The 2010 Dodd-Frank Act, an overhaul of the U.S. regulatory system passed in response to the 2008 financial crisis, continues to be a source of regulatory change for financial institutions. Most recently in the spotlight is Section 1033, a section for which the CFPB (Consumer Financial Protection Bureau) has yet to draft regulations but has indicated in a recent blog post that regulations should be coming soon. The CFPB has set expectations for a proposed rule in a few months and a final rule in 2024.
For a refresher on what Section 1033 covers, it addresses banks making information under their control available to consumers about the financial products or services that the consumer obtained from the bank. In the view of the CFPB’s director, the goal of Section 1033 is a more competitive market where consumers will be able to earn higher rates on savings, pay lower rates on loans, and manage their finances more efficiently.
If this sounds vaguely familiar, this isn’t the first time the CFPB has dealt with Section 1033. In November 2020, the CFPB published an Advanced Notice of Proposed Rulemaking (ANPR), which had a comment period that closed in February 2021. In the ANPR the CFPB asked for comments to help in developing Section 1033 regulations, specifically regarding the possible scope of protected data, security, privacy, effective consumer control over access and accessed data, and accountability for data errors and unauthorized access. Additional areas on which the CFPB sought comment was how Section 1033 might interact with other statutes, such as the Fair Credit Reporting Act. Nearly 100 comments were submitted, which the CFPB is presumably taking into consideration in drafting the Section 1033 proposed rule anticipated later this year.
Section 1033 is comprised of five sections. Section 1033(a) provides that banks shall make available to consumers, upon request, information in the control or possession of the bank concerning the consumer financial product or service that the consumer obtained from the bank, including information relating to any transaction, series of transactions, or to the account including costs, charges and usage data. This information is to be made available in an electronic form usable by consumers.
Section 1033(b) outlines certain exceptions from these general access rights. For example, a bank may not be required to make available to confidential information, such as an algorithm used to derive credit scores or information that the bank could not retrieve in the ordinary course of its business. Section 1033(c) establishes that banks have no duty to maintain or keep any information about a consumer, pursuant to Section 1033.
Section 1033(d) holds that the CFPB must prescribe standards to promote the development and use of standardized formats for information, and Section 1033(e) requires that the federal bank regulators consult together regarding Section 1033 rules, the requirements on banks, the conditions under which banks do business.
Because the rule has not yet been published no timeline is available for implementation, and it’s still not yet clear exactly what will be expected of banks, once the final rules are in place and effective. Feel free to reach out in the meantime with any questions you have about Section 1033, and anticipate that once the proposed rule is issued, Compliance Alliance will once again be prepared to answer questions, publish tools, and provide training guidance.11