One-off data-sharing deals aren't enough
More than ever, people are using newer digital tools to help them manage their finances. Whether it’s using financial management apps like Mint or Albert to track their spending or relying on Digit to help them set aside savings, Americans have grown accustomed to real-time access to their financial information. Gone are the days of waiting 30 days for the next bank statement or keeping a shoebox full of receipts.
The growing popularity of these digital tools has raised questions from both bankers and policymakers about the technology that powers them. In the fall of 2015, The Wall Street Journal reported that several major financial institutions temporarily shut off access to third-party data aggregators. The banks claimed the aggregators put customers’ bank accounts at risk and created unpredictable, and sometimes unmanageable, loads on banks’ servers. In response to these and similar reports, the Consumer Financial Protection Bureau, citing its authority under Section 1033 of the Dodd-Frank Act, issued a Request for Information in October to better understand how data aggregation technology works and what the benefits — and risks — are for consumers.
Thus far, much of the focus in the debate has been on the risks of using consumers’ login credentials to collect their data from their bank accounts (a method often referred to as screen scraping). Most seem to agree that the industry needs to move toward more secure solutions.
Increasingly, banks are developing application programming interfaces to make their customers’ data available to third parties, either on open platforms or through one-on-one relationships with data aggregators or specific apps. The latest example is the data-sharing agreement between JPMorgan Chase and Intuit – an agreement that enables users of Intuit products to authorize the bank to share their financial information without providing their bank login credentials. Last summer, a similar deal was announced by Wells Fargo and the accounting software provider Xero. Many more deals are likely in the works. This trend holds promise for consumers and for the data-sharing ecosystem. Direct data feeds via APIs can be more reliable and secure than other methods of data access, collection and transmission.
But an end-state that involves innumerable one-off deals between banks and third parties would be a bad outcome for consumers and for the industry as a whole. We need a broader set of industrywide standards and best practices if we are to arrive at solutions that support consumer choice and innovation.
Consumers benefit from having a choice of financial providers — and this includes both their banking relationships and the apps they use to manage their financial lives. Yet consumer choice is severely limited when smaller institutions, like community banks or credit unions, can’t connect with digital tools like Mint or Digit.
Today, screen scraping is the only technology that enables all of the thousands of small financial institutions to participate in the data-sharing ecosystem. Most small institutions lack the resources to invest in developing APIs or negotiate individual deals with countless fintech apps. Industrywide collaboration is needed to develop solutions that are inclusive of smaller financial institutions and their customers.
Without broader industry coordination around standards and best practices, consumer choice suffers in another way. Having to code to numerous banks’ API specifications and negotiate individually with each of the companies would be a nearly impossible task for a young startup.
Of course, banks have a significant interest in ensuring that the third parties accessing their systems are legitimate actors that have the technical and operational capacity to keep customer data safe. There is likely a role for vetting and certification of trusted actors in the ecosystem. But there are clear benefits to innovation, and ultimately to consumer choice, when there are common standards and protocols available to anyone with a new product idea.
These are thorny issues, but they are not insurmountable. The industry can come together to develop shared standards and protocols that will lead to greater transparency, trust and inclusiveness in the system. The Center for Financial Services Innovation has proposed a set of consumer-focused principles for data sharing that provides a starting point. Data aggregators likely have an important role to play as intermediaries between banks and third-party apps, particularly when it comes to vetting. With its authority under Section 1033, the CFPB can also play a constructive role through principles-based guidance that ensures consumers’ interests are at the center of any proposed solution.
In today’s increasingly digital world, having access to all of one’s financial data in one place is no longer a nice-to-have. What’s more, consumers need to trust that their data is up-to-date, accurate and complete (not to mention that it’s secure) when making financial decisions based on an app’s recommendation. The industry needs to come together to ensure that this is the rule.