Key takeaways
- The Consumer Financial Protection Bureau codified final rules for Dodd-Frank Act Section 1033.
- The rulemaking process, which began in 2016, establishes federal parameters for consumer financial data sharing.
- Despite the finalization, federal regulation of open banking in the United States remains in a state of limbo.
- Financial institutions and data aggregators face new compliance frameworks now codified in the Code of Federal Regulations.
The Regulatory Action
On or about June 26, 2026, legal media reported that the Consumer Financial Protection Bureau issued final rules to implement Dodd-Frank Act Section 1033. The agency formally codified these regulations in the Code of Federal Regulations, establishing a federal framework for consumer financial data sharing. This finalization concludes a lengthy administrative rulemaking process that originally began in 2016. Despite the issuance of these final rules, federal regulation of open banking in the United States is noted to be in a state of limbo.
Why It Matters
The finalization of these rules represents a significant shift in how financial data is controlled and shared in the United States. For years, the financial technology sector operated without a comprehensive federal standard governing data access. By codifying the requirements of Dodd-Frank Act Section 1033, the Consumer Financial Protection Bureau attempts to standardize the rights of consumers to access their financial records and share them with third-party providers.
This development matters because it replaces a fractured system of bilateral agreements and informal data-sharing practices with a formal regulatory structure. Financial institutions, data aggregators, and consumer-facing financial applications must now align their operations with the Code of Federal Regulations. However, the reported state of limbo surrounding federal open banking regulation suggests that the issuance of the final rules may not immediately resolve all market uncertainties. Market participants face the challenge of implementing new compliance measures while operating in an environment where the ultimate trajectory of federal enforcement and oversight remains unsettled. The tension between a finalized rule and a broader state of regulatory limbo creates a complex compliance environment for the financial services industry.
Who Should Care
For lawyers
Counsel representing traditional banks, credit unions, financial technology startups, and data aggregators must carefully review the new codifications in the Code of Federal Regulations. The conclusion of a rulemaking process that began in 2016 means that long-anticipated compliance obligations are now active. Attorneys will need to audit their clients' data-sharing agreements, consent mechanisms, and security protocols to ensure alignment with the finalized standards implementing Dodd-Frank Act Section 1033. Furthermore, because federal open banking regulation remains in a state of limbo, legal advisors must prepare for potential interpretive guidance, enforcement shifts, or legal challenges that could alter how these rules are applied in practice. Advising clients in this environment requires balancing strict adherence to the new codified text with strategic flexibility to adapt to ongoing regulatory uncertainty.
For consumers and parties
Consumers regularly use third-party applications to track their spending, manage investments, and apply for loans. These services require access to the transaction data held by traditional banks. The final rules issued by the Consumer Financial Protection Bureau dictate how banks must share your financial data when you authorize it. The goal is to give you greater control over your financial information, making it easier to switch financial institutions or utilize new digital tools. While the rules are now finalized in the Code of Federal Regulations, the ongoing state of limbo in federal open banking oversight means that the practical improvements to your digital banking experience may take time to fully materialize.
Legal Background
The statutory foundation for this regulatory action rests entirely on Dodd-Frank Act Section 1033. Enacted as part of the broader financial reforms following the global financial crisis, this section established a general right for consumers to access their financial records in a usable electronic format. The statute required covered entities to make available information concerning the consumer's financial products and services.
Despite the statutory mandate, the lack of implementing regulations left the market without clear operational standards. Industry participants relied on varied and sometimes insecure methods to access consumer data, leading to disputes between traditional banks and financial technology companies over data security, liability, and access limits. Recognizing the need for a standardized approach, the Consumer Financial Protection Bureau began the formal rulemaking process for the implementation in 2016. Over the subsequent decade, the agency gathered industry feedback, assessed technological developments, and formulated the regulatory text that would eventually translate the broad statutory language into actionable compliance obligations.
What the Agency Did
The Consumer Financial Protection Bureau issued final rules that are currently codified in the Code of Federal Regulations. By finalizing the regulations, the agency established the specific legal and technical parameters required to implement Dodd-Frank Act Section 1033. The rules define the scope of covered data, the obligations of data providers to supply information upon consumer request, and the compliance responsibilities of the third parties receiving that data.
The agency's action transitions the industry from a period of speculative rulemaking, which began in 2016, into a period of formal codified requirements. By placing the final rules in the Code of Federal Regulations, the Consumer Financial Protection Bureau has formalized the legal expectations for open banking in the United States, even as broader questions about federal regulation leave the sector in a state of limbo.
How It May Be Applied
The codification of the final rules forces financial institutions and data aggregators to update their technical infrastructure and compliance frameworks. Covered entities will likely need to transition away from legacy data-sharing methods and adopt standardized protocols that meet the new federal requirements.
However, the application of these rules will be heavily influenced by the noted state of limbo in federal open banking regulation. This uncertainty raises several forward-looking questions. Will the Consumer Financial Protection Bureau aggressively enforce the new standards, or will the state of limbo result in a period of regulatory forbearance? How will these federal codifications interact with emerging state-level data privacy laws? Financial entities must build compliance systems that satisfy the strict text of the Code of Federal Regulations while remaining adaptable to a regulatory environment that has not yet fully stabilized.
Regulatory Evolution
| Feature | Prior to Finalization | Current Status |
|---|---|---|
| Regulatory Framework | Broad statutory language under the Dodd-Frank Act | Specific rules codified in the Code of Federal Regulations |
| Rulemaking Status | Process began in 2016 | Final rules issued |
| Open Banking Climate | Unregulated at the federal level | Federal regulation noted to be in a state of limbo |
Plain-English Callout
Understanding Open Banking and Data Portability Open banking is a financial model where banks allow third-party financial service providers to access consumer banking, transaction, and other financial data through secure connections. This system relies on your explicit consent. When you use a budgeting app that automatically downloads your daily transactions, you are participating in open banking. The final rules implementing Dodd-Frank Act Section 1033 are designed to ensure that you have the right to access your financial data and share it safely, preventing your primary bank from locking you into their specific services and blocking competitors.
This article is general legal information and commentary about legal developments. It is not legal advice, does not address your specific situation, and is not a substitute for advice from a licensed attorney. Reading this article and contacting us through this website do not create an attorney-client relationship.
Sources & authorities
- Dodd-Frank Act Section 1033 — source
Further reading
Additional perspectives (a link is not an endorsement):