You’ve heard of the October surprise. The term applies to politics, to a bombshell or report that upends a race. And sometimes the event brings clarity — determining the direction of the race and who the ultimate winner(s) might be.
In financial services, and particularly the brave new world of open banking in the U.S., we might see an October surprise too: There might be a final rule from the Consumer Financial Protection Bureau (CFPB) by the end of the month directing how financial data must be made available to consumers and third parties — while standardizing how that data is formatted and shared.
Depending on where you look, some observers expect the Section 1033 rule to be released soon, perhaps by the end of October, perhaps later in the fall.
Reached by PYMNTS Wednesday, the CFPB declined to comment on the time frame.
And yet, either way the pendulum swings, there’ll be some real implications for the banks.
The absence of a rule would leave things in a state of anticipation, creating headwind to a more widespread embrace of open banking.
The issuance of a rule, at least as the banks contend, would set off a scramble for compliance with a timeline that some critics say creates an unrealistically short runway.
At a high level, Section 1033 has been around for a while, having been part of the Dodd-Frank Wall Street Reform and Consumer Financial Protection Act, passed in 2010. The shorthand is to call it “Rule 1033” or “Section 1033” and the longhand is the “Personal Financial Data Rights Rule.”
Back about a year ago, the CFPB proposed a rule to implement Section 1033, in which banks and non-depository firms would share various aspects of customer level data, including transaction information and account balances, among other details, but would touch on everything from credit cards to traditional checking accounts.
The proposed rules would require banks to share that data in a standardized format through APIs. For the third parties accessing the data, the hope is that consumer-permissioned information will help shape the design and deliverance of personalized, digital financial services products and innovations.
The consumers, as the CFPB has said upon the announcement last year of the proposed rule, have the choice, in bureau Director Rohit Chopra’s telling of it, “walk away from bad service.”
Through the ensuing months, the CFPB has also opened the gates for firms to apply to be standards-setters in helping establish data-sharing practices in open banking. The deadline for comments on that matter was Wednesday (Oct. 16). Beyond the initial application from FDX, a visit to the CFPB webpage as of this writing does not reveal other submissions.
The timing of the final rule will be important, because it becomes effective 60 days from issuance. The Federal Register and the proposed rule, available here, detail that depending on the asset size of the banks or the revenue run rate (annualized) of the non-depository institution (FinTechs for example), the compliance time frame can be as long as four years (for smaller banks and non-depository institutions) or as short as a few months, for the largest players, who presumably have the resources to work with new formatting or systems demands.
The banks charge — per this letter from trade groups and The Clearing House — that updating everything from public-facing websites to new service operations to data access agreements — will take time, and they’ve requested an extension.
PYMNTS has reached out to TCH, which was unable to comment at this time.
According to the July letter, “entities subject to the rule will likely have numerous questions about its requirements and parameters, which will likely result in ongoing dialogue with the CFPB as these entities prepare for implementation,” the trade groups and TCH said. “Based on our best estimates of the work that will need to be completed, we believe that a period of at least 2 years after the issuance of a final rule would be appropriate.
“This will allow customers of these institutions (which have already built APIs that enable data sharing with third parties for over 50 million customers) to reliably continue enjoying the benefits of data sharing,” the letter continued. “A shorter compliance period will require data providers to redeploy operating resources to meet the deadline as firms scramble to fit existing data sharing systems to the new rules, which likely would disrupt services to tens of millions of consumers.”
October’s end is only weeks away — and all eyes are on the CFPB, where the “will they/won’t they” watchfulness continues.