Understanding Section 1033 of the Dodd-Frank Act: A Guide for U.S. Financial Institutions

What is Section 1033 of the Dodd-Frank Act?

Section 1033 of the Dodd-Frank Act requires financial institutions and certain fintech companies (“data providers”) to make personal financial data available to consumers and their authorized third parties upon request.
The rule’s purpose is to empower consumers with control over their financial information, enable easier switching between providers, and foster innovation through secure data sharing.

On October 22, 2024, the CFPB issued its final rule, clarifying obligations for data providers and third parties, and setting standards for secure, standardized electronic data access.

Read the official CFPB final rule on personal financial data rights.

What Does the 1033 Rule Mean for Open Banking in the U.S.?

The CFPB Open Banking Rule 1033 marks a significant leap toward open banking in the United States. By mandating secure, consumer-permissioned data access through standardized APIs, the rule enables consumers to share their financial data with fintechs, aggregators, and other service providers-unlocking new financial products and experiences.

For institutions, this means adopting robust API strategies and governance frameworks - areas where Raidiam excels. Our mission is to help organizations navigate the technical and regulatory landscape of 1033 open banking with secure, interoperable solutions.

Key Provisions and 1033 Compliance Deadlines

Whilst there continues to be some uncertainty about the final rule - with a review now possible - below are the core requirements, alongside the original compliance deadlines (according to financial institution size), as set out in October 2024:

Core Requirements:

• Data providers must make covered personal financial data available to consumers and authorized third parties in a standardized electronic format, free of charge.
• Third parties must meet strict criteria and certify compliance with data use, retention, and privacy obligations.
• Applies to banks, credit unions, credit card issuers, payment facilitators, and now, digital wallet providers.

Compliance Deadlines (by institution size):

• Tier 1: >$250B assets (banks) or >$10B receipts (non-banks): April 1, 2026
• Tier 2: >$10B & <$250B assets: April 1, 2027
• Tier 3: >$3B & <$10B assets: April 1, 2028
• Tier 4: >$1.5B & <$3B assets: April 1, 2029
• Final Tier: >$850M & <$1.5B assets: April 1, 2030
• Institutions with <$850M in assets are exempt.

Explore More: Deep Dives on Rule 1033, Security, and Opportunity

Section 1033 is more than a compliance checkbox-it’s a launchpad for transformation in U.S. financial services. If you’re ready to explore what this means in practice, our in-depth resources will guide you through every stage of your journey.

From Regulation to Opportunity

Section 1033 is reshaping how financial institutions view data access and sharing. By embracing the requirements of the 1033 regulation, banks and fintechs are finding new ways to monetize data, enhance customer loyalty, and launch innovative digital products. Standardized APIs are enabling seamless partnerships and integration with third-party providers, while robust compliance strategies are opening doors to new revenue streams and improved customer experiences. Real-world examples highlight how aligning compliance with business strategy can turn regulatory obligations into competitive advantages.

Managing Third-Party Risk Under Rule 1033

With the expansion of consumer data sharing, third-party risk management has become a cornerstone of 1033 compliance. Effective third-party risk management now involves rigorous onboarding, continuous monitoring, and automated validation of external partners. Trust registries and adherence to standards like FAPI and ISO 27001 help ensure only authorized and compliant third parties gain access to consumer data. Automation streamlines these processes, reduces operational overhead, and supports secure ecosystem growth as financial institutions balance innovation with robust oversight.

→ Discover best practices in our article:
Rule 1033 and Third-Party Risk Management

Securing the Perimeter: Technical Challenges

The shift to open banking under Rule 1033 introduces new security challenges, as institutions must safeguard personal financial data while enabling broader access. Securing your perimeter now requires a zero trust approach, with advanced API security, strong identity verification, and continuous monitoring at its core. As traditional network boundaries dissolve, financial organizations are adopting certificate-based access, centralized controls, and real-time threat detection to protect sensitive data and maintain trust. These evolving security strategies are essential for safe and scalable open banking.

→ Explore solutions in our blog:
Securing Your Perimeter in the Era of CFPB Rule 1033

Practical Guidance for Implementation

Implementing Section 1033 successfully requires a clear understanding of regulatory expectations and technical best practices. The Insider Guide to Rule 1033 provides step-by-step frameworks for building secure APIs, managing client onboarding, and navigating compliance timelines. Actionable checklists and real-world insights help teams design efficient workflows, strengthen data protection, and prepare for the evolving demands of open banking. This resource is an essential companion for organizations aiming to meet the new standards with confidence.

Access the eBook now:
Download the Insider Guide to API Security and Client Onboarding in Open Banking

How Raidiam Helps You Comply and Compete

Raidiam Connect is designed to help you achieve 1033 Dodd Frank compliance while enabling secure, scalable open banking. Our solution features:

• Trust frameworks for secure third-party management
• Interoperable, standards-based APIs
• Comprehensive governance and compliance services

Learn more: Raidiam Connect for CFPB 1033 Compliance