Technology Pros Should Prioritize Compliance as Key Focus per Section 1033 Rules

2025-07-22

Freedom of Choice

Section 1033 refers to a part of the Dodd-Frank Wall Street Reform and Consumer Protection Act. This section has been largely inactive for over a decade, but now it is set to come into effect under new CFPB regulations.

At its core, these rules focus on enhancing consumer control over their financial data. Consumers will be able to transfer their information between financial institutions at no cost or restrictions, giving them greater flexibility and the ability to choose from various financial products based on their preferences.

The regulations aim to reduce fees typically charged by banks and fintechs and encourage innovation in the market. By enabling consumers to compare rates and select better products and services, CFPB hopes to foster competition among financial institutions.

While these changes hold significant benefits for consumers, they will also bring some short-term challenges for financial institutions. Compliance with these rules is becoming increasingly important, especially from a technological perspective.

Translating Tech

Historically, technology teams focused more on making products work efficiently than on compliance issues. However, now they will frequently need to collaborate closely with risk and compliance teams to address specific technical concerns that arise from Section 1033 regulations.

This shift requires technologists to understand the implications of these regulations for their work. They must be able to explain complex tech concepts in a way that compliance teams can easily grasp—a task that may initially feel challenging but is becoming more critical.

Institutions need to ensure transparency and accountability when sharing consumer data. They must obtain explicit consent from customers, clearly inform them about the types of data being shared and how it will be used. Additionally, they must verify both customer and third-party identities.

Beyond initial consent, consumers should have tools allowing them to revoke their data-sharing permissions at any time. Their consent needs to be renewed annually, with any changes communicated promptly to all involved parties.

Third-party financial providers are restricted in collecting, selling, or using consumer information beyond what was specifically requested by the customer. They must also establish developer portals for API documentation and support systems.

Financial institutions will face increased recordkeeping requirements and periodic audits to confirm their compliance with these standards.

Growing Pains

While the open banking model promises long-term benefits, financial institutions have limited time to prepare. Large banks and fintechs have just two years to comply, while smaller institutions have up to six years.

The transition will involve more complex processes for initiating payments through third-party providers, requiring robust compliance measures. Technologists in smaller institutions need to shift their focus towards understanding and addressing these new compliance requirements.