking portals.  

The Consumer Financial Protection Bureau finalized its open banking rule this week. 

Section 1033 requires financial institutions, credit card issuers and other financial institutions to transfer consumers’ personal financial data to another provider for free at the consumer’s request. The rule also requires personal financial information to only be used for reasons authorized by the consumer. Section 1033 bans “screen scraping,” when consumers provide their account passwords to third parties which then use the information to access data through online banking portals.  

According to the bureau, Section 1033 will stoke competition by allowing consumers to choose banks with better products and services. The CFPB expects open banking will increase the pressure on banks to improve their offerings. 

“Too many Americans are stuck in financial products with lousy rates and service,” said CFPB Director Rohit Chopra. “Today’s action will give people more power to get better rates and service on bank accounts, credit cards and more.” 

The largest financial firms will be required to comply with Section 1033 by April 1, 2026, while the smallest covered financial institutions will not have to comply until April 1, 2030. Banks with less than $850 million in assets are exempt from the rule. The CFPB has also finalized standards-setting qualifications that companies will use to comply with the rule.

Following the release of the final rule, the American Bankers Association and Independent Community Bankers of America criticized Section 1033. ABA President and CEO Rob Nichols said Section 1033 “has devolved into a press-release driven, political exercise based on the false premise that consumers lack choices and a misunderstanding of whether Dodd-Frank grants the CFPB the authority to radically reshape the financial services marketplace.

“While we are still evaluating the details of the final rule, it is clear that our longstanding concerns about scope, liability and cost remain largely unaddressed,” Nichols added. “This is disappointing after so many years of good-faith efforts by parties on all sides to improve consumer outcomes.” 

ICBA President and CEO Rebeca Romero Rainey called on the CFPB to use Section 1033 to promote data security at third-party fintechs. “Otherwise, community banks will be faced with the impossible task of vetting the security protocols of potentially thousands of fintech companies seeking to access their customers’ data,” she added.

Fredrikson & Byron Law