The Consumer Financial Protection Bureau, or CFPB, is an independent agency of the United States government. On 22 October 2024, the CFPB
issued a final rule to implement
Section 1033 of the Dodd-Frank Act, seeking to govern how consumers access and share their financial data – and how that data is protected. In essence, the regulation marked an attempt to develop
Open Banking infrastructure in the US – of which data standardisation, greater consumer safety, data use and retention controls, and decentralisation, are the desired results.
In its October 2023 request for
public comment, the CFPB advised that Section 1033 would “provide basic standards for data access; and promote fair, open, and inclusive industry standards.” At the time of writing, however, uncertainty over this regulation reigns. The CFPB, for its part,
has been
put on hold, and is under threat of being dismantled altogether by the current US administration.
Open Banking: For US consumers
The United States’ financial services landscape is more complex than ever before. Both the variety and volume of players have never been so great. A by-product of this multi-faceted marketplace is technological fragmentation, with end-users experiencing
considerable fiction when trying to access third-party services, or switch from one bank to another.
In the
literature, Section 1033 notes: “A covered person shall make available to a consumer, upon request, information…concerning the consumer financial product or service that the consumer obtained from such covered person…” If consumers’ data is to be seamlessly
shared between providers, standardised
application programming interface (API)s will need to be built out.
There are further technicalities within Section 1033 that seek to create guardrails and reduce vagueness around what exactly is required to access, share, and handle consumer data. This seeks to create an understanding in the marketplace of what is expected
– from the perspective of authorisation and consumer consent, as well as when consumers would need to re-authorise access to their data.
The CFPB’s overarching goal here is to level the playing field, catalyse market competition, boost consumers’ financial wellness, and make it simpler for end-users to access a variety of services.
Challenging the rule: Market-driven vs. regulatory-driven change
Recently, however, Section 1033 has been
challenged by some US institutions (as well as the administration) – which claim that the 600-page rule is overly complex; will be too challenging to adopt; does not sufficiently protect consumer data; and does not apportion ecosystem liability fairly or
clearly.
The debate around Section 1033 and its efficacy in the US stands in direct contrast to the European counterpart, which is seen as the cradle of Open Banking; having pioneered the Payments Services Directives that birthed it. Already, the third Payments Services
Directive (PSD3), is being workshopped, and is
expected to come into effect by 2026.
Since their transcription, the principles of Open Banking have spread around the globe, with some jurisdictions taking a market-driven approach and others taking a regulatory-driven approach. Outside the EU, the two major jurisdictions that have taken a
regulatory-driven approach are Hong Kong and Australia.
India, Japan, Singapore, and South Korea, on the other hand, do not have formal Open Banking rules, though their policy makers are “introducing a range of measures to promote and accelerate the take-up of data sharing frameworks in banking,” says
Deloitte.
The US also assumes the market-led approach, with limited government initiatives that would entirely untether Open Banking. “Due to the highly fragmented and state-based nature of banking and banking regulation in the US, as well as a cultural aversion to
red tape,” says
Deloitte, “there is little discernible appetite currently for taking this forward and issuing a common federal policy on Open Banking.” This stance is unlikely to change under the current administration, given its penchant for dissolving bureaucracies via
the new Department of Government Efficiency.
Without a sector-wide API strategy in the US, screen scraping – as a means for third party providers (TPPs) to extend services without having to enter into contractual agreements with banks – remains
commonplace. Section 1033 does not seek to limit screen scraping or provide oversight of third-party entities.
Forging trust: A waiting game
Notwithstanding its complexities and imperfections, CFPB Section 1033 aims to instil harmonisation within the US financial market; and drive trust between data providers, data aggregators, and end-users.
Whether the CFPB will be given the chance to act on these goals is now in the hands of the Trump administration. Amidst this uncertain future, a more considered approach to Open Banking in the US is needed.