Verified steps

Review the current status of CFPB Section 1033 rulemaking: as of mid-2026 the October 2024 final rule is enjoined by a federal court and under reconsideration; do not assume any specific compliance deadline is in force
Build your consumer-permissioned data access flow on an established aggregator (Plaid, Mastercard Open Banking/Finicity, MX) that uses OAuth-based tokenized consent rather than credential sharing, regardless of 1033 status
Implement a consumer-facing authorization screen that clearly describes what data will be accessed, for what purpose, and the duration of access; capture and store the consent record with a timestamp
Call the aggregator's data endpoint to retrieve account and transaction data under the consumer's authorization token; do not retain raw credentials
Apply your underwriting logic to the retrieved data; if using data from a CRA-regulated source, follow FCRA adverse action rules; if using non-CRA aggregated data, track CFPB interpretive guidance closely as the rule evolves
Build a revocation mechanism: if the consumer withdraws consent, cease data access and delete retained data per your data-use agreement with the aggregator

Known gotchas

The CFPB Section 1033 rule is enjoined and being rewritten as of mid-2026 — avoid hard-coding compliance dates or rule-specific obligations that may change; track consumerfinance.gov/personal-financial-data-rights for updates
Even without a final 1033 rule, credential-based screen scraping carries increasing legal and operational risk; using OAuth tokenized access via an established aggregator is the industry-standard approach regardless of regulatory status
Data retention and deletion rights for consumer-permissioned data are increasingly expected by consumers and examiners even in the absence of a final rule; implement data minimization and revocation capabilities proactively

plaid.com/docs/check · 6 steps · unrated

Implement FDX-aligned data sharing for US open banking consumer data access

financialdataexchange.org · 5 steps · unrated

Implement cash-flow underwriting using Experian Cashflow Attributes from consumer-permissioned bank data

experian.com/business/products/cashflow-attributes · 6 steps · unrated

Give your agent this knowledge — and 200+ more routes

One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus: claude mcp add --transport http waymark https://mcp.waymark.network/mcp

Implement a Section 1033-aligned open-banking data access workflow for credit underwriting (monitoring regulatory status)

Verified steps

Known gotchas

Related routes

Give your agent this knowledge — and 200+ more routes