top of page
  • Writer's pictureW.B. King

Plaid Offers FIs and Fintechs Update on Section 1033—the Open Banking Law

By W.B. King


Passed as part of the Dodd-Frank Wall Street Reform and Consumer Protection Act in 2010, in the fall of 2024, Section 1033—the open banking law—is scheduled to go into effect.


As noted in point four of Plaid’s recent report, The Future of Finance: 4 Trends Driving Growth, 1033 stipulates that consumers—or the parties they authorize—have a right to access and securely share their financial data. Currently, the Consumer Financial Protection Bureau

(CFPB) is writing the rule that will put Section 1033 into action.


Working with companies that are connected to thousands of financial institutions across the U.S., Canada, U.K., and Europe, The San Francisco-based Plaid bills itself as offering digital finance solutions that enable millions of people to live healthier financial lives.


How Will Section 1033 Affect Financial Institutions?


In October 2023, the banking industry learned that authorized third parties, including fintechs and other companies authorized by a consumer to receive financial information from a data provider, will need to securely access the data that powers the financial services they provide, the report explained.


According to Plaid, required steps are expected to include:


  • Establish and maintain a developer interface for third parties to access consumer-authorized data. These application programming interfaces will likely have to meet certain standards and make data available in a generalized format, without unreasonable access caps and pursuant to certain security specifications.


  • Retain compliance records when consumers permission data from them to an authorized third party. At the same time, they will likely have the right to assess

    whether a third party is a legal entity and whether it maintains adequate data security.


“Increasingly, companies may be operating as both data provider and recipient, which will impact the compliance calculus,” the report noted. “For instance, a bank may make consumer permissioned data available, while also leveraging open banking data to build their own services and tools.”


How Will Section 1033 Affect Fintechs?


According to Plaid, the required steps are expected to include:


  • Authorization: The rule will likely stipulate that third parties must obtain consumers’ authorization to access their data, that consumers must be able to revoke that authorization at any time, and that access must be reauthorized at least every 12 months.

  • Retention: The rule will likely require authorized third parties to keep records that show they’ve followed the authorization requirements.


  • Onboarding: The rule will likely require authorized third parties to provide certain information to the data provider to help verify that they’re a legitimate entity and show evidence of adequate security practices.


“Given the brisk timeline expected for the implementation of some of the rule’s requirements, preparing your business’s compliance in advance is paramount,” the report stated, adding that the once Section 1033 is passed, certain requirements may go into effect in as little as 60 days.




 

 

Comments


bottom of page