A Letter to Regulators

Over the past few weeks, we covered the data battles taking place in fintech. As the CFPB deliberates on whether to defend data aggregation, we urge them to remember their mission to “empower consumers to take more control over their economic lives.” To grant data ownerships to banks, rather than consumers, would represent a stark failure of the CFPB to deliver on this mission.

We encourage anyone who cares about their data to write the CFPB at the email address below.  As Plaid, Yodlee, and other tech innovators have argued, continuing to innovate in fintech relies on customer data ownership. Here is the letter we sent to regulators:

REF.png

Aggregation Wars, Part 4: Europe

Across the pond, EU regulators are building a secure consumer-oriented financial ecosystem. To stay relevant as a global innovator, regulators in the United States act fast in doing the same.

Last January, European regulators passed the PSD2 law, which grants ownership of account data to the bank customer rather than the bank. Under PSD2, financial institutions will be required to provide free access to their customers’ accounts to any third party that the customer authorizes.

The Customer is Always Right

Consumers win under PSD2, because it encourages competition in the digital financial product space. Instead of being forced to use their banks’ clunky services, Europeans can sign up for any sleek new service, then authorize it to connect to their bank. This new and open market has tech companies building products that are better functioning, customizable, and more mobile-friendly than the existing products offered by banks.

1-krsf9so2iirwe1wh0zshga

PSD2 in GIF format, source: Medium

Smarter, Simpler Regulations

In the United States, regulators are still years behind their European counterparts. The challenge lies in crafting laws that remain relevant as the technology evolves over time. To avoid over-regulating the industry and creating never-ending work for themselves, US regulators should build a framework of principles and “best practices” for the industry. Without micromanaging the details, they must foster:

  • Ease of Connectivity: the adoption of a universal financial “language” that makes it easy for banks, customers, and fintech companies to share data using the same protocol
  • Safety: Security standards that prevent unauthorized parties from accessing customer data
  • Consumer Protection: Acceptable use of customer information and disclosures

Acting Fast

It is time regulators take a stance in this debate with simple, forward-facing legislation. If Silicon Valley and New York are to remain competitive as fintech hubs, they need legislation that remains relevant as the fintech sector continues to evolve.

Aggregation Wars, Part 3: The Opposition

In last week’s episode of Aggregation Wars, we covered the big banks’ lobbying effort to stop aggregation. This week, we profile the fintech companies who are fighting for aggregation and for the consumer’s right to access their financial data.

FinTech companies are forming an opposition party in the battle over aggregation. Some are familiar, and others are behind-the-scenes. Here’s who’s defending your data ownership:

The Companies You Know

digit-account-and-text-610x591Mint, Acorns, Digit, Kabbage, Betterment. These fintech companies offer direct-to-consumer financial products like robo-advised brokerage accounts, automated savings tools, and loan-refinancing platforms. Some of these companies are financial institutions of their own while others, like Digit, are not. None of them compete directly with banks, but all of them require access to your banking data. For example, Digit analyzes your spending habits to help you save for custom goals like a vacation. Without open access to customer banking data, these tools could not exist.

The Companies Backstage

7394dd_3b3664e7ac814efd8e5bc9aa70cdf71e.pngBehind each of these shiny new apps, there is a network of technology providers who build “pipes” that connect to financial institutions: Yodlee, Plaid, Quovo, Intuit. Without stable, secure API connections to the big banks, these aggregation technology providers are stuck using more primitive (and less secure) screen-scraping technologies to grab user data. Clearly, these companies want open access to consumer financial information.

Joining Forces

The FinTechs you know and the ones you don’t are joining forces to fight for consumer data access. This month, they formed the CFDR, or the Consumer Financial Data Rights Group. The group’s goal is to convince the CFPB that secure data access is a win for all parties: FinTechs, banks, and consumers. More broadly, the group supports collaboration between banks, regulators, and FinTechs that will help them align around common goals: building a secure financial ecosystem that benefits and protects the consumer.

While “FinTech” might yield visions of nimble, garage-style startups, there is big money behind these growing companies: global FinTech investment reached $22 Billion in 2016, and that’s from Venture Capital alone. Still, it’s nothing compared to the deep pockets of the big banks. Hopefully, the CFPB will realize the potential of free-market competition for financial products, and the FinTech Industry’s suggestions will be received well.

What’s next?

The CFPB will continue to accept letters while it weighs the pros and cons of open access to financial data. As you read this, the ABA is working to discourage aggregation practices, and the FinTech-backed CFDR is working to improve them. You have until February 14th to contribute.

Next Up: Europe and Beyond

In the next installment of Aggregation Wars, we look take a look at the open API initiatives in Europe, The UK, Singapore. If the US is to remain competitive on the global fintech front, we will need to catch up to these countries with consumer-first regulations that encourage innovation, put security first, and lay the tracks for a more inclusive, consumer-friendly financial services architecture.

Aggregation Wars: Part 2, Bank Backlash

The Pandora’s Box of customer banking data has already burst open with the popularity of third-party financial products. Still, banks are doing all they can to restrict their customers from accessing their own data. What gives?

Aggregation has become a flashpoint between hundred year old banks, the CFPB and customers. In the first installment of this series, we looked at the history of aggregation technology, and its improvements since the first dot-com boom. This post explores the banking industry’s opposition to aggregation, and provides a path forward for US regulators.

New Enemy, Same Tactics

This year, the American Banking Association came out against aggregation technology, citing the same concerns and scare tactics they have relied on for twenty years. Today, aggregation technology is exponentially more reliable and secure than it was in the late 1990s. While the enemy has evolved, the banks are still using the same plan of attack.

In 2001, the OCC issued a “Guidance Memo” to banks that listed five risks posed by aggregation:

  • Strategic Risk
  • Reputation Risk
  • Transaction Risk
  • Compliance Risk
  • Security Risk

Since then, several of these concerns have been made obsolete by technological advancements. Others proved to be illegitimate in the first place. Regardless, the ABA’s latest arguments revolve around the same old concerns of “data usage” and “security.” In his 2015 shareholder letter, Jamie Dimon dedicated significant air time to criticize aggregators, and took direct action by cutting off JP Morgan’s customers from using Mint.com. While the security concerns are exaggerated, the rising popularity of PFM tools means that they are racking up significant server costs for the banks. In other words, JP Morgan doesn’t want to pay to import its customers’ data to Mint.com.

Enter the Regulators

The CFPB is a government watchdog set up to “make consumer financial markets work for consumers.” In November 2016, they held a field hearing in Utah to spark a public debate over aggregation. While the hearing made room for a healthy debate, it has opened the floodgates to banking industry lobbyists and the influential American Bankers Association, which continues to fight against aggregation.

If the CFPB plans to keep their promise to protect consumers, they should weigh popular consumer opinion against the lobbying effort of the big banks. In 2016, over 70% of customers trust the top tech companies more than their banks. A fair ruling will incorporate changing user behaviors and advancing technologies into its decision. Got an opinion? You can submit letters to the CFPB by February 14th, 2017.

Towards a Working Regulatory Framework

As it moves towards establishing new laws, the CFPB should stick to principles-based best practices that will remain relevant as the technology, and the debate over data ownership, continue to evolve. In particular, the industry will benefit from guidance around:

  • API Framework: Financial Institutions should identify 1-3 “Approved Vendors” to build and manage their APIs. The financial sector can trim inefficiencies using a standardized protocol for data, just as the healthcare sector has over the past ten years.
  • Customer Control Center: It must be easy for consumers to manage where their data is flowing. Banks should be required to provide a clear dashboard of all third-parties who are plugged in. This way, consumers can unlink their accounts from products they no longer use, keeping their data under control.
  • Re-examine OFX: As we mentioned in the first in this series, Intuit and Microsoft developed the OFX to avoid the Aggregation Wars.  Is now the time to re-examine a protocol that banks can support for distribution?

In our next installment of this series, we will take a closer look at the European regulations, and the lessons the US can learn looking forward.