Stop me if you've heard this one before: "Account access and data belong to the customer" and "financial data belongs to the American people, not the banks." Those are the misleading claims being made by a group of strange bedfellows, including fintech, its new bestie crypto and a hodgepodge of mega retailers, who have written not
And yet, that is what those phrases actually mean in reality. If you believe otherwise, you've been bamboozled by the fintech flimflam on consumer-permissioned data sharing.
The issue is not about consumers accessing their own information. Of course
For the uninitiated, consumer-permissioned data sharing is the transfer of information from a data provider (the entity holding its customer's personal information, such as account balances, transaction history, etc.) to a data recipient (the entity wanting to use that personal information for its own product or service, such as a budgeting app or loan application processor) often via a data aggregator (the intermediary pulling personal information from the data provider and delivering it to the data recipient) — all predicated on the customer's consent.
When fintech and crypto say "consumers should own their data," it's a cover for what they really think: "Consumer data belongs to us." In fact, the business model of data aggregators is charging fees to access the very same consumer data they expect banks to give them for free. I have to wonder whether these companies intend to live by the same absurd rules they expect for others. Spoiler alert: They don't. Fintech and crypto know it's laughable. But there's nothing funny about trying to pull wool over the public's eye when it comes to their personal information.
The American Fintech Council urged a federal court to deny requests by banking groups to stay the Consumer Financial Protection Bureau's open banking rule compliance dates while litigation is ongoing.
Data aggregators have proven consumer privacy and information security are not their priorities. They cut their teeth on an obsolete practice called "screen scraping," having their digital hooks into everything in online banking accounts, which they logged into by asking for customers' usernames and passwords despite knowing how unsafe that is. Nowadays, they ostensibly tolerate the use of sharing via safer application programming interfaces, or APIs, at least publicly — but only when the associated costs are borne by the data provider.
And costs there are. In order to build APIs, banks must conduct extensive data mapping to find the consumer financial information that lives in a complex suite of interconnected and protected systems. They conduct governance protocols to ensure proper hygiene and permissibility to share with third parties from legal and contractual standpoints. The APIs have to be robust enough to fulfill the calls in between scheduled downtimes and deliver the information accurately and securely, making available only the curated information the consumer authorizes. The higher the traffic, the more infrastructure and resources that must be allocated — even when there is no pressing business need for instantaneous transfer.
Most data aggregators and other signatories on the letters sent to the president are not altruistic entities as their cynical posturing and faux outrage might suggest — they are businesses that simply want to dump overhead costs onto someone else and cry foul whenever anyone calls them on it. They thought they had an ally in the Biden-era Consumer Financial Protection Bureau which, in
Once you tear the veil and see that the only thing fintech and crypto care about is free access to raw materials, everything suddenly makes sense. They are trying to game the system, using the law to impose government-mandated price fixing. All when they charge fees themselves! You almost have to admire their chutzpah in claiming this is all about innovation and competition while keeping a straight face. Almost.
With the CFPB reconsidering its
