U.S. Consumer Financial Data Rights are Almost Here
November 1, 2023 | 5 min read
As 2020 wraps up, MX launched a 6-part series called Open Finance Fridays, hosted by MX Chief Advocacy Officer, Jane Barratt, along with guests across the open finance landscape.
Whether you work at a bank, credit union, fintech, or government agency, the information covered in this series can help you make sense of Open Finance — which extends open banking to include customer data access for a range of services beyond the banking industry, including retail shops, hotels, airlines, car apps, and much more. Put simply, as explored throughout the series, open finance is a key component of the future of banking.
These insights will help you get ahead.
Even though there are many ways that consumers benefit from open finance (including being able to see all their money in one place), some financial institutions are hesitant to begin the process because they’re so worried about risk.
Jacob Kosoff, Head of Model Risk Management & Validation at Regions Bank, talks about why he sees open finance as worthwhile. “We believe that a bank will be at risk if it's not adapting,” he says. “For instance, if your bank doesn’t have remote deposit capture for checks and your competitors do, you're going to be worse off. We in risk management recognize both the risks of implementing new initiatives such as open finance and the risks of not implementing new initiatives. Adaptability is really key here.”
When it comes to open finance, the United States is making the move from credential sharing via screen scraping to more secure API-based tokens with permissioning that customers can control. Many other countries around the world are already reaping the benefits of this API-based approach.
One difference worth noting between the U.S. and other countries has to do with centralized banking systems. As David Whitcomb, Product General Manager at MX, says, “Other countries have centralized banking ecosystems that are much more heavy handed and controlling than the U.S. is of the ecosystem. This difference has led the US to have a distributed network of systems, APIs, and vendors, which has caused the process to be much more challenging than it is in other countries.” Financial services companies in the US therefore have to factor this difference into their approach, looking for ways to compensate for a relatively fragmented industry.
Since many APIs still require sharing credentials of some kind, the industry is increasingly interested in open authentication (OAuth), which is a specification that provides connectivity without credential sharing. (Companies such as Facebook, Google, and others have used OAuth for a long time.)
“Think of it like paying with PayPal when you check out with a merchant online,” says Nate Caldwell, Product General Manager at MX. “You’re presented with a popup from PayPal, and then you enter your credentials. Those credentials are provided to PayPal, and PayPal provides the merchant with a token. This protects you and keeps you secure while still allowing you to share that information and connect your financial data.”
The other important aspect of OAuth is that it allows users to set the authorization for access, which enables them to choose what is and isn’t accessible in the token — further bolstering security.
Without a central, agreed-upon approach to APIs, companies have to code up to — and more challengingly, maintain — each separate connection.
An open standard approach, by contrast, simplifies the connection and maintenance process. As more institutions and fintechs make the move toward APIs, this will almost certainly become the preferred approach. As Garrett Thornburg, Backend Engineer at MX, explains, “In the not too distant future when someone says, ‘Hey, I'm opening this new fintech app, and I want to add my financial institution,’ chances are that the data will be available.” This is the power of an open source, open standard approach to data sharing.
By enabling people to see all their money in one place, open finance helps consumers become financially strong. But this isn’t the only reason open finance matters. It also sets up a bi-directional data flow that ultimately helps whatever financial institution or fintech company adopts it. As Jane Barratt says, “If you have a 360-degree view of your customers’ finances, you're going to have much better insight into what's going to help them move their financial lives forward as well as which products they may be ready for.”
“I talk a lot about this bidirectional nature of open finance,” Barratt continues. “And we're seeing banks in the US now start thinking this way. They’re realizing, ‘If we're doing all of this infrastructure work to get visibility transparency and more free flowing customer data, why aren't we using that for ourselves?’” She adds, “Global banks like Citi are using APIs as a commercial strategy. They’re exploring what they can do to build out revenue streams and better customer experiences on top of their APIs. I think that's where the industry is going, and you'll hear a lot about embedded finance and banking as a service, which is the natural progression of having a more robust modern architecture.”
Don Cardinal, Managing Director at the Financial Data Exchange (FDX), talks about the appeal of data: "Once you have a taste of a RESTful API with a JSON request response in real time, you don’t want to go back to screen scraping.” Cardinal says, “Think of the thousands of small banks and credit unions that could stop having held-away credentials, and what that would mean for the entire ecosystem in terms of cyber risk and privacy risk.” He adds that this is all part of what FDX hopes to solve for. “Our spec is free of charge,” he says. “We don't charge for it. We don't monetize it.” In short, FDX is looking to get more people on board so open finance can become a reality.
Interested in learning more? Read our Ultimate Guide to Bank APIs.
November 1, 2023 | 5 min read
October 10, 2023 | 2 min read
August 28, 2023 | 2 min read