The Consumer Financial Protection Bureau’s 1033 rule is set to revolutionize the banking industry by paving the way for open banking initiatives. As financial institutions grapple with the implications of this new regulation, it’s crucial to understand the opportunities and challenges it presents. In a recent and insightful webinar with The Financial Brand, a panel of experts explores the potential impact of CFPB 1033 on data sharing, customer experiences, product offerings and competition within the banking sector.
Tom Carpenter, senior vice president of industry, policy and standards engagement at Mastercard; Joel Feinberg, partner at Sidley; and Kimberly Funari, vice president of compliance at i2c, share their unique perspectives on the rule’s significance and offer practical strategies for banks to navigate this evolving landscape successfully.
The webinar provides a comprehensive roadmap for financial institutions seeking to thrive in the era of open banking — from leveraging data sharing for innovation to managing risks and ensuring compliance.
The Pivotal Role of CFPB 1033 in Advancing Open Banking
Q: How does the CFPB 1033 rule specifically advance open banking and what aspects of this rule are the most influential in this regard?
Tom Carpenter: Mastercard’s view on open banking is that consumers and small businesses own their data. They should control their data and benefit from its use; our job is to protect it.
The clarity that the CFPB rule provides will reduce friction in the industry around questions such as who can share data, how it can be used and the like. It really does put the consumer in the driver’s seat.
The second piece of this rulemaking that’s important and will uniquely advance open banking in the US is the fact that this is a hybrid framework.
Through the CFPB rule, the US has taken a hybrid option: clear regulations and yet reliance on the industry and technical standards. I think that’s going to allow these rules to continue to move and adapt with innovation rather than just stay stuck whenever they are passed.
Q: What are the real risks and challenges that financial institutions face when implementing CFPB 1033?
Kim Funari: Most of the risk will be centered around third-party access rights, which involve having access from a third party with whom you may not have a relationship. So, many of the guidelines around third-party risk management come into play. What lines need to be drawn to ensure that that third party has the appropriate authorization level?
In addition, this rule and the tiered basis that was proposed for rollout, hitting the larger institutions first, creates many challenges for the big banks of the world, primarily because they have legacy interfaces. It’s not as straightforward to get this data.
Joel Feinberg: There’s a risk that’s existed for a long time that banks will have to continue to deal with here when they provide access, which is doing their best within the rules that the CFPB is going to finalize to protect their customers.
Sometimes, the parties that a customer may deal with who will want to access the customer’s data aren’t as good as regulated financial institutions at protecting data.
Banks need to consider how to ensure that they share information only with parties that are up to snuff on information security within the framework of this regulation.
Dig deeper:
- Consumers Will Drive Open Banking, Not Regulators
- Embedded Banking: The Imperative Transformation for Digital Success
- Prepare for Disruptive Activism from a Politicized CFPB
Best Practices for Successful Implementation
Q: What are some examples of best practices for financial institutions to adopt and comply with the rules?
Funari: At the very initial evaluation, you need to make sure that you understand the rule, what it states and the data that it covers. The first step is looking at the data element from that level of the store, saving where this information would be coming from and bringing that sort of organization and compiling.
In addition, we need to look at all of the existing controls and risk frameworks within those entities to understand: Does this rule fit nicely within the existing framework? If not, what changes would need to be made?
It’s really about examining your data and the architecture in which those data points move and then really understanding your existing risk management framework.
Carpenter: If you’re a bank, you have to adopt an opportunity mindset and incorporate compliance into that. If you just adopt a compliance mindset, you’ll miss the opportunity to think about how you can leverage open banking, how you can use it to better serve your customers, create more efficiency and how you can actually become a data recipient yourself.
“Mastercard’s view on open banking is that consumers and small businesses own their data. They should control their data and benefit from its use; our job is to protect it.”
— Tom Carpenter, Mastercard
Q: How can organizations position CFPB 1033 as an enhancement to the customer experience?
Carpenter: One specific example is digital account opening. Instead of that new customer filling out endless forms online and calling that digital account opening, you think about the ability to share data and pre-populate all those fields and get it directly from another financial institution.
You’ve short-circuited what many financial institutions have long wanted, which is a fully digitized digital account opening process.
If you think about how fintech, some of these third parties emerged, they largely emerged because you didn’t have a way to manage and see your finances within your banking ecosystem, a way to budget and an understanding of exactly how you are spending your money.
Lending products may not have totally considered cash flow underwriting to enhance credit products. Suppose you think about how you might embed some of that in your own ecosystem and utilize open banking to do it, things like direct deposit switching, capturing recurring bill payments and driving loyalty through some subscriptions.
In that case, there are many different ways to think about open banking, such as enhancing the service you provide to existing customers, attracting new customers and building on your brand.
The Role of Service Providers in Open Banking Implementation
Q: How should financial institutions approach working with service providers to implement CFPB 1033 and open banking?
Feinberg: Banks will have to carry with them this baggage, which is the banking agency’s perspective on how banks integrate with service providers. It’s designed to protect banks and achieves that in many respects — but it’s a lot of work.
Banks will do a couple of things. One, they’re going to have to do their diligence and pick good service providers to work with. I think we’re probably in this webinar with a couple of them right now. And they’ll also have to think about the functionality they get.
There’s an opportunity here to show your customers that you care about them and that you make their lives easier and better.
This is kind of the credit union, small guy point that we were all talking about, which is maybe by teaming up with someone who’s a really top-class service provider, you make it easier for your long-standing customers to keep getting their information so they can keep using you and want to stick with you and not have that scenario where you want to move because your bank or your credit union makes it harder for you to work with them.
Q: How can financial institutions address consumer concerns and build trust in the open banking ecosystem?
Carpenter: I think there’s no doubt that data privacy and security remain top tier. And I thought it was interesting at that poll question; it looked like there were zero votes for competition with fintechs.
To me, banks need to be aware that the competition will not just come from third-party fintechs but also from other financial institutions that have said they will take this opportunity.
We’re actually going to be able to go grab your customers much easier than we were before because we can essentially pack up their entire banking relationship and bring it down the street and the consumer will not have some of those friction points they’ve had in the past.
“There’s an opportunity here to show your customers that you care about them and that you make their lives easier and better.”
— Joel Feinberg
Funari: From a consumer perspective, consumers are already in financial relationships with organizations that they trust. Traditionally, you weren’t going to select or share your data or give permission to share your data with companies that you’re not comfortable with. And I think that’s the important part of having this really benefit the consumer: They will control who has access to their data and authorize that access.
One of the things that we have helped a few financial institutions start to do and I think it’s really critical as you think about beginning your journey, is to understand how your customers are using their data today. There should be a pretty significant understanding within a financial institution of the types of apps and services my customers are using today. Where’s that demand coming from? And are my systems enabling that?
Competing in the Open Banking Ecosystem
Q: How should financial institutions consider the potential of CFPB 1033 in the context of an open banking relationship?
Carpenter: Obviously, you’ve got to meet requirements. That’s your first somewhat order of business, especially if you’re one of the large financial institutions and you’ve got a fairly short timeframe, as drafted six months after the final rule, to comply. But that broader kind of strategic view of how do I look at open banking and, frankly, open finance and what are my customers actually requesting?
This rule largely covers bank accounts, credit card accounts and facilitators of payments from those accounts. It doesn’t currently cover things like student loans, mortgages, other lines of credit, or other types of financial data that a bank might hold. Yet, those are being utilized across the marketplace in many interesting ways.
So instead of thinking about not just where data is covered today, but where it’s being used today and where it’s going to be used tomorrow, think about a strategy that makes that available for your customers so that you’re prepared and you’re not always behind the eight ball in terms of use cases in the market.
Funari: From a consumer perspective, consumers are already in financial relationships with organizations that they trust. Traditionally, you weren’t going to select or share your data or give permission to share your data with companies that you’re not comfortable with. And I think that’s the important part of having this really benefit the consumer: They will control who has access to their data and authorize that access.
For a longer version of this conversation, listen to “CFPB 1033 and Open Banking: Opportunities and Challenges for Banks”, a webinar with Jim Marous, available here. This Q&A has been edited and condensed for clarity.
Justin Estes is an award-winning writer, strategist, and financial marketing expert with expertise in banking, investments, and fintech. His clients include the NYSE, Franklin Templeton, Credit Karma, Citi and, UBS, and his work has appeared in Forbes, Barrons and ThinkAdvisor as well as The Financial Brand.