As financial institutions brace for the upcoming implementation of Dodd-Frank Section 1033, mandated by the Consumer Finance Protection Bureau (CFPB) rules, they are actively seeking to put in place adequate compliance measures. These measures aim to mitigate risks associated with the expansive (and ever-expanding) fintech ecosystem that accesses their customer data.
The CFPB rules focus on empowering customers with greater control over their financial information – which represents a shift that will drive increased competition and innovation within the financial services industry. Should the proposed rules be enacted, a wide range of financial service providers will be mandated to provide customers, or designated third parties, access to their financial data upon request.
The good news is that this regulation is expected to enable FIs to cater to growing customer demand for more accessible and convenient financial management services.
The challenging news for many FIs is that ensuring compliance from a technical point of view – allowing customer-facing fintech applications access to the customer financial data they need, while simultaneously protecting customer data from security and privacy issues – is not easy to achieve.
What are the complexities of responding to the new rules?
The impending CFPB rules and Dodd-Frank legislation present technical challenges for banks and financial institutions (FIs) as they require the provision of personal financial data to customers in a secure and standardized electronic format, including transactions, balances, payment history, and other account-related information.
To comply, banks must not only enable data access to customer-authorized third-party fintech applications but also ensure transparent disclosure of data collection, usage, and sharing practices. Additionally, stringent data security measures must be implemented to protect customer information from unauthorized access, along with the development of clear processes for resolving any disputes related to data access.
As shared in a previous blog, the tasks that banks and third parties will need to do to comply with the CFPB rules is complex. Ultimately, ensuring compliance with these rules could necessitate significant investments in new data management systems, enhanced security protocols, and expanded compliance teams.
How can banks and FIs implement strategies to comply with these rules?
With change looming in 2024, there is little time for banks and FIs to start from scratch in developing a robust technological and procedural response to achieve compliance. As mentioned, the impact to data management systems, data flow strategies, security measures, and the expanded staffing required to support such a response, let alone develop it, is considerable and represents a large hurdle to overcome in a short timeframe.
That’s where an open finance platform like Ninth Wave comes in. Ninth Wave’s platform can be quickly implemented to provide full support for compliance with the proposed CFPB rules in a cost efficient solution, enabling banks to seamlessly achieve secure, permission-based data sharing.
Ninth Wave’s capabilities have been designed for this purpose, to equip FIs with precise control of any and all connected fintechs that need to access the FI’s customer data. Through the Ninth Wave Fintech Registry, banks and FIs have access to comprehensive administrative tools to manage all aspects of fintech engagement, including registration, access control, and managing customer entitlements, thus ensuring thorough oversight and enhanced data security.
Ninth Wave’s Fintech Registry leads the industry with enhanced controls and security through several key functionalities that are vital for maintaining robust financial ecosystems:
- Fintech Registration – Automated and Manual Fintech Registration
Dynamic – By leveraging the Ninth Wave Connect product, we can dynamically register fintechs on behalf of the FI as any open finance traffic is initiated from those apps by their customers. Open finance administrators for the FIs immediately have a lens into any registered application and can proceed with additional management of those applications.
Facilitated – Financial institutions can also choose to facilitate the registration process by selecting fintechs individually from the growing library of available apps in the Ninth Wave Fintech Registry. This method provides an additional layer of control and security by only enabling access to specifically enabled apps.
- Fintech Access – Ability to Monitor, Throttle, and Disable Fintech Access
Once a fintech is registered for a FI, Ninth Wave provides administrative access to personnel at the FI so they can manage and monitor all open finance traffic. This provides a comprehensive view into which applications are accessing a FI’s open finance infrastructure and offers specific enable/disable features, ensuring that FIs can quickly disable access from any application for any reason, enabling rapid responses to security concerns or breaches at the fintech / application.
Additionally, the Fintech Registry is enabled with a Traffic Shaping feature that allows the financial institution to adjust the volume and timing of data traffic allowed for each enabled fintech, ensuring both performance and security are optimized.
- Fintech Entitlements – Tracking and Controlling Customer-Level Access
As fintechs are registered for each financial institution and made available for customer access, Ninth Wave provides additional capabilities to track fintech-level entitlements at the customer level, ensuring that all data interactions between customers and fintechs are securely integrated and permissioned.
The Ninth Wave administrative portal tracks customer entitlements at the individual fintech level; this information can then be used for any downstream billing opportunities for the FI. Each customer (and administrative personnel, if enabled) has the ability at all times to revoke access to individual fintechs.
Entitlements extend to the account level, so that individual and/or multiple accounts can be enabled/disabled by each customer for each application, allowing for precise control over account sharing permissions with fintechs.
With Ninth Wave’s robust platform capabilities and these innovative Fintech Registry features, financial institutions are empowered to easily comply with regulatory demands while also significantly enhancing their operational security and customer service capabilities in the open finance arena. This strategic approach helps financial institutions adapt to the digital demands of modern finance while safeguarding sensitive information and maintaining trust with their customers.
Take a proactive approach.
With the CFPB rules set to reshape the banking sector in 2024, FIs need to be proactive in overhauling their data management and security systems. The Ninth Wave Fintech Registry provides a robust framework that helps banks and financial institutions meet these new demands head-on, ensuring compliance, enhancing security, and ultimately, improving customer satisfaction by empowering consumers with control over their financial data.
For banks and FIs, adapting to these regulations is not just about compliance but also about seizing the opportunity to innovate and enhance their service offerings. Ninth Wave’s technology and expertise are pivotal in this transition, positioning FIs to thrive in a more open and customer-centric financial ecosystem.
Reach out to Ninth Wave today to learn more about Ninth Wave’s Fintech Registry and how we can assist in preparing your institution for these forthcoming changes.
About Ninth Wave
Ninth Wave delivers secure, seamless, and standardized data connectivity to fintechs and financial institutions of all sizes, through a single point of direct integration to a universal suite of open finance APIs. With configurable controls, visibility, and insights into all data sharing and data acquisition connections between aggregators, third-party apps, and internal applications, Ninth Wave empowers financial institutions and their customers with access and oversight to their connected apps, enabling secure data exchange in a holistic and scalable open finance ecosystem. Offering solutions for retail and commercial banks, wealth managers, credit card issuers, tax providers, and more, Ninth Wave provides unparalleled connectivity and universal compatibility to complex information systems, unlocking innovation, potential, and performance for your data. Contact us to learn more about Ninth Wave’s secure data connectivity features. Empowering open finance. At scale, at last.