Recently, Yodlee, Quovo and Morningstar announced that they were launching a joint initiative “…to enable secure, open data access for consumers in regard to their financial data.” They’ve created the Secure Open Data Access (SODA) framework, a set of consumer-centric principles for data access and financial data security to promote transparency, traceability, and accountability in the financial services ecosystem.
We’ve done a lot of talking lately about open data and why it’s so important for consumers and businesses. This ranges from allowing for increased innovation to the importance of APIs. Let’s dissect what this announcement doesn’t say:
SODA Broken Down
“To ensure that the aggregator bread-and-butter business isn’t scuttled completely, or at the very least taxed into oblivion by the banks, aggregators are stealing a march by positioning themselves as consumer advocates.” – Drew Sievers, CEO of Trizic Inc.
1) Mention of Financial Institutions
How can you protect data or open it up without partnering with the very people who provide the customer info in the first place? What we do know about this deal is that there’s no clarity on where the data goes, no clarity on how to control users’ access from the FI side via these three companies and no comparison to PSD2. The bank’s data is what the aggregators are mishandling, either intentionally or unintentionally.
2) APIs Not Included
The three SODA aggregators don’t say that they will no longer screen scrape. They have positioned themselves to appear on the side of the consumer while stopping short of adopting more secure methods of data sharing like APIs. They also criticize the government for a lack of clarity but suspiciously stop short of advocating for new legislation that would most likely restrict their operations. “The move is partly a response to other industry proposals that the SODA framework developers see as too restrictive.”
3) Data Resale
The framework benefits a data aggregator company that makes money on selling the technology. Yodlee has taken heat on reselling anonymized data to investors and others. But they say the framework is designed to put the consumers’ needs first.
The sale of this data is one of the big areas of interest among hedge funds. Many are interested in non-traditional data sets, and consumer portfolios/activity is one of those data sets that’s viewed as interesting data to hedge funds. With all the money available for data, it’s hard to believe they are going to leave those chips on the table and walk away.
4) Plaid and Finicity
The two missing players are smaller than the others but also used widely and screen scrape the same universe of financial institutions. “SODA’s purpose is to consolidate Yodlee et al.’s position and ward off the threat of large banks stepping in and regulating the market themselves, since it is more often than not banks’ data that’s used,” says Sievers. If this is true, why not include all the aggregators? Are Plaid and Finicity being excluded for being too small? They do the same thing and use data the same way. So why were they left out? Plaid has declined to comment on this announcement citing a lack of expertise regarding Yodlee, but it does make you wonder.
Where’s the beef?
Essentially, there’s not much here. There’s no clear benefit to the investor and the protection of their data and there’s no clear benefit in terms of security.
APIs are the big missing piece in all of this and what’s really needed above and beyond these “made up” frameworks. APIs give everyone more control, allowing FIs to benefit the users and truly keep their information secure and protected.
In Europe, the Europeans believe they own their own data, but that’s not true in the US. This is the mind shift that needs to happen to give people more control of their data and in turn, their privacy. No acronyms needed.