Banks Need to Start on 1033 NOW! Part 8

Prepare for Compliance Timelines and Tiers

To comply with CFPB Rule 1033, banks must also be aware of the timeframes and tiers outlined in the rule. This layer clarifies who is expected to comply and when it needs to be done. The Consumer Financial Protection Bureau (CFPB) has established a tiered compliance schedule for its Personal Financial Data Rights Rule (Section 1033 of the Dodd-Frank Act), with deadlines based on the asset size of depository institutions:

·???????? Tier 1: Institutions with assets of $250 billion or more must comply by April 1, 2026.

·???????? Tier 2: Institutions with assets between $10 billion and $250 billion have a compliance deadline of April 1, 2027.

·???????? Tier 3: Institutions with assets between $3 billion and $10 billion must comply by April 1, 2028.

·???????? Tier 4: Institutions with assets between $1.5 billion and $3 billion have until April 1, 2029, to comply.

·???????? Tier 5: Institutions with assets between $850 million and $1.5 billion must comply by April 1, 2030.

Notably, depository institutions with assets of $850 million or less are exempt from these requirements.

The compliance deadlines of non-depository institutions are aligned with those of depository institutions of comparable size or market presence. Authorized third parties accessing consumer data must adhere to compliance timelines corresponding to the data providers they interact with.

These staggered deadlines aim to provide flexibility, allowing smaller institutions more time to implement the necessary systems and processes to comply with the rule.

To prepare for Rule 1033 compliance with timelines and tiers, banks should focus on proactive strategies to ensure readiness. Here's a comprehensive list of actions banks should take:

1. Understand the Rule's Requirements and Timelines

Familiarize with Rule 1033: Understand the rule's details, including compliance deadlines, implementation tiers, and scope (read the previous seven and next two parts of this series!).

Know Your Tier: Determine your institution's applicable tier and corresponding timeline. Tiers depend on factors such as asset size or customer base.

2. Collaborate with Third Parties

Evaluate Partnerships: Assess the compliance readiness of third-party vendors who will access or manage your customer data.

Define Data Sharing Protocols: Work with partners to implement secure and transparent data-sharing protocols.

3. Plan for Future Adaptation

• Track Emerging Guidance: Stay informed about updates or refinements to Rule 1033 by regulators.? There is still more to come and clarifications will be made based on feedback and questions posted back to CFPB.
• Build Scalable Solutions: Design compliance systems that adapt to future regulatory changes or expansions. The next installment in this series will focus on understanding what you have and what needs to be done to support customer data-sharing requirements.

That is a wrap on Part 8 of this 10-part series on things banks must start doing today to prepare for rolling out 1033-compliant data sharing. This supports regulatory compliance and builds consumer trust by demonstrating a commitment to transparency and accountability. Please stay tuned for part 9, where I will dig into preparations for vendor and technology assessments.