The heated debate between banks and fintech companies over access to bank customer data seems to be settling into an amicable series of data-sharing agreements.
In the latest example, Wells Fargo and the data aggregator Finicity are announcing Tuesday afternoon a deal through which Wells Fargo will give Finicity access to its customers’ account data through an open application programming interface. This will allow Finicity’s clients, which include four of the top seven providers of personal financial management and many online lenders, to populate their apps with Wells Fargo customer data and use that data to assess potential borrowers’ creditworthiness — without customers having to give the third parties their login and password.
It’s part of an overall thaw in the relationships between banks and fintechs. At the Retail Banking 2017 conference in March, more bankers expressed interest in working with tech companies than we’ve seen in past years; they were seeking help with virtual assistants, authentication, customer analytics and more. And fintechs lately have softened their sometimes-adversarial views toward banks, recognizing they need their scale, money and regulatory compliance prowess.
“When people talk about there being this tension, we're not experiencing that with the financial institutions we're working with,” CeCe Morken, executive vice president of Intuit, maker of Mint, QuickBooks and TurboTax, said in an interview last week. “They have been awesome. And everyone is just interested in how do we get the best possible customer experience, leveraging the assets we both have and we both need each other.”
Intuit, which has recently signed agreements with JPMorgan Chase and Wells Fargo and works with many banks and core processors directly and resorts to screen scraping, the method of logging in as the customer and looking up account data, where necessary. Morken said Intuit and the banks it works with seek common data-sharing standards.
“We don't want anything custom," Morken said. "We just want standard connectivity, and that enables the smaller players to have easy access to data and do their innovations.”
Deal of the week
For Wells Fargo, the Finicity deal is the latest, but is likely not the last.
“We’ve been talking with a number of potential partners about this sort of arrangement,” said Brett Pitts, head of digital for Wells Fargo Virtual Channels.
Finicity, too, has been signing deals with other banks that have not been announced.
The technology approach Wells Fargo is taking with Finicity, offering access through an application programming interface, is the same as it’s taken with Xero and Intuit. What’s different is this deal is the bank’s first with a provider to third-party applications. In other words, the Xero and Intuit deals were specific to Intuit and Xero products, this deal connects Wells Fargo to a universe of fintech firms.
“The enablement of third parties and the broader ecosystem Finicity supports is something we’re excited about,” Pitts said.
Critics of such deals, like Bill Harris at Personal Capital, have charged recently that banks are too controlling of their data and seek to block data aggregators and PFM companies from accessing certain types of information such as pricing that they could use to lure customers away.
Pitts says this is not so.
“We’re not interested in limiting access to the data,” he said. “I think a lot of those statements are based on the premise or assumption that we’re somehow fearful of these arrangements. We’re not concerned about being disintermediated from relationships with our customers, we’re not concerned about customers’ sharing information they want to share. The control point that’s important to us is that all of this remains under customer control.”
Wells Fargo has no intention of restricting the customer data that it shares in any way, he said. (Asked if the bank plans to share pricing data, Pitts said he couldn’t comment due to the confidentiality of the agreements.)
Steven Smith, CEO of Finicity, also defends banks on this front.
“The banks ultimately want to be good actors in this space by providing access to data,” he said. “Generally, the banks we work with agree that it’s the consumer’s data. They believe they are a custodian, which means they have an obligation for security for their customers, and as a result, they have to form a portion of the overall ecosystem for ensuring we can get to a place where consumers can have ready access to the data they want in a secure fashion. You can’t eliminate banks from that ecosystem.”
The New York Times reported recently that Wells Fargo has asked to be paid by technology companies that want better access to its data, to cover the additional infrastructure costs involved in providing real-time access to data. Pitts and Smith both said they could not confirm or deny this.
The connections between Wells Fargo and Finicity will be built over the course of this year.
Drive toward a single standard
For their part, banks have been vocal about their dislike for screen scraping. This approach is insecure, brittle, easily broken and puts too much load on their servers at peak times, banks say.
Smith also sees the shortcomings of this approach.
“We ought to be looking for the most secure, consistent, reliable access to clean data possible,” he said. “Screen scraping is not that. With respect to the bank’s position, you are coming in the front door and exercising their servers at times that may be inconvenient for them, and there are better methods with respect to security.”
Smith also said that Finicity holds itself to the same information security standards as banks. Where it can, the company uses industry-standard APIs, but it resorts to screen scraping when such is not available.
Banks, fintech companies, and the Center for Financial Services Innovation have all called for the industry to adopt a common data sharing standard.
Wells Fargo uses the Financial Services Information Sharing and Analysis Center’s Durable Data API standard for sharing data and the OAuth standard for tokenized authentication and authorization. The Durable Data standard is based on Open Financial Exchange 2.2, the data-sharing standard used by JPMorgan and many others. JPM also uses OAuth for authentication.
The Durable Data API “is generally the standard people seem to be gravitating toward and understand,” Pitts said. “To the degree that we can all coalesce around a more open and standard way of doing things, it’s going to accelerate the adoption of this model.”
Pitts said if a different standard becomes more popular, Wells Fargo might adopt it.
“If something else starts to emerge, we’ll all have to stay open-minded and flexible in the interest of doing things in a way that’s broadest and most easily adopted,” he said.
Smith says it’s important for the industry to choose between OFX and DDA, in order for open data access to build momentum.
“We need to get to a standard that contemplates full access and uses of data that are helpful to facilitate all kinds of fintech solutions,” he said.
Editor at Large Penny Crosman welcomes feedback at email@example.com.