3 minute read
AFTER 5,110 DAYS, THE IMPACT OF Section 1033 of Dodd-Frank
It seems hard to believe, but it has been more than 14 years (5,110 days) since the DoddFrank Wall Street Reform and Consumer Protection Act of 2010 was passed by Congress and signed into law by President Obama. At more than 2,300 pages, Dodd-Frank was arguably the largest and most complex piece of financial industry legislation ever passed. And the rules and regulations that spawned from the act over the past decade have been burdensome to say the least.
But of all the rules and regulations promulgated to date, the one most likely to fundamentally disrupt our industry the most is Section 1033. Commonly referred to as “Open Banking,” Section 1033 contains several requirements for banks with more than $850 million in total assets that will increase our operational and compliance burden, not to mention the potential liability and reputational risk of managing our customer’s financial information in an open environment.
What is “Open Banking” under Section 1033? Essentially, the regulation requires “data providers” including financial depository institutions to make personal financial data available to customers and authorized third parties. Further, the information must be in a standardized electronic format. It should be noted that there has been no guidance on what the standard format must be. From a community banker’s perspective, this seems to be contrary to the longstanding model of relationship banking, where our customers trust us with their financial information and rely on us to provide it to them upon request.
While there are still many issues to be resolved with implementing an open banking concept, I wanted to briefly discuss the three that appear to have an immediate impact on banks.
First, Section 1033 requires the disclosure of personal financial information to authorized third parties. While it is true the authorization comes from the customer, the concern lies in how secure the customer information is once in the custody of the third party. As cyber threats continue to be a focus within our institutions, it is impossible for us to analyze or perform a risk assessment on outside third parties. As a result, we are left to answer to our customers in the event of a breach of their data even if it is not our fault. What’s worse, Section 1033 does not specifically address or define who bears the liability for a breach.
The second concern revolves around the technology necessary to enable an open banking environment. Initially, banks will have to create a digital interface allowing customers to access their most recent transactional activity and data. This is not only a novel concept for most banks, but also a complex and expensive endeavor. Additionally, policies and procedures will have to be developed to ensure that banks accurately monitor and document all requests by customers, verify the accuracy and content for outbound data transfers, and document all third parties who receive customer information.
Third, the implementation and operational expense to banks will be significant, especially to smaller institutions. As mentioned hereinabove, the development and integration of a digital interface that allows customers direct access will be unique to each core provider and bank. Aside from the development and implementation expense is the continuing operational costs. Section 1033 prohibits any charge or fee related to operations or request for data. Our institutions are simply supposed to create, implement and operate a digital environment to promote the trafficking of customer data without regard to the financial impact.
For an industry built and regulated upon the highest standards of protecting the personal financial information of our customers, Section 1033 will certainly pose significant challenges. But because DoddFrank was a “quick solution” drafted in haste, Section 1033 will likely have many unintended consequences, as we have seen with other sections of the act. Those unintended consequences will challenge not only our industry but our customers as well. It is incumbent upon each of us as bankers to collaborate and engage with our state and federal delegation in order to push back on excessive regulation. Even after 5,110 days, the effects of Dodd-Frank will continue to materialize through regulatory rule-making and provide us the opportunity to challenge harmful legislation.
In closing, 2025 will be a very busy year from a legislative perspective. The state Legislature will be back in session, and we are already tracking several bills that affect banking in Arkansas. I encourage you to consider attending any of our Government Relation Committee meetings. You do not have to commit to being a “technical” member, but we would love for you to attend so that we have a better understanding of your institution and insight on upcoming legislative issues. Likewise, we expect a very busy year in Washington with the new administration. Although there are still a lot of moving parts, the Arkansas congressional delegation looks to be the most powerful of my banking career. It should be a fun time, especially when U.S. Rep. French Hill becomes the chair of the House Financial Services Committee.
I wish each of you a very happy and prosperous new year, and I sincerely appreciate your engagement, support and membership in the Arkansas Bankers Association.
(Please note this article is drafted from the perspective of the author and is not intended as a legal opinion. Please reference the final rule promulgated by the CFPB found at 12 U.S.C. 5533.)
