Bank Director | Data Sharing Archives

In January 2018, the Revised Payment Services Directive (PSD2) takes effect in the European Union, requiring banks there to open their payment infrastructure and data to third parties. The consumer-focused initiative is intended to give individuals control over their financial data while simplifying the payments ecosystem. Belgium, Germany and Italy have had a common protocol for providing third-party access to account information since the 1990s, and Australia is considering measures similar to the EU’s PSD2 initiative, according to a report from McKinsey & Co. With so much momentum behind the concept of open banking, should the United States explore a similar uniform data sharing policy?

Currently, the U.S. sees data sharing between banks and third parties take place through a patchwork of one-off deals. Often, agreements are struck between a financial institution and an intermediary that aggregates data from several institutions and provides that information to third parties, such as personal financial management apps, lending platforms or other consumer-facing service providers. These types of agreements do little to further a holistic national agenda of financial innovation and inclusion.

Many stakeholders—banks and technology companies alike—believe that these one-off data sharing agreements are not enough. For banks, current methods used by technology companies to gather data from their systems can result in security breaches, and carry the potential for brand or reputational risks. These issues illustrate the need for a uniform protocol that addresses both the technical aspects of connecting with third parties and the liability issues that can arise in cases of consumer financial loss.

What’s more, while the demands of secure API implementation are huge expenditures for a financial institution, the shift to open banking can also lead to new opportunities. (An application program interface, or API, controls interactions between software and systems.) As an example, PSD2 requires that banks provide access to data, but it does not prohibit an institution from monetizing its data in ways that go beyond the statute. Banks can capitalize on this mandate by providing more detailed data than is required by PSD2, or by providing insights to accompany the raw data for a fee. In addition, the development of API expertise will move institutions closer to offering many different financial services through a digital platform. Leveraging APIs can allow institutions to efficiently provide advice and services that customers demand today. (For more on this, read “The API Effect” in the May 2017 issue of Bank Director digital magazine.)

For technology companies that require access to bank data to operate, open APIs offer more reliable, accessible data. Without a direct line to bank data, technology companies must often resort to “screen scraping” to gather needed information. This technique requires a bank customer to provide log-in credentials to the third party. Those credentials are then used to collect account information. This method is much less secure for banks than controlling an API interface would be, and it’s a lot less smooth for bank customers that want to provide the technology company with access to their data.

Also, the process of entering into data-sharing agreements with multiple financial institutions is a daunting task for even the most sophisticated technology companies. Connectivity requirements vary from bank to bank, as do security protocols. Add to that a significant price tag for each deal, and the task of building a customer’s financial profile across multiple institutions is a significant barrier to entry that prevents the delivery of innovative financial services to consumers.

While the U.S. has been slow to act on open banking initiatives, there have been some signs of life. In October of 2017, the Consumer Financial Protection Bureau released its principles on data sharing and aggregation and confirmed its view that individuals, not the companies they work with, own their financial data. While this is only guidance coming from an embattled regulator, it hints at American interest in the open banking movement.

“Innovation, enhanced security and the drive for greater competition are the golden triptychs at the heart of PSD2,” wrote Alisdair Faulkner of the digital identity company ThreatMetrix, based in San Jose, California, in August 2017. Those would seem to be values that every government should strive to uphold, and with benefits for both incumbents and new technologies, perhaps exploration of a PSD2-like initiative can take hold in the U.S.

Banking customers are demanding more and more access to innovative fintech services and applications that are making their financial lives easier. Big banks are responding by embracing the trend of open data, allowing fintech companies to access user information to provide a more seamless customer experience. One needs to look no further than the recent data sharing agreements with Intuit reached by Wells Fargo and JPMorgan Chase.

A big reason that Wells and Chase make agreements like these is to knit innovative fintech services, like Mint.com (recently acquired by Intuit) more tightly into their service offerings. By providing fintech app providers like Mint.com with access to customer data through an open application programming interface (API), banks like Wells Fargo can better integrate customers who use Mint.com into their own ecosystem.

But the question is, will the trend of open data sharing benefit certain banks or fintechs over others? What are the consequences forbig banks that are slow to make their data accessible? And in the end, will regulators leave them any choice?

Big banks are adopting open data primarily for three reasons. First, they’re trying to reassure clients from an ethics and security standpoint. By opening their data to third parties, they’re demonstrating that security measures are adequate and they’re not afraid of transparency.

Second, bringing new customers who are attracted by the bank’s fintech offerings into their ecosystems creates the opportunity to upsell and cross-sell those users more traditional products like mortgages and business loans. Finally, big banks want to leverage fintech technology and innovation to expand their service offerings, without incurring the cost of internal innovation. Banks like Chase can then focus their internal IT development resources on back-end functions to support customer facing technology.

But in a world where fintechs are in an arms race to onboard users, and banks are all too happy to partner with the “next best thing” in fintech, will there be enough room in the marketplace for everyone? Big banks will obviously be able to survive in this environment, with the money and resources to cement data sharing agreements with the best fintechs. Niche fintechs will also have an enormous amount of leverage. For instance, peer-to-peer lending platforms like SoFi that are challenging traditional big bank lending will have their choice of who to partner with and how much they’re able to command. It’s the mid- to lower-sized banks and credit unions that might be challenged, as they simply don’t have the resources to adopt the “Banking as a Platform” mentality that Chase and Wells Fargo are moving towards with their data sharing strategy.

There are reasons why banks might be skeptical of the open data era. Security and privacy of data, along with the issue of who “owns” customer information being the primary concerns. However, legacy institutions that are slow to open their APIs to fintechs will likely experience negative consequences.

The cost for banks to innovate and develop products like Mint and QuickBooks (under the Intuit umbrella), are extremely high. To compete with Chase and Wells Fargo in terms of similar personal finance and accounting software, banks would have to divert significant amounts of internal IT resources away from critical areas like security and back-end infrastructure. Moreover, even if banks do successfully develop similar technologies on their own, they’re missing out on the user and customer base that fintechs have already established. As of 2016, Mint.com had over 20 million users, a number that would be nearly impossible for even a very large bank to reach on its own with an internally developed and branded application.

The Consumer Finance Protection Bureau (CFPB), has already outlined its plans to advocate for open data sharing. And in fact, the trend has already been set abroad, with the European Community adopting the Directive on Payment Services Regulation (known as “PSD2”). PSD2 was implemented to encourage competition in the fintech ecosystem, and to make it easier for third-party technology providers to gain access to customer financial data. The end goal is to enhance the benefit that consumers get from banks and fintechs, and the CFPB is rowing hard in that direction.

In recent remarks at the Money 20/20 Conference in Las Vegas, CFPB Director Richard Cordray made clear that banks that don’t open their data to third parties are not operating transparently, nor in the best interests of their clients. Moreover, he believes that the CFPB can force all banks to adopt open APIs due to certain provisions in the Dodd-Frank Act. The CFPB also realizes the increasing prevalence of mobile banking, and wants to ensure those third-party mobile apps have adequate access to bank-end customer data to best serve consumers on their smartphones.

Globally, all signs point towards more open data sharing relationships between big banks and fintechs. The winners will be banks that focus on opening up sooner, rather than later, and partnering with fintechs that serve their customers’ core needs. Banks whose core business is investing, for instance, should focus on opening and partnering with investing fintechs that their customers are probably already using, such as the low-cost trading platform Robin Hood. Mature fintechs will also benefit, as they’ve already built a user base and can scale even more once they’re part of a Chase or Wells Fargo type ecosystem. Finally, legacy banking customers who seek simplicity in their experience will be big winners. Customers of big banks will begin to have access to fintech applications, technology and innovation in a “one stop shop” fashion. In the end, the CFPB doesn’t look like it will give banks much of a choice, so it’s up to them to embrace the trend or risk falling behind the competition.