Across the globe, the financial information of individual consumers is assembled, maintained, and preserved by financial companies subject to regulatory oversight as to its accuracy and completeness.
Consumers, financial institutions, fintech companies, and financial regulators have increasingly recognized consumer financial data's importance and intrinsic value. The explosive rise of innovative financial technologies is focusing growing attention on how to enable consumers to use and benefit from new financial products and services. At the same time, these developments pose new issues around how to better understand and manage the risks involved in the sharing and controlling consumer financial data.
In 2010, in the Dodd-Frank Act that created the U.S. Consumer Financial Protection Bureau (CFPB), Congress mandated that the new agency adopt a specific regulation governing consumer financial data access. On November 9, 2024, the CFPB issued its final rule to carry out the personal financial data rights established by the law. The final rule requires banks, credit unions, and other financial services providers to make consumer data securely and reliably available, upon request, to consumers and their authorized third parties.
The 1033 Rule facilitates consumer data portability, competition and innovation in financial services, and a more interoperable financial ecosystem. Yet it does not resolve all the issues implicated by this approach. Open banking ecosystems worldwide face similar foundational challenges related to trust and risk. Current third-party risk management solutions are fragmented and do not adequately address modern data-sharing needs or align risk with data usage and access volume.
This disparity has led to several gaps in the market: traditional third-party vetting processes being inadequate for the realities of an open banking ecosystem with thousands of third, fourth, and nth parties in the transaction chains; a lack of a standardized accreditation process; no real-time monitoring for ongoing risk management; and inadequate liability solutions that transfer risk to the aggregator, who may be unable to cover significant losses.
The environment surrounding the adoption of the 1033 Rule has become chaotic after the change of Administrations. On January 8, 2025, the CFPB officially recognized the Financial Data Exchange (FDX) as an industry standard-setting body for the U.S. open banking ecosystem. On February 1, 2025, President Trump fired CFPB Director Rohit Chopra. In May 2025, Bloomberg reported that the CFPB is likely to revisit the 1033 Rule based on requests from banks about potential liability for data breaches and the ability to charge for access to customer data.
The marketplace requires a cohesive solution that effectively vets and monitors third parties, manages risks, delivers actionable insights, and addresses challenges related to fraud and liability.
Open finance, covered.
