January is strategically important for the European countries that faced this month’s PSD2 directive deadline. This requires banks to facilitate access via APIs to customer accounts, provide account information to third-party apps, and support payment initiation services upon a customer’s explicit consent. Here in the U.S., some believe open banking is coming, even without a similar mandate. (McKinsey defines open banking as a collaborative model in which banking data is shared between two or more unaffiliated parties to deliver enhanced capabilities to the marketplace.)
Former Consumer Financial Protection Bureau (CFPB) director Richard Cordray fueled that perception. In 2016, he advocated for consumers’ ability to access their financial data and give permission to third-party companies to access this information. Cordray cited the Dodd-Frank Act, which states consumers should have access to information held by a financial provider about that consumer’s use of their products, made available in an electronic format. Last October, the CFPB released principles for protecting consumers when they authorize third parties to access their financial data; calling for informed, understandable consumer terms of consent and information on how and where their data will be used. (Now that Director Cordray has resigned, it is unclear if the new CFPB administration will continue to support this position.)
There’s a robust debate taking place about the opportunities and threats posed by data sharing with third parties, with experts lining up on opposing sides. Some believe jeopardizing “the moat around banking” threatens the value chain for financial institutions, placing at risk customer relationships and diminishing the institution’s role to that of a passive funding source. Others see themselves as custodians of their customers’ data, with opportunities to monetize access and transform their institutions into next-generation players with innovative products and personalized digital experiences that enhance customer loyalty and engagement. At the center of the debate is the issue of consumer control of their own data.
Let’s face it – consumers allowing third parties to access their data is nothing new. FinTech companies have accessed data through screen scraping for years; one common example is moving banking data into a product like Mint. Screen scraping is problematic on several levels:
- As an industry we have tried to educate consumers about the dangers of sharing their log-in credentials, yet consumers share this information to enable screen scraping.
- Screen scraping is unreliable and not secure.
- Big banks have blocked screen scraping, claiming it creates activity spikes, resulting in traffic overloads and operational disruption.
Some companies leverage tools such as OAuth and APIs, which facilitate data sharing and act as catalysts for cooperation between partners. But big banks have demonstrated they prefer to selectively control the relationships which allow consumers to share their banking data. Wells Fargo announced data sharing agreements with companies like Intuit, Xero, Fincity, and Expensify. Chase and Capital One also inked partnerships with several of these FinTech companies.
These relationships have been criticized by data aggregation and FinTech companies as falling short of needed progress. The Consumer Financial Data Rights group, a consortium of data sharing companies whose membership includes Affirm, Betterment, Envestnet|Yodlee, and Kabbage, argues that the bilateral agreements between banks and their selected partners are restrictive and preclude participation by smaller companies.
Yet financial institutions have legitimate concerns about opening the proverbial kimono by making access more broadly available to third parties. The extensive agreements between parties define critical issues like the assignment of liabilities and risk, support, consumer privacy, and intellectual property ownership, to name a few. Without clear demarcation of these thorny topics, financial institutions could be exposed to undesirable risks. Sheila Bair, former chairman of the Federal Deposit Insurance Corp., recently warned of the security risks of sharing customer data with third parties. Bair cautioned that account data aggregators can build large databases of transaction data, making them an attractive target for hackers. Sharing customer account data with third parties impedes efforts to detect fraud – a lack of visibility into how customers are using their accounts makes it difficult to identify red flags.
Against the backdrop of these threats, financial institutions may be well advised to weigh the opportunities in order to proactively formulate a vision for data sharing. Why now? As the song goes, the times they are a-changing. While consumers are expanding the number of accounts they hold and increasing the number of providers they rely upon, they are frustrated by managing accounts from multiple interfaces. A new Travelex study reveals almost 60% of customers would use a new provider if they offered a single interface. This is potentially good news for financial institutions: 59% want them to provide a single-view dashboard; only 18% prefer a tech company to provide this portal. According to Accenture, 69% won’t share financial data with non-bank organizations.
A growing chorus of experts suggest financial institutions can opportunistically position themselves ahead of competitors by delivering a platform of aggregated services and data to their customers. Fifty percent of institutions say open banking will lead to better products and services; nearly two-thirds believe implementing open banking is critical for competing with new entrants. Deloitte believes financial institutions can gain significant benefits by working with third parties to create a “Marketplace Banking” platform of products and services. Similarly, McKinsey encourages financial institutions to leverage their inherent customer trust and “mountains of valuable customer data” to create an ecosystem strategy.
A compelling article in CIO suggests that by harnessing unlocked data to create Banking-as-a-Service ecosystems, financial institutions can retain customer relationships while mitigating the risk of disintermediation from tech titan and FinTechs: “If banks are able to successfully implement BaaS, they can evolve from being just a mere peripheral institution in the digital age and become an important broker that enables many different benefits for consumers and partners across the digital value chain … enhancing innovation and creating new revenue sources.”