The FDX User Experience Guidelines are designed to help technical teams deliver user-permissioned data sharing flows that are intuitive, transparent, and compliant with regulatory expectations. Developed by the FDX working group, these guidelines directly reflect requirements from the CFPB’s Section 1033 rule, ensuring that user interface (UI) and user experience (UX) in open finance is not just functional, but also meets the letter and spirit of consumer data rights.
Regulatory Foundations for the 1033 UX
The Consumer Financial Protection Bureau’s Section 1033 rule, finalized in October 2024, mandates that financial institutions provide consumers and authorized third parties with access to their financial data in a secure, reliable, and user-friendly manner. FDX’s UX Guidelines are explicitly mapped to these regulatory requirements, providing actionable recommendations for technical implementers.
Key CFPB 1033 requirements that guided FDX’s UX Guidelines include:
- Clear and Conspicuous Authorization Disclosure (1033.411(a)): The authorization disclosure must be prominent and segregated from other materials.
- Identification of Parties (1033.411(b)(1)-(2), 1033.431(b)): The disclosure must clearly name the authorized third party, any data aggregator, and the data provider in a readily understandable format.
- Purpose and Data Scope (1033.411(b)(3)-(4), 1033.211): The disclosure must briefly describe the product/service requested and specify the categories of data to be accessed.
- Certification and Duration (1033.411(b)(6), 1033.421(b)(2)-(3)): The duration of data collection must be stated, with a maximum of one year before reauthorization is required.
- Revocation Rights (1033.411(b)(7)): Users must be provided with a method to revoke consent that is as easy to use as the initial authorization.
- Consent Management and Dashboards (1033.411(b)(7), 1033.431(c)): End users must be able to view, manage, and revoke their authorizations easily, with dashboards recommended for Data Providers, Data Recipients, and Data Access Platforms.
Trust, transparency, and clear communication are foundational to guiding the user journey in website design and development. These principles help users understand how their data is used, who has access to it, and for what purpose—building confidence in the system and empowering users to make informed decisions.
By providing clear, conspicuous disclosures, intuitive consent management, and accessible revocation options, designers ensure that users remain in control of their experiences and data. This approach not only streamlines interactions but also fosters lasting trust and satisfaction throughout the user journey.
Technical Implementation Highlights
1. Consent Journeys and Processes
The guidelines break down the user experience into “Journeys” (e.g., granting, managing, or revoking consent) and “Processes” (e.g., authentication, account selection). Each journey is mapped to CFPB 1033 requirements, ensuring that every user touchpoint is compliant and user-centric.
2. Authorization Disclosure
- Must include: names of all parties, product/service description, data clusters (categories), duration, and revocation method.
- Must be clear, conspicuous, and available in the user’s language, with links to English translation if needed.
- Electronic or written signature required for express informed consent.
3. Data Clusters and Scope
- Data Clusters group related data elements (e.g., transactions, balances, account details).
- Only the data necessary for the stated business purpose should be requested and disclosed, in alignment with CFPB’s data minimization principle.
- Standardized cluster names and descriptions promote consistency and user understanding.
4. Consent Duration and Reauthorization
- Consent cannot exceed one year (1033.421(b)(2)). Reauthorization must be obtained at least annually.
- The expiration date must be displayed, and users must be notified prior to expiration.
5. Consent Management Dashboards
- Dashboards should allow users to view which data, accounts, and third parties have access, and to revoke or reauthorize as needed.
- While not strictly required for Data Providers, dashboards are strongly recommended for all parties to support transparency and user control.
6. Revocation and Reauthorization Flows
- Revocation must be as easy as granting consent, with no cost or penalty.
- Any changes to the scope of consent require a new authorization disclosure and user consent.
| FDX UX Guideline Area | CFPB 1033 Reference | Implementation Example |
|---|---|---|
| Authorization Disclosure | 1033.411(a), (b)(1)-(4) | Clear, segregated consent screen with all required details |
| Data Clusters & Scope | 1033.211, 1033.411(b)(4) | Standardized data cluster selection in UI |
| Consent Duration | 1033.411(b)(6), 1033.421 | Display of expiration date, annual reauthorization process |
| Revocation Rights | 1033.411(b)(7) | “Revoke access” button in consent dashboard |
| Consent Dashboards | 1033.411(b)(7), 1033.431 | Dashboard showing all active and past authorizations |
Conclusion
The FDX User Experience Guidelines are a practical, technical blueprint for building user data-sharing flows that are both best-in-class and CFPB 1033-compliant. By mapping every step of the user journey to specific regulatory requirements, FDX ensures that open finance implementations are not only secure and interoperable, but also empower consumers with real control and transparency over their financial data.
For technical teams, aligning with these guidelines is not just about compliance—it’s about building trust and usability into the core of open finance.
- To learn more about the CFPB Section 1033 requirements for the Developer interface provisions, read my blog on the Consensus Standard Data Format (CSDF).
- To read more about the Security Model of the FDX API V6.4.0 visit my blog article on the Future of Secure API Design.
References:
- https://financialdataexchange.org/FDX/News/Announcements/FDX_Announces_Spring_2025_API_Release_6_4.aspx
- https://financialdataexchange.org
- https://financialdataexchange.org/common/Uploaded%20files/Intoduction%20To%20APIs%203212024_1120.pdf
- https://www.businesswire.com/news/home/20210519005031/en/Financial-Data-Exchange-Releases-FDX-API-4.6
