Open Finance in the US: The Status of CFPB Rule 1033

• Open finance lets both business and consumers control and share their financial data with third-party apps, which allows, among other things, businesses to accept direct account-to-account (A2A) bank payments from their customers.
• The CFPB has finally promulgated a rule under Section 1033 of the Dodd-Frank Act, which is designed to bolster US open finance and turn consumer data access into a legal right, not a negotiated privilege — but the new rule is currently paused by litigation.
• Incumbent banks in the US continue to oppose open finance under Section 1033, arguing instead for paid access and contractual control.
• Despite regulatory delays, consumer demand for integrated financial services continues to drive increasing adoption of US open finance solutions, benefitting both business and their customers.

What is Open Finance in the US?

Until recently, however, US authorities have eschewed a comprehensive regulatory framework. This regulatory vacuum in the US has led to a fragmented, inconsistent and expensive – what industry insiders euphemistically label the "market-led" – approach to open-finance, which has developed as a permissioned pay-to-play scheme where financial institutions make consumer data available to a limited number of aggregators for a hefty fee.

Now, with US business and consumers waking up to the possibilities of choice and control when it comes to their financial data, they have begun to demand more from their financial service providers. This user driven push, combined with the deficiencies inherent in a purely market lead approach, has prompted the Consumer Financial Protection Bureau (CFPB) to finally make good in its legal mandate and formalize rules relating to the data access requirements in Section 1033 of the Dodd-Frank Act.

Section 1033: US Consumer Demand and CFPB Regulatory Catch-Up

Section 1033 was drafted as part of the broader Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. It mandates that financial institutions provide consumers with access to their personal financial transaction data, enabling them to share it with authorized third parties, fostering "open banking" for better financial products and services. Obviously, the major financial institutions have been opposed to the notion that consumers should own, and control access to, their own data from the start, engineering a miasma of political interference and regulatory inertia that has delayed action on this mandate for over a decade while other jurisdictions (UK, EU, APAC, etc.) race ahead. However, despite ongoing litigation as entrenched financial intuitions attempt to delay or prevent enforcement, the CFPB finally promulgated its Personal Financial Data Rights rule in October 2024, initiating a phased implementation of Section 1033.

The new rule issued by the CFPB under Section 1033 requires covered "data providers" to make "covered data" available electronically to consumers and to "authorized third parties," using secure and reliable mechanisms. Two points became especially contentious with financial institutions:

1. No-fee access / charging restrictions – banks generally want to monetize access; consumers and innovators want data portability at marginal cost.
2. You can't satisfy the obligation by allowing screen scraping – the rule is designed to push the market toward safer, permissioned access methods via APIs and direct integration.

Where Do We Go From Here?

Well – that's really anyone's guess, but here are a couple plausible paths for consideration:

If a revised 1033 rule becomes operative after the current stay, expect these structural shifts:

1. Data access becomes a right, not a negotiated privilege: Data providers must support access to covered data for consumers and authorized third parties on standardized terms.
2. Screen scraping gets squeezed out: The rule is designed to make secure, permissioned access the norm.
3. More uniform security + authorization expectations: The rule's "authorized third party" concept is meant to formalize responsibilities on the receiving side (privacy, security, authorization procedures).
4. Standards emerge for APIs and other technical requirements. Increased technical standardization boosts access and adoption.

• Consumers (clearer rights and revocation)
• Innovators (predictable access)
• Competition and switching

• Large incumbent banks that rely on monopolized data control
• Institutions that monetize access scarcity

If the CFPB framework stays weakened or stalled long-term, we'll see open finance continue to betray its moniker as it further consolidates around power centers.

1. Paid access becomes the default: The reported JPMorgan approach — charging aggregators for access — becomes standard among large banks.
2. Bilateral terms shape competition: Access, rate limits, feature completeness (ex., balances, pending transactions, enriched metadata), and uptime SLOs become commercial levers.
3. Security remains uneven: Big banks can enforce strong security requirements via contracts, but smaller institutions may lag or outsource, producing a two-tier ecosystem.
4. Higher barriers for startups and reduced innovation: If every major bank has fees + bespoke onboarding + legal review, early-stage fintechs face "integration tax," which tends to favor incumbents and well-funded platforms at the expense of consumers.

• Big banks: retain pricing and platform control
• Large aggregators: may become "regulated-like utilities" through private deals

• Consumers: experience depends heavily on which institutions they use and which apps can afford access; higher expenses with less innovation and limited choice and control
• Innovators: face higher barriers to entry and slower time-to-market

While in reality we'll likely end up somewhere in between, the debate around Rule 1033 really boils down to whether financial data belongs to the institution that holds it or the user it pertains to. And despite the lack of clarity on the regulatory front, two corresponding themes are becoming increasingly apparent:

1. Users are demanding open access and control over their financial data in standardized, innovative and usable ways; and
2. Businesses across the board benefit by incorporating open-finance solutions into their business operations and payment flows by increasing conversion and reducing processing costs.

How Quidkey Solves and Simplifies Open Finance in Any Regulatory Environment to Help Your Business Grow

• Our comprehensive platform coordinates payment orchestration across different geographical markets and automatically selects the best solution for each payment to eliminate coverage gaps, outages and throttling, thus ensuring the highest success rate.
• We manage all bank integrations and authentication flows, exclusively utilizing direct tokenized/OAuth connections, instead of data scraping, to protect user data and eliminate the risk of broken integrations.
• We've engineered consistent data workflows providing easily managed data parameters.
• We've built customizable A2A payment workflows allowing you to manage the flow of funds, refunds and treasury to suit your business needs.
• We provide a global solution, supporting currency exchange and cross border payments, and serving you a single interface for your business to start accepting cross-border open finance payments instantly.
• Our predictive algorithm automatically identifies and displays the customer's bank at checkout, making the experience faster, more intuitive, and built upon the recognition customers already have with their bank, leading to higher conversion rates and lower cost payments.

Quidkey simplifies payments so you can focus on growing your business. Customize your payment flows, accept payments across borders, support multiple currencies, and go live in minutes.

Existing players in the US market offer fragmented infrastructure built upon screen scraping, uneven security standards and clunky user experiences, falling short of delivering a seamless and secure checkout experience. Quidkey fills that gap by combining real time orchestration, predictive bank selection, customizable payments workflows, platform integrations, and built in cross-border support for an innovative and globalized open finance solution.

Open Finance Benefits for Business and Consumers