CFPB Open Banking Rule 1033
United States2024Consumer ProtectionOverview
Key Obligations
- Provide secure APIs for consumer-authorized data access
- Ensure explicit consumer consent for data sharing
- Prohibit data hoarding and discriminatory practices that limit portability
- Allow consumers to easily switch providers and share financial data
- Ensure data is accurate, portable, and provided in real time
- Comply with privacy, data protection, and cybersecurity standards
- Maintain records of data access and consent for compliance and audits
Stay ahead of risk with Signzy
Explore tools that help you onboard, monitor, and verify with confidence
One Touch KYC
Launch global KYC flows with built-in document OCR, liveness checks, deepfake detection, and AML, all through a single, customizable dashboard.
AML Screening
Screen users against Politically Exposed Persons (PEP), watchlists, sanctions lists, adverse media, and more through one-time screening and advanced monitoring.
Transaction Monitoring
Monitor transactions in real-time and analyse past behaviour to identify suspicious activities and ensure regulatory compliance across the user journey.
Related Regulations
FAQ
Who enforces this rule?
The Consumer Financial Protection Bureau (CFPB).
Which industries are covered?
Banks, credit unions, fintechs, data aggregators, card issuers, and payment platforms.
Is consumer consent mandatory?
Yes. All data sharing requires informed, explicit, and revocable consent.
What is the rule’s purpose?
To empower consumers, foster competition, and reduce switching barriers by giving people full control over their financial data.