The CFPB’s Section 1033 rule (finalized in October 2024) implements the Dodd-Frank requirement that US data providers (banks, credit unions, card issuers, payment apps, and other holders of consumer financial data) make that data available to consumers and to authorized third parties under strict consent and disclosure rules. Compliance is non-negotiable, but the rule also opens the door for financial institutions to treat open banking as a growth opportunity. That shift creates a practical need: data providers must know which third-party apps their customers have authorized. “App directory” and connection-visibility tools are how many institutions get that view. Below we look at what 1033 entails, why visibility into connected apps matters, whether Plaid is the only provider, and how some institutions are framing 1033 as a springboard for competitive advantage.
What 1033 requires (in brief)
Section 1033 of the Dodd-Frank Act, as implemented by the CFPB’s Personal Financial Data Rights rule:
- Obliges data providers to share covered consumer financial data in electronic form with consumers and with third parties that have obtained valid authorization.
- Regulates authorization: third parties must give a clear disclosure (who they are, what data, purpose, duration, how to revoke), certify they will meet the rule’s obligations, and obtain the consumer’s express, informed consent.
- Applies to a wide set of “data providers”, including banks, credit unions, card issuers, payment apps (e.g. Venmo, Zelle, PayPal), digital wallets, and in certain cases BNPL and data brokers.
The rule does not literally say “build an app directory,” but it implies that data providers need to manage and understand third-party access: who has been authorized, for what, and how to support revocation and compliance. That in turn drives demand for visibility into connected apps, often delivered as an app directory, dashboard, or API.
Why app directories and connection visibility matter
Once 1033 is in force, many more third parties can request access. Data providers need to:
- Manage risk and compliance: know which apps are connected, whether they are legitimate and compliant, and how connections are used.
- Support customers: answer questions like “Which apps have access to my account?” and help with revoking access.
- Meet regulatory expectations: demonstrate that they share data only with authorized third parties and that they can identify and monitor those parties.
An app directory (or equivalent) gives data providers a central view of third-party apps that connect through a given network or API: app names, logos, categories, connection counts, and sometimes “live” dates or compliance status. That view supports risk, compliance, and customer support without building everything in-house.
1033 as a springboard for open banking
Beyond compliance, many banks and fintechs are treating Dodd-Frank 1033 and open banking as a chance to improve retention, acquisition, and customer experience. As Accenture's Banking Blog has noted, the rule focuses on data transparency and consumer control; forward-thinking institutions are investing in robust API platforms and fintech partnerships to offer personalized financial insights and services that go beyond traditional products. In one Accenture survey, 54% of North American banks cited regulatory compliance as a significant challenge impacting strategy, but the same regulatory push can be reframed as an opportunity to join a data-driven ecosystem and deliver more customer-centric solutions. For more context, see our open banking regulations overview.
Concrete examples of open banking in the wild include pay-by-bank options (e.g. Walmart's "Pay by Bank", which lets customers pay directly from their bank accounts and gives retailers an alternative to card networks) and integrated personal financial management (PFM): Intuit's Mint was folded into Credit Karma to create a single financial ecosystem, a pattern that reflects table-stakes PFM and data aggregation for many consumers. Meeting customer demands for transparency and control can strengthen trust and retention while attracting users who want more flexible, tech-enabled financial services.
The Financial Data Exchange (FDX) is the main standards body for US open banking, with 200+ member organizations and over 94 million accounts actively using the FDX API for permissioned data sharing (FDX has reported higher figures since; see FDX for current stats). FDX provides standardized frameworks that help institutions move toward 1033 compliance while improving interoperability. Using FDX-aligned APIs and visibility tools (including app directories) lets data providers both comply and position themselves as leaders in the open banking ecosystem rather than merely reacting to regulation.
Is Plaid the only provider?
No. Plaid is one prominent provider of this type of capability; others offer similar visibility and 1033-oriented tools.
-
Plaid: App Directory provides a no-code dashboard and APIs so data providers can see app-level insights (names, logos, categories, connection counts, live dates) for thousands of apps on the Plaid network. It is positioned for risk, compliance, and customer support and is often cited in relation to “being ready for 1033.” Plaid’s Permissions Manager adds real-time visibility into customer connections and authorizations; Core Exchange is their FDX-aligned API for data sharing.
-
MX: Data Access is an open finance API platform that helps financial institutions share data in a 1033-aware way. It includes FDX-compliant endpoints, consent and administrative dashboards, and tools to manage third-party app access and view data-sharing activity, giving data providers visibility and control similar in purpose to an app directory.
-
Akoya: A data access network that helps financial institutions comply with the CFPB’s 1033 rule via secure, API-based data sharing. Akoya’s Data Recipient Hub supports managing integrations and third-party access, with OAuth 2.0/OIDC and consent management, so banks can see and manage which data recipients (apps) have been authorized.
FDX (Financial Data Exchange) sets the technical and consent standards that many of these solutions align with; it does not itself offer a single public “app directory.” Instead, aggregators and data-access platforms (including Plaid, MX, and Akoya) each provide their own app or connection visibility for the apps that use their network or API. A bank may use one or more of these depending on which third parties their customers connect through.
Summary
- 1033 requires data providers to share consumer financial data with authorized third parties and to manage that access in a compliant way, which creates a need for visibility into which apps are connected. See the Section 1033 rule and open banking regulations for background.
- App directories and connection-visibility tools address that need by giving data providers a central view of third-party apps (and sometimes connection counts and compliance-related metadata) for risk, support, and compliance.
- Plaid is not the only provider: MX (Data Access) and Akoya (Data Recipient Hub, data access network) also offer 1033-oriented dashboards and tools for managing and viewing third-party app connections. The exact product names and scope differ, but the function (see and manage which apps have access) is similar across the landscape. Compare API aggregators for coverage and capabilities.
- Treating 1033 as a springboard for open banking (robust APIs, fintech partnerships, FDX-aligned standards, and customer-centric experiences) can help institutions turn compliance into competitive advantage.
If you are a data provider preparing for 1033, it’s worth evaluating which aggregator networks your customers use (e.g. Plaid, MX, Akoya, others) and what visibility each platform offers so you can meet the rule’s expectations for knowing and managing authorized third parties. Investing in that visibility and in a clear open banking strategy can support both compliance and long-term growth in an evolving marketplace.
This post draws on CFPB rulemaking and Accenture's Banking Blog (Open Banking and Dodd-Frank 1033). For more on this site: Section 1033, FDX, open banking API, API aggregators (including Plaid and MX), and open banking regulations.
