The Pandora’s Box of customer banking data has already burst open with the popularity of third-party financial products. Still, banks are doing all they can to restrict their customers from accessing their own data. What gives?
Aggregation has become a flashpoint between hundred year old banks, the CFPB and customers. In the first installment of this series, we looked at the history of aggregation technology, and its improvements since the first dot-com boom. This post explores the banking industry’s opposition to aggregation, and provides a path forward for US regulators.
New Enemy, Same Tactics
This year, the American Banking Association came out against aggregation technology, citing the same concerns and scare tactics they have relied on for twenty years. Today, aggregation technology is exponentially more reliable and secure than it was in the late 1990s. While the enemy has evolved, the banks are still using the same plan of attack.
In 2001, the OCC issued a “Guidance Memo” to banks that listed five risks posed by aggregation:
- Strategic Risk
- Reputation Risk
- Transaction Risk
- Compliance Risk
- Security Risk
Since then, several of these concerns have been made obsolete by technological advancements. Others proved to be illegitimate in the first place. Regardless, the ABA’s latest arguments revolve around the same old concerns of “data usage” and “security.” In his 2015 shareholder letter, Jamie Dimon dedicated significant air time to criticize aggregators, and took direct action by cutting off JP Morgan’s customers from using Mint.com. While the security concerns are exaggerated, the rising popularity of PFM tools means that they are racking up significant server costs for the banks. In other words, JP Morgan doesn’t want to pay to import its customers’ data to Mint.com.
Enter the Regulators
The CFPB is a government watchdog set up to “make consumer financial markets work for consumers.” In November 2016, they held a field hearing in Utah to spark a public debate over aggregation. While the hearing made room for a healthy debate, it has opened the floodgates to banking industry lobbyists and the influential American Bankers Association, which continues to fight against aggregation.
If the CFPB plans to keep their promise to protect consumers, they should weigh popular consumer opinion against the lobbying effort of the big banks. In 2016, over 70% of customers trust the top tech companies more than their banks. A fair ruling will incorporate changing user behaviors and advancing technologies into its decision. Got an opinion? You can submit letters to the CFPB by February 14th, 2017.
Towards a Working Regulatory Framework
As it moves towards establishing new laws, the CFPB should stick to principles-based best practices that will remain relevant as the technology, and the debate over data ownership, continue to evolve. In particular, the industry will benefit from guidance around:
- API Framework: Financial Institutions should identify 1-3 “Approved Vendors” to build and manage their APIs. The financial sector can trim inefficiencies using a standardized protocol for data, just as the healthcare sector has over the past ten years.
- Customer Control Center: It must be easy for consumers to manage where their data is flowing. Banks should be required to provide a clear dashboard of all third-parties who are plugged in. This way, consumers can unlink their accounts from products they no longer use, keeping their data under control.
- Re-examine OFX: As we mentioned in the first in this series, Intuit and Microsoft developed the OFX to avoid the Aggregation Wars. Is now the time to re-examine a protocol that banks can support for distribution?
In our next installment of this series, we will take a closer look at the European regulations, and the lessons the US can learn looking forward.