A group backed by Wall Street’s biggest banks is pushing contract terms to allow financial-technology startups quicker access to consumer financial data, a move criticized by one of Silicon Valley’s larger upstarts.
The Clearing House, owned by 25 of the country’s largest lenders, said Tuesday that it developed a model agreement for banks looking to sign data-sharing agreements with startups. The template, drafted using examples of existing agreements, is intended to shorten a process that can take a year or longer to complete.
Lenders have been working on ways to share data to end a practice known as “screen scraping,” which often requires consumers to give their user names and passwords to share financial details with outside apps. Banks including JPMorgan Chase and Capital One Financial oppose scraping, arguing it gives consumers little control over how much data is collected and how it’s used.
While fintech firms have entered into the deals as they seek easier access to bank data, some have complained that the portals they’re forced to use to access financial data don’t offer all the information they’re seeking.
Plaid, a data company that connects banks to thousands of fintech applications and has agreements with firms including JPMorgan and Wells Fargo, took issue with some of the model agreement’s language, including the fact that it allows banks to block certain apps.
“We appreciate TCH’s leadership in putting consumer consent front and center, but many elements of the agreement put the consumer in the back seat by restricting access to their data and limiting their choices in how they use it,” Sima Gandhi, head of business development and strategy at Plaid, said in an emailed statement. “Giving banks the ability to block people from using the apps they want risks harming consumers, innovation and competition.”
One area that’s been especially thorny: which party is liable in the event of a breach. The new model agreement says recipients of the data must work with the banks on cyber risks and reimburse lenders for any expenses incurred as the result of a breach that happened under their watch.
Once the data leaves the bank and is held by the startup, “it’s really their responsibility to protect it,” said Dave Fortney, executive vice president of product development and management at The Clearing House. “They’re the only ones that have control over that information at that point.”
