FinTechs Believe CFPB’s 1033 Rule Will Bring ‘Clarity’ to Data Sharing and Foster Financial Services Innovation

Matt Janiga, legal counsel and director of regulatory and public affairs at Trustly, told PYMNTS that the Consumer Financial Protection Bureau’s open banking rule, commonly referred to as Rule 1033 (or just 1033), is on track to be finalized this year.

“I’d tend to trust the bureau when they say that they are targeting Q4 or the end of 2024 to get this rule out,” he said.

At a high level, 1033 mandates that banks and other financial service providers must make transaction-level data and other information available to consumers at their request.

The most immediate benefit to be gleaned from 1033 will be a better understanding of how data must be handled, he said.

“Regardless of where you sit, if you’re providing data, accessing data, using data — and if you’re a consumer and want to share your data — you’re going to have clarity on what it all means and what you can do with this data under the new rule,” Janiga said.

That clarity, he added, will help standardize data-sharing practices, an advantage in a financial services arena where banks have traditionally put strict walls around customers’ data. The rule is also meant to foster competition within financial services, so it may keep larger banks and enterprises from charging for data access.

With clarity in place, companies will be “able to build durable, resilient, pro-consumer use cases,” Janiga said.

The Innovation Roadmap

Asked by PYMNTS whether the innovation will be consumer-led or whether companies will have to build use cases first and spur interest in those offerings, Janiga came down firmly on the side of the latter. However, fine-tuning of those use cases will be swift, he said.

“You’ll see companies innovate first,” he said.

Consumers will have revocation rights and will essentially vote with their feet if they think their data is not being used in ways with which they are comfortable, he said.

“The companies are going to have to [show consumers] that, ‘If you bring me your data, and choose to share it with me, I can offer you this benefit and offer you this service,’” he said.

The innovation will be easier to bring to market as connectivity is streamlined through APIs that link banks to third-party providers.

The CFPB itself will be faced with the challenge of fine-tuning just how much innovation it wants to enable, weighing consumer protections, secondary data use, and even the national security concerns that are tied to data.

Banks will put limits in their contracts, and providers including Trustly will “flow” those limits down via contracts with their merchant clients. Larger firms are already in compliance with GDPR and California privacy laws; smaller firms will have to pivot to comply.

“The CFPB will be thinking about harmonizing [with those existing frameworks] in order to create ‘safe harbors,’” Janiga said.

Forward-thinking banks are already putting providers through third-party risk management processes before offering connectivity through APIs.

He predicted that if the CFPB wants to draw more financial institutions into the mix (especially resource-constrained community banks), there will be a shift from the in-place six-month time frame to 12 months as the FIs seek to address risk management issues.

The most immediate use cases after the final 1033 rule takes shape will likely crystallize around credit use and credit underwriting. Open banking and permissioned data can broaden financial inclusion and “give new entrants and companies, including Trustly, a chance to innovate and drive new products into the market,” Janiga said.