CFPB's Section 1033
Regulated Open Banking is coming to the United States

Altitude Consulting helps financial institutions prepare

The Consumer Financial Protection Bureau (CFPB) released the final Section 1033 ruling of the Dodd-Frank Act in October 2024.

This rule mandates financial institutions and payment providers to offer open banking APIs for the secure sharing of account data.

How this impacts the industry?

Institutions Impacted

Banks and Credit Unions holding consumer accounts (checking, savings).
Issuers of consumer credit cards.
Services that possess or control account information including those providing EFT services or digital wallets.

Common Standards

Financial institutions will be required to offer APIs that conform to CFPB accredited industry standards.

Existing methods of sharing data via screen scraping will be reduced and eventually eliminated.

Consumer Control

Account holders will be in control of the data they would like to share. They will have the ability to provide and revoke consent for data sharing.

Increased Security

Financial institutions providing data and those that are receiving data will be required to meet security and data handling standards. Data will only be used for the purpose it was originally consented to.

How Altitude Can Help

Readiness & Strategy

Set the foundation for your organization’s Section 1033 compliance

Platform and Partner Selection

Identify the platforms and Fintech partners that best fit your organization’s needs

Operationalization & Monetization

Implement the open finance platform and use cases that will drive business value

Schedule a call

Section 1033 Resources

Masterclass: FDX Security Essentials (53 mins)

FDX Security Decoded.

FDX Security Framework
Security standards, including OAuth and FAPI
Best practices for certification and governance

View Masterclass

Masterclass: Section 1033 and Open Banking Opportunities (60 mins)

Everything you need to know about Section 1033.

Section 1033 Essentials
Options for Implementation
Monetization

View Masterclass

Comprehensive Guide to Section 1033

Get up to speed with Section 1033 in one easy to read document.

Section 1033 Requirements
Data Scope and Timelines
Compliance via Open Banking Platforms
Recommendations and Next Steps

Read Guide

Guide to the Best Open Finance Platforms - Fall 2024 Edition

In-depth analysis of 17 top global open finance and open banking platforms for meeting CFPB Section 1033 compliance and use cases for monetization.

Download Whitepaper

Frequently Asked Questions

What is the CFPB?

The Consumer Financial Protection Bureau (CFPB) is a US government agency whose mission is to protect consumers in the financial sector by enforcing federal consumer financial laws and ensuring that financial institutions treat consumers fairly.

Has Section 1033 been finalized?

The CFPB has finalized Section 1033 in October 2024.

Is my organization impacted?

Section 1033 impacts Regulation E depository institutions (banks, credit unions, other financial institutions) that hold checking and savings accounts, and organizations that issue Regulation Z accounts: consumer credit cards, services that possess or control account information including EFT service providers and digital wallets.

What are the timelines for compliance?

The following timelines will apply. The timelines are based on assets under management (AUM) for depository institutions and revenue for non-depository institutions.

April 1, 2026: >$250B in assets / >$10B in revenue (non-depository institutions)

April 1, 2027: >$10B in assets / Under $10B in revenue (non-depository institutions)

April 1, 2028: >$3B in assets

April 1, 2029: >$1.5B in assets

April 1, 2030: >$850M in assets

Institutions with under $850M in assets currently don't have a set compliance timeline; their participation is voluntary.

What account types and data types are covered?

Regulation E - Deposit Accounts: Checking, Savings

Regulation Z - Payment Accounts: Credit cards

Additional Covered Institutions: Payment services, prepaid cards, digital wallets

Data Types: Transaction information, account balances, account numbers and routing numbers, terms and conditions (fee schedules, rates, reward program terms, overdraft coverage, arbitration agreements), upcoming bill payments, basic account verification info (account holder's name, address, email, phone number)

Data Period: Minimum of 2 years (24 months)

How can my organization prepare?

Begin learning about Section 1033 requirements and their implications to your organization. Ensure that your leaders are engaged across Compliance, Strategy, Technology and Operations. Identify which timeline your organization falls into for compliance. Review your data governance, API maturity, technology stack and identify any bottlenecks or challenges that may arise while working to meet requirements. We have plenty of resources to get you started, and are here to help.