Resource

Why Community Banks Could Be Left Holding the Bag on Section 1033

There is a battle over customer data in banking. 

Currently, it’s between large banks (specifically JPMorgan Chase) and fintechs. And while community banks aren’t at the center of the fight, they’re likely to feel the consequences, however it’s resolved.

JPMorgan initiated the current disagreement in July after indicating the company would start charging a fee for core data to third‑party vendors, challenging the very idea of open banking.

On one side, big banks like JPMorgan Chase argue that they’ve built the infrastructure behind digital banking, and that third parties like fintechs should contribute to the cost of maintaining and scaling it. They say data traffic has exploded in recent years, much of it not tied to real customer activity, and that the current system is unsustainable without a funding model.

On the other side, fintechs and consumer advocates argue that customers, not banks, own their financial data. They believe that requiring banks to share this data freely improves competition, innovation, and consumer choice. They worry that if fees are allowed, only the biggest, most well-funded fintechs will be able to afford data access, cutting out smaller innovators and limiting consumer options.

Who Owns the Data in Banking?

Section 1033 of the 2010 Dodd–Frank Act instructs the Consumer Financial Protection Bureau (CFPB) to write rules allowing consumers to access and share their bank data. Government documents supporting the final rule emphasised that Section 1033 would significantly expand consumer choice and access to their data.  

The agency has been working on it for years. 

  • In 2016, the CFPB began its work on data access by issuing a request for information on how consumers retrieve and share their financial records. The following year, it released a set of non-binding Consumer Protection Principles outlining its vision for safe, consumer-authorized data sharing.
  • In February 2020, the Bureau convened a public symposium to explore the risks, benefits, and regulatory implications of third-party access to financial data.
  • After years of discussion and stakeholder input, the CFPB issued its final rule in October 2024. The rule requires banks and other data providers to give consumers and their authorized third-party apps free access to defined account data. There would be a phased approach to compliance starting April 2026, beginning with the largest institutions.
  • That same day, major banking trade associations filed a lawsuit to block the rule. Then, in May 2025, under new leadership, the CFPB told the court it no longer supported the rule and asked that it be vacated, stating its intent to seek summary judgment to have the rule set aside.

Section 1033 still requires the agency to issue some form of rule, but it is unclear how the new leadership will proceed. Until the courts decide, banks and fintechs have little clarity about whether data access must remain free or whether fees will be allowed.

Opponents, primarily banking trade groups and, eventually, the CFPB itself, contend that the rule oversteps the Bureau’s authority and imposes unnecessary risks and costs. They argue that it requires banks to share data with third parties who are not expressly covered by the statute. Their argument is that Section 1033 is silent on fees and fails to account for security risks and realistic compliance timelines. They also warn that free access could encourage uncontrolled data scraping and increase the possibility of fraud.

The Risk to Community Banks No Matter Who Wins 

If large banks are allowed to charge for data access, those costs could trickle down through data aggregators. Community banks, which often rely on those same aggregators to integrate with budgeting tools, payment apps, and other platforms, might find themselves absorbing higher fees or passing them on to customers. 

Meanwhile, their fintech partners, many of which already operate on razor-thin margins, might pull back from integrations that become too costly or legally uncertain.

At the same time, if a federal rule like Section 1033 mandates free access without offering financial or technical support, community banks could be required to build and maintain new systems to comply, despite having smaller budgets, fewer developers, and limited in-house compliance teams.

Community banks already spend a higher share of their budgets on regulatory data tasks; they allocate about 1.5 % of their non‑interest expenses to compliance data processing, compared with 0.6 % for large banks. 

In short, community banks could be squeezed from both sides: priced out by rising aggregator fees if data becomes a commodity, or burdened by unfunded mandates if data is made universally free without support. Either way, they have more to lose and less room to maneuver than the giants fighting this out in court.

Practical steps for small banks

  1. Simplify your tool stack. Every extra system means duplicate data entry and more training. Consolidate where possible and choose cloud platforms that integrate easily.

  2. Evaluate third‑party relationships. Ask vendors how they plan to handle possible data‑access fees. Ensure that contracts allow you to switch providers or negotiate costs if the regulatory environment changes.

  3. Plan for multiple outcomes. Whether Section 1033 survives or is vacated, community banks should be ready. Unifying data now means you can adapt quickly, keep customer information secure and offer seamless services regardless of the rules.

iDENTIFY Helps Your Bank Prepare for a Data-Focused Future 

At iDENTIFY, we work alongside community banks that are balancing innovation with risk management. Our experience shows that the best hedge against compliance surprises and market volatility isn’t guesswork, it’s a unified data platform.

Too often, banks scatter critical information across multiple cores, third-party fintech tools, and one-off reporting systems. That fragmentation creates blind spots. By building a single source of truth, banks gain the clarity and control needed to monitor third-party activity, respond quickly to examiner requests, and make confident, data-informed decisions.

Community banks aren’t designed for speed. They’re designed for staying power. That intentional pace can be an asset when regulations or political leadership change. Here’s why.

As a Snowflake Select Partner, iDENTIFY brings deep experience helping banks modernize their data ecosystems using Snowflake’s powerful, secure infrastructure. We help banks unify internal systems and securely share data with fintech partners using Snowflake Data Share, a scalable alternative to costly, fragile APIs.

Instead of building custom integrations or struggling with unreliable push/pull methods, banks can offer real-time access to clean, reliable data, creating a better experience for fintechs and their customers alike.

Connect with our team today to explore how platforms like Snowflake can help you streamline, unify, and future-proof your data.

Unify your bank data with iDENTIFY

Contact Us