Jackson Stone
By Jackson Stone
Nov 6, 2024
Industry Insights,Compliance
13 min read

The 1033 rule: The next five years and beyond for open banking

By now, you’ve probably read more than one article talking about the CFPB’s Open Banking or ‘1033’ rule. Formally called the Personal Financial Data Rights Rule, it activates dormant legal authority that the CFPB has held since 2010 to accelerate open banking. This is all done with the express goal of lowering the cost of loans and letting consumers ‘fire’ bad service providers.

You might’ve read the CFPB’s own announcement, commentary from writers like Alex Johnson and Simon Taylor, or compliance and implementation info from companies like Plaid.

The rule goes into effect for the largest financial institutions on April 1, 2026, with smaller and smaller companies falling under its scope in yearly increments until 2030. (The rule also carves out an exemption for the smallest depository institutions, those managing less than $850 million in assets.)

While there’s been a great deal of discussion about the practicality and logistics of that data sharing, fewer commentators have speculated about how these changes would affect consumer and business behavior. This post will look at those questions, not necessarily making predictions about what will happen, but considering how the rule could alter the incentives and barriers that have guided consumers, and the overall policy objectives that the CFPB is pursuing.

The immediate future

Within the next two to three years, we’re bound to see a few predictable outcomes as the earliest deadlines near.

  • Lawsuits and the courts will scrutinize the rule. (The figurative ink on the 1033 rule hadn’t even dried before the first suits were filed.)
  • Companies will scramble to build open banking infrastructure before their specific deadline comes up. Smaller, tech-forward companies will have the most time and best tools to accomplish this; larger providers on legacy systems will have the most difficulty.

The inevitable litigation

Right off the bat, we’re seeing a somewhat predictable cycle:

  1. The CFPB issues a new rule.
  2. Industry groups file lawsuits, hoping to get some or all of the rule dismissed.
  3. The courts might cut out some aspects of the rule.
  4. A revised version of the rule goes into effect, possibly on a later timeline.

We saw this recently with the cycle of lawsuits, redlining, and revisions that stripped out some of the main provisions from the CFPB’s Payday Lending Rule and BNPL falling under Reg Z, and already we’re seeing groups like the Bank Policy Institute filing lawsuits. JP Morgan filed a 50 page suit within hours of the rule being issued. (In an interview soon after, CFPB director Rohit Chopra joked that “I haven’t read their lawsuit, and I don’t think they’ve read the rule.”)

But if those lawsuits succeed, how different would the outcome be? As Alex Johnson and Simon Taylor pointed out, many consumers and businesses alike are excited about the prospects of open banking and pay-by-bank. Even if regulatory fiat doesn’t require open banking, the market may: If borrowers genuinely value open banking and data sharing with their favorite third parties, they’ll naturally migrate to the providers that support it. FIs that don’t provide open banking (including those small providers the current rule exempts) might come to be seen as the very lousy service providers that the rule targets.

Compliance and data visibility

In the immediate future, financial institutions and other credit providers will soon need to comply with the open banking provisions. The CFPB didn’t specify precisely how data will be shared with authorized third-parties, instead leaving implementation details up to the private sector.

This isn’t unprecedented. Nacha files, for example, weren’t developed by the government, but by banks in the private sector. (Granted, that development arose organically from a shared incentive to make payments easier, and took several years to catch on in a smaller region before expanding nationally, but the fact remains.)

If 1 to 5 years sounds like a pretty tight timeline for developing a new and secure standard and implementing it at different financial institutions across the country, you may be amused to know that this consideration was part of the reason Director Chopra gave for the rule’s current timeline:

So one of the things where we landed was that we did extend the required compliance period, and part of that was to work out some of the details that need to be done by the private sector. The private sector needs to figure out how it will develop a common set of standards. We are working very hard to process applications by standard setting organizations. I think the industry also controls a lot of the network rules for payments, and many of those need to be updated to reflect the realities of pay-by-bank and other solutions. So we did extend the period of time a little bit.

For modern platforms (like LoanPro), sharing two years of financial information is a very manageable request. All you really need to decide is how to format the data, and your existing technical infrastructure and data visibility tools can handle specific requests. But for legacy systems, some of which were developed before email was invented, this could be a little trickier.

If the lawsuits don’t strip away or push back the data access requirements, legacy platforms and their clients will have a few options. Legacy systems may try to build or integrate a compliant tool, but they might lack the development infrastructure to create a solution in time for the earliest deadlines.

New avenues for deceptive or abusive behavior?

In an interview with Fintech Takes’ Alex Johnson, CFPB Director Rohit Chopra said that “a major point of focus for me in the rule was making sure that open banking in the US did not turn into an underworld of data broker mining.”

With authorized third parties having easier access to consumer data, the most obvious risk is that consumers will authorize third parties that really shouldn’t have access to their financial data, including not just outright fraud, but also data miners who provide some kind of legitimate service as a means of accessing, reselling, and abusing consumer data.

It’s not hard to imagine unwary consumers granting access to companies they know nothing about, and it’s not hard to imagine lawmakers blaming their banks if those consumers are then victims of fraud. This is practically the same situation we’re already seeing with peer-to-peer payment tools like Venmo and Zelle, except with data rather than money, and lawmakers have blamed banks for failing to prevent it.

The rule does allow banks and creditors to deny some third-parties access based on fraud risk, but it doesn’t answer the question of who would be liable. In the near future, we can expect some lawsuits to hash out the details (these fraud concerns are part of JP Morgan’s reason for suing the CFPB over the rule) but some possibility of deceptive or abusive behavior will likely remain. Effectively mitigating that risk will take a deliberate effort, and doing so in a way that keeps open banking profitable and attractive will take some finesse.

The downstream effects

This rule was not issued just so that consumers could more easily see their data; in their announcement, the CFPB expressly called out their goal to “empower people to more easily fire financial companies that provide bad service”.

They then elaborate on how consumers will be able to ditch mediocre providers, and how better products would be more readily available to them:

  • Fire fintechs and banks that provide lousy service: Consumers will be able to transfer their bank data to another bank, ensuring consumers can keep much of their banking history as they switch to another financial institution. People will not have to pay fees or clear hurdles from companies that make it harder to switch providers.
  • Shop for better rates on products and credit: Consumers will be able to comparison shop and move to a competitor offering better rates, such as higher interest on deposits or lower interest on loans. It can also help people—including consumers with shorter credit histories, like young people—gain access to credit or obtain credit on better terms, by allowing lenders to make loans using data held by other institutions, such as information on income and expenses.

In essence, the open banking requirements will make it easier for your typical consumer to move their assets and credit card debt from one provider to another. Open banking will also make it far easier for consumers to grant data access to third parties, like a budgeting tool or another financial provider.

But what would ‘firing your bank’ really look like at scale? And what third-parties will be leveraging open banking to offer their services to consumers?

Firing your bank

It’s worth noting that switching banks isn’t some distant impossibility without open banking—it’s already very much possible to get frustrated with your bank and transfer your balances to another. But it’s also a somewhat inconvenient process, and with your financial data held at the previous institution, there’s no guarantee that you’ll qualify for any better credit products with your new provider.

If the new provider was actively seeking to acquire and vet new customers, they might already use a wide array of data tools to confirm their creditworthiness. Direct access to transaction data from their previous institution would make this easier, but it seems like more of a marginal change than a fundamental rewriting of the rules.

Jonah Crane, a partner at financial services advisory firm Klaros Group, said that bank switching seems to be more of a marginal concern. Markets with open banking, like the UK, didn’t show a sudden wave of account switching. The real benefit open banking offers consumers, Crane argues, is “allowing all those different solutions to be connected to each other in a way that makes it more seamless, and hopefully secure.” Rather than firing their bank, consumers may supplement them with third-parties who enhance their overall experience.

Customer experience is king

Still, if abandoning a previous financial institution is suddenly far easier and carries less of a cost, we can reasonably expect more borrowers to make the switch. Even if the numbers are “marginal”, credit and lending are industries that often live on a thin margin between success and insolvency; losing even a small fraction of their repaying borrowers could spell disaster.

And by the same token, some providers might see this as an opportunity—it’ll be easier than ever for a borrower to ditch your competitors and migrate to you.

In either case, winning and retaining customers will depend not just on good marketing or financial terms, but on a superior customer experience. Every minute that a customer is on hold with your answering machine or struggling to navigate your website, they’ll now have in the back of their mind the idea that switching to another provider is easier than ever.

On LoanPro’s modern platform, FIs and other credit providers have wide range of tools that can elevate their customer experience and foster long-term retention:

  • Personalized communication. LoanPro’s communication suite can merge customizable templates with real-time borrower and account data, giving borrowers greater visibility into their finances. When borrowers need to get in contact with you, two-way texting can connect them to agents or even trigger automatic actions on their account, like adjusting a due date.
  • Hardship programs. Credit providers can win long-term loyalty with customers by extending them a bit of latitude when they fall on financial hardship. Allowing borrowers to pause payments, lower payment amounts, or decrease interest rates will give them some room to get back on their feet, and show them that you care about their long-term financial health. LoanPro customers like Best Egg have launched hardship programs, and soon landed a place in the top ten of the J.D. Power Award for customer satisfaction in consumer lending.
  • Tailored financing. Legacy platforms often lack the configurability to personalize an account to individual borrowers; by necessity, they treat customers as one-size-fits-all. But LoanPro’s configuration-first approach means that each product can be easily adjusted to match a borrower’s preferences, creditworthiness, and cash-flow requirements. Rather than a binary approve/deny, borrowers can be matched to the products and terms that best fit their situation. And as that situation evolves, LoanPro can automatically recommend other products to them, all according to your own business logic.

Keeping up with the CFPB’s ongoing policy goals

After the lawsuits and scramble for compliance have ended, 1033 might not really be done. Since its inception in 2010, the CFPB has been through several presidential administrations, each putting their own spin on the idea of consumer protection. This rule might be the first time they’ve used their original mandate to pursue opening banking directly, and it likely won’t be the last.

We can expect the CFPB to continue to pursue open banking, pay-by-bank, and other policy goals outlined in section 1033. When that happens, credit providers need to make sure their operation lives in a platform that can adapt to rule changes, whether through altering their products to follow new regulations or adapting their back-office operations to comply with open banking’s data sharing provisions.

To see firsthand how LoanPro opens data visibility and keeps your operation compliant by default, reach out to us. We’d love to show you how it works.

Jackson Stone
Jackson Stone
Product Marketing Manager

Recommended blog posts for you

From auto lot to silicon slopes
Industry Insights
From auto lot to silicon slopes

Any kind of financing can be tricky, but automotive lending is its own beast. Between the logistical challenges of managing or coordinating with auto lots, the difficulty of tracking and sometimes recovering collateral, and the web of state and local regulations, automotive lenders and lessors have a lot to handle—and that’s on top of problems that are universal to any credit provider, like driving portfolio growth, keeping borrowers engaged, and staying efficient.

Rhett Roberts
Rhett Roberts
Nov 19, 2024
Read more
Deliberate and emergent strategies
Industry Insights
Deliberate and emergent strategies

When we tell stories of successful business and entrepreneurs, we tend to mythologize the unwavering vision of a single, brilliant mind, with stories like Thomas Edison setting out to create the lightbulb and trying thousands of possible filaments until one finally worked.

Rhett Roberts
Rhett Roberts
Nov 14, 2024
Read more
'Fraud prevention, AI, and compliance in SMB financing' webinar recap
Industry Insights
'Fraud prevention, AI, and compliance in SMB financing' webinar recap

Hosted by Colin Terry, COO and EVP of Product at LoanPro, Jonathan Awad, co-founder and CEO of Baselayer, and Ashwin Chandrasekaran, Senior Director of Product Management at Forward Financing, ‘Fraud prevention, AI, and compliance in SMB financing’ delves into the complexities of fraud prevention, offering insights on how financial organizations can strengthen their efforts with next-gen technology to mitigate risks while ensuring compliance.

Spencer McWilliams
Spencer McWilliams
Nov 13, 2024
Read more