Source: www.databreachtoday.com – Author:
Finance & Banking , Industry Specific
Authored by: Matt Kunkel, CEO, LogicGate Matt Kunkel • November 25, 2024

Not so long ago, swapping out your mobile device was a huge inconvenience. Did you lose your phone? Upgrade to a new model? Have fun spending hours manually re-entering the contact information for everyone you know. Naturally, consumers hated it. It was inconvenient, it was impractical, and it created significant friction in the mobile phone market. Sending a dozen “Sorry, new phone, who is this?” texts a day is nobody’s idea of a good time, after all. And it was a problem for mobile providers, too: if the transfer process is frustrating and cumbersome, consumers are less likely to spend money on new devices.
Thankfully, the advent of SIM cards changed all that. Want to change phones today? No problem. Just pop out your SIM card, slot it into your new device, and viola: your phone number is instantly transferred, and your contacts are automatically populated. Depending on the phone, some of your text messages might even transfer, too. It’s an added convenience—one that ensures you don’t need to leave your entire history behind when you change devices.
The Consumer Financial Protection Bureau (CFPB) recently finalized a set of rules that would bring a similar level of convenience to the financial world. These changes to Section 1033 of the Dodd-Frank Act make it significantly easier for customers to retain access to their financial history no matter which bank they transact with. For banks, that means it’s critical to ensure that the right data is being collected, and that it can be easily integrated with external systems.
Explaining the New Section 1033 Rules
Access to (and protection of) personal data has become a significant point of focus for regulators across the globe over the past several years, with major data privacy legislation like the EU’s GDPR and California’s CPRA establishing clear data collection and storage guidelines for businesses. Section 1033 deals with how customers access and share their financial data. Essentially, Section 1033 mandates that financial institutions need to make certain financial information reasonably available to customers and their representatives. That includes balance numbers, transaction history, and other important information. Section 1033 isn’t focused on privacy like GDPR or CPRA, but it’s clear that regulators are working to improve customers’ access to their own data.
SIM cards are a helpful metaphor, but it’s important to note that these new Section 1033 rules don’t involve a physical device customers will need to carry around. That said, it’s still a useful point of comparison. Like SIM cards, these new rules establish a set of standardized information-sharing practices that will be made available to customers securely and without additional charges. That means customers can access and share their own data through third-party financial applications, and it also means that when customers change banks or credit unions, they can take their data with them. No more calling around to old banks for transaction data—that information now comes along for the ride.
Will this have a major impact in practical terms? Well—maybe. Most banks have been trying to reduce friction for years (especially with the rise of mobile banking, investment apps, cryptocurrency exchanges, and other decentralized banking practices). The truth is, any bank that refuses to integrate with third-party applications or make customer data accessible is already at a significant competitive disadvantage in today’s market. These rules are still probably a net positive for consumers, but customers already expect banks to provide conveniences like this. In legal terms, rules like this are important. In practical terms, most consumers are unlikely to notice an impact.
Approaching Section 1033 from a Compliance Perspective
The CFPB’s jurisdiction only covers banks with revenue of $10 billion or greater, which means Section 1033 only applies to those banks—for now. But these rules have a way of expanding, and while the CFPB’s power may be somewhat curtailed under the incoming Trump administration, the rule will likely be extended to smaller banks in the future. And, again, it’s worth remembering that banks that fail to provide their customers with quality-of-life improvements like these are putting themselves at a disadvantage. In short, it’s probably a good idea to comply with Section 1033, even if it doesn’t technically apply to you. In particular, regional banks looking to make headway against larger competitors should seriously consider what they need to do to become compliant.
Not every bank has a common customer record, so it’s important for banks to start by ensuring they collect the common data elements specified within Section 1033. Most banks now use a customer information file (CIF) system, which is helping to enforce some level of standardization, but banks also tend to have a sprawling digital ecosystem with a wide range of systems, tools, and platforms that need to work together seamlessly. Banks need to ensure that their integration platform is capable of consuming the necessary information from those systems and packaging it in an easily shareable manner. That can be a time-consuming process, depending on how the bank integrates or layers tools and applications – and while it likely won’t be a problem for large banks, most of which tend to have fairly mature systems, smaller regional banks may need to upgrade their integration systems or make other significant changes.
The new Section 1033 rules should prompt financial institutions to further mature their approach to governance, risk, and compliance (GRC). Having a strong GRC foundation in place doesn’t just ensure banks can comply with new data regulations—it puts them in a position to be more agile in the future, as well. These new regulations come at a unique time, with AI solutions and integrated platforms adding to the already substantial list of systems and applications that banks need to manage, govern, and secure. These developments will need to be factored into the regulatory landscape at some point, and banks that already have a strong data governance program with standardized classification and categorization practices will be significantly more prepared to make the necessary adjustments. Complying with Section 1033 is important, but so is keeping one eye on the future.
Building a Long-Term Compliance Plan
As the CFPB continues to implement new rules, financial institutions should be mindful of the need to establish a solid GRC baseline. While rules like those in Section 1033 currently apply only to large banks, recent changes to Section 1071 impacting small business lending indicate that it is likely just a matter of time before these regulations are expanded to include banks of all sizes. Right now, banks can protect themselves by establishing comprehensive data collection and storage procedures, determining clear risk benchmarks, and communicating updates to their partners and customers in a thorough and timely manner. As data regulations become more stringent across the financial industry, it’s critical for banks to have a plan for long-term compliance success.
Original Post url: https://www.databreachtoday.com/blogs/new-section-1033-push-banks-to-provide-customers-financial-sim-card-p-3767
Category & Tags: –
Views: 2