The Today and Tomorrow of Open Banking

Alrighty. Hello everyone, and welcome to the today and tomorrow of Open Banking. I'm gonna go ahead and introduce Nicky, our moderator. Nicky Klein is the commercial vice president of a financial institutions at mx. With over a decade of FinTech experience, Nicky leads a team of re team responsible for collaborating with financial institutions to improve the customer experience through secure and reliable data connectivity. Prior to joining mx, Nicky led the wealth management technology channel at Quovo and worked within the payments industry at Card Flight. Nicky holds a bachelor's degree from George Washington University. I'll pass it over to Nicky.

There we go. Thanks. I am actually gonna pass it off to everyone to introduce themselves, starting with Jean-Paul. Good afternoon. That was loud. Jean-Paul LaClair. I'm a head of product at FDX, which is the financial data exchange. So really excited to be here and, and learning more into this topic specifically because at FDX, we're really trying to drive the technical standard piece of how we deliver the interoperability that's ultimately necessary to have an ecosystem that is rooted in open banking and open finance. So in the past worked a lot of banks and really excited to be here and joined the conversation.

Good afternoon. I'm Adam Maarec. I'm, a business counsel at Capital One, supporting our Connected Finances team. And I'm a regulatory lawyer by heart, but also support our product development, efforts in this space. So really happy to be here.

Awesome. Mike Casone. I am the Vice President of Government Experience for the Americas at Xero. Government experience is a fancy way of saying government relations. I am a lobbyist, but not one of the greasy ones. Don't worry. And its Xero so X-E-R-O. I always have to clarify this. I'm not from Xerox. I'm not selling photocopiers today. We are a cloud accounting software company from New Zealand, market leaders in New Zealand, Australia, the UK. Scaling very, very quickly here in North America. And our goal is to help make the lives of small business owners simple as

possible so they can focus on growing their business. I'm really excited to talk about how open banking can do that.

My name's Jason Hendry. I'm a principal architect at USAA. I'm primarily responsible for the open banking architecture, connected accounts architecture, personal financial management and money movement. Within USAA, we had a big focus on connected accounts and open banking,

and we helped co-found the financial data exchange in order to create interoperable standards within the industry.

Great. Thanks everyone. So let's kick it off. How do you see the current state of play of open finance in the United States and in Canada? Yeah, I'm looking at you. We're gonna start here.

Before I start this, are there any Canadians in the room here? Okay, we got a couple. All right. I'm the token Canadian on the panel here. I'm coming to you from a beautiful place called Port Perry, Ontario. I'm wearing my Ontario Trillium socks here. So I'll be talking mostly to the Canadian perspective. And so we'll be getting into more of a political state of play and what's happening with open banking in the political sphere and when it's going to get delivered in Canada. So I'll be getting to that a little bit later. But when we talk about the state of play, generally, two things that I did want to highlight in the Canadian context that I think are really influencing the direction in which the system is being developed. So there's two narratives right now that we're seeing. One is that it's banks versus fintechs. And I'm sorry for my bank colleagues here, I'm on the FinTech side, but in Canada, it has become very much a, banks have the data, banks need stability. Banks are in charge. Fintechs are complaining. Fintechs never get what they want. Fintechs are annoying to policymakers. And this is not a productive narrative for the development of open banking in Canada right now.

And so what we're seeing is policy makers that are a little resistant to take meetings with fintechs, a little skeptical around what open banking is, not really sure how it can help the economy, how it can help consumers. And so that's kind of one trend that we're seeing, or one narrative piece that we're seeing in the Canadian context. The other is a real focus on the consumer, which is great. Retail politicians need policies that help their constituents. But where this falls down a bit is really a lack of acknowledgement or understanding around, you know, how open banking can help small businesses and the impact on small businesses. And this is where my work at Xero's really come in. So what we're seeing right now, and, and this is gonna be a very quick little piece on Xero, but we have a program called Xero Small Business Insights, and we aggregate all of our consumer data in Canada, the US and we anonymize it. And we're seeing that sales are hurting in the small business economy right now. So small businesses make up 97% of the Canadian economy. Plus we're seeing that year over year, it's only up 0.4%, which is terrible. But then when you actually include price impacts inflation, it's down 7% year over year. We're seeing payment times, that's another big metric. Time to invoice, time to pay significantly, significantly higher than they were this time a year ago.

So when we look at the open banking conversation in Canada right now, you know, we got small businesses that don't have money coming in, don't know when they're getting paid, can't accurately access that information. So they're hurting right now. And so what we're trying to do is really change the narrative a little bit around both the banks versus fintechs. We can be working together on this, but also change the narrative around this could be a huge boost for the economy. This could be a huge small business boost. So I'll get into all the political stuff later, but I'll pause there on what we're seeing in Canada.

That's really fascinating, Mike. And I maybe wanna step back a bit too, because it's a loaded question, Nicky, perhaps you intended it to be. So, I'm gonna put a position out there that I don't think open banking is something that's new. It's something that's been here for a while, and what we're seeing occurring recently is just it becoming more popular as you think about the adage of the carrot and the stick. But if we really go back in time for a moment, you've probably all been participants in open banking for decades. And that was usually accomplished through a mechanism of screen scraping. So you would share your credentials to some application. They would then be able to aggregate information in, this is something that's been occurring since the 1990s. So that's three decades, a quarter of a century. So it's really fascinating. Cause right now there's a lot of insights, a lot of discussion, a lot of sexiness of open banking and open finance, but it's nothing new. So the, the other element I alluded to a moment ago as we think about the landscape in North America There's both this concept of what is possible when it comes to where innovation may be able to go. Mike, you talked about customer centricity, trying to deliver for the end user. That's, I believe what we are all trying to achieve. But the ability to exchange data, which many, many would define as the core of definition of open banking, is how do you exchange user permission data between different parties. Well, again, it's been happening for a while, but it's something that's really popular now. And the idea is the exchange of the data shouldn't be the product. It's the innovation that's built on top of that. So that's obviously a position that we have at at FDX, is that the technical standard in which you actually exchange should be something that's common and interoperable. It creates efficiency, it creates innovation. It invites inclusivity when it comes to the broader financial landscape. So that's the carrot component of the adage of the carrot and the stick. The other piece, I know we'll talk about this later, is the stick, and that's government. So that's interesting in US and Canada. We probably need to unpack that more later.

So first of all, I'm speaking for myself and not for USAA gotta get that disclosure out there. So when you ask the question, what's the state of open finance, you know, in the US we've been a market driven, solution when it comes to standardization around open banking. And we've seen a huge amount of growth from the financial data exchange on the number of credential pairs that are being taking out of the ecosystem. Cause primarily, we all focus on reducing the customer's risk as well as our risk footprint, as it relates to credentials in the wild. So that's been a really big focus on open banking, but that's shifted. We are now at the, the, the core data, the interoperability between different institutions and being able to quickly onboard and transition between institutions in order to get that data and be able to rely on that data.

So the availability, the scalability, the accuracy, that's what's extremely important when it comes to talking about open banking. And what I also say is, you know, open finance is an evolution of open banking. Open finance expands your products beyond just deposits. It expands it to new product lines and new capabilities. And what we're seeing, I believe now, from the US perspective, we're seeing more of a growth into the open finance realm. And FDX is also leading the charge when it comes to interoperable standards for all different product lines, not just deposits. So ultimately I think that open finance is where we are heading, and I think we're in a really strong position.

I think a lot of individuals are just focused on getting data out there and creating, sharing. I want to double click on your customer centric view, because customer privacy and customer consent is key to open banking and being able to actually provide those capabilities and then understanding what your data's being used for. So as this evolves, I think you're gonna see a very heavy focus on the consumer, particularly around consent and then leading onto open finance and larger product lines.

So thinking about this from a regulatory perspective, gosh, we are at a real inflection point right now. I've been following these issues for a while. The Dodd-Frank Act was passed in 2010, and section 10:33 of that thousand page bill, which is section 10:33, is one page. Gives consumers a right to access their data electronically upon requests. And since 2010, there has been so much development, on the regulatory side, we saw the CFPB write principles in 2017 and ANPR a SBREFA outline. I think they held a symposium in between then. And we've been kicking around ideas about what rules are actually going to look like in this space. And now we're at the precipice. They're scheduled to publish rules, proposed rules, in October. And we'll get a real sense for what the regulatory environment's going to be, going forward. There'll be a notice and comment period, and then a final rule will have to be implemented and then there'll be an effective date. So we've got a little bit of time here, but this has been a many years long journey and we're here now, a couple days out from actually seeing proposed rule. So I think that's really exciting.

I agree with you. I think inflection point is definitively, right upon us so I just don't wanna call out the great things that have already occurred in open banking. Market driven, to your point, Jason, right? There's 55 million credential pairs in North America already leveraging some version of an FDX API, which is an open API. So that's absent truth on the regulation. So it's interesting, right? So I think this might accelerate it a bit. When we think about the today of open banking, I think we have to think about all the steps that we've taken to get here. And in 2017, 2016, 2015, 2016, Capital One was seeing a lot of screen scraping. And so that was the impetus for the bank to manage the risks that were coming about from screen scraping. Our API was created and we started signing up customers. Xero was one of the first in 2017. And we were able to identify the key risks from that data sharing arrangement and help contain them and learn over those five, six years. And slowly move the bulk of screen scraping, credentialed, screen scraping activity towards safer, more transparent API based access. And so as we've been able to manage those risks today, we're now able to sort of pivot and think about the opportunities that can come about from sharing data. And so I'm really excited about all the use cases that we've been talking about, over the last couple of days.

You know, streamlining account opening better PFM tools, better insights, getting to underwriting, using cashflow data, extremely powerful, for consumers and small businesses. But there's going to be a new set of risks to manage with those incremental use cases. And so I think that's where we are now, is thinking about the rules that are going to set us up for success and to be able to capture all those opportunities in a way that puts the consumer at the center of it and manages the potential risk for them.

That's great, and you really tee'd up the next question and maybe started answering it. So I'm gonna come back to you immediately and this question is good for you and Jean-Paul. The CFPB expects to announce its formal rulemaking under section 10:33 next month. So if you work at a financial institution, you'll definitely want to be paying attention. And then over the next couple weeks, so what should we do now? What should we do to get ready? Not that we have that much more time, but what should we be doing if you want to just continue?

I think engaging in the rulemaking process is so important. How you do that may depend on the size of your organization and various factors, but finding a way to make sure your company's perspective is heard and factored into the rulemaking is critical. And so I'd say working with trade associations, being engaged with organizations like FDX, is really important because this is a super nuanced area and we in this room are the technical experts that know how this works. Regulators sitting in DC, they just do not have the same perspective and understanding of the complexity here. So I'd say first, you know, find a way to engage in the rulemaking process. I think there's a lot of open issues to be thinking about in the rules. I don't know if that's where you want to go wherever with this, wherever you wanna go with it.

Yes. I heard a yes from the audience. Go for it.

I think what we're gonna see in the rules...so the CFPB published an outline of what the rules will look like and the earliest indication is that there's gonna be some low hanging fruit right? Consent standards and disclosures that you have to give to consumers before they consent. Minimum data that you'll have to share, things like that. Well, yeah. So that I think is a little bit more controversial, figuring out exactly what the scope of data elements are that have to be shared in the SBREFA outline. It was a really expansive scope of data to be shared. And so we'll see if they stick with that in the proposed rule. The scope of accounts that are covered in the outline, it was just deposit accounts and credit card accounts, even though the statute actually applies to all consumer financial products and services, not just those two. I think one area we're really interested in is data security, making sure that the same protections that apply to NPI non-public personal information when held by a financial institution, making sure that those protections aren't lost as data flows downstream to other participants in the ecosystem is really important.

I think two interesting, or, or one interesting area that they, recently flagged since the proposal came out was this concept of standard setting - organizations playing a role. And if you read the statute, there's a sentence about the CFPB promoting standardized formats of data that doesn't necessarily give them the authority to write the standard. And they've said as much that they intend to defer some parts of the technical operation of the rule to a standard setting organization. But what that looks like...I think there's a lot of open questions there, and we just haven't really seen the CFPB's hand on that yet.

And speaking of standards, I'd love to hear what you have to say.

I think you're nodding to the blog post. So if you have not seen it, Chopra put a blog post out. It's on the CFPB website this past June, which made that not quite quite official. And in conversation since, you alluded to a lot of the histories. So we don't necessarily need to visit that. And there's certainly, I believe at this present state, a lot of ambiguity of how much specificity will be included in the actual rule that comes out. And the NPRM that you're alluding to is that notice of proposed rulemaking, which has been pseudo promised by Chopra to deliver in October. So anytime now it could potentially occur. But the blog post, back to the standard setting, was back in June, and he's made some nods. This other element too, it's called a circular. There's a lot of circulars out there that help provide direction to government agencies on how they might make rules. And in this specific situation, there's a circular called A-119, very government, right? But essentially it creates a precedent on if there is a standard setting that's already consensus-based in the market, an agency should make a nod to that. So the question out there is you might not necessarily go back to your question of how do you prepare? It's not necessarily starting from scratch. There has been work already occurring in this space for five years. And the opportunity you have to become part of that is exactly what you said, Adam, right? It's, it's getting involved in your trade associations, your technical standard bodies. That's the probably the best way to really influence. And then hopefully through that, those trade associations and standard setting bodies can help provide you with tools to be able to sell the story back internally. Because I realize that there's some funding for regulation from a funding perspective, but there's a lot more here that we can unpack that's more about the interoperability perspective, if we pivot away from just the regulatory mandate into what open banking truly promises.

Go ahead. Yeah, keep going.

Just layer in one more thought here that, that, yes, regulations are important and we should all be thinking about them and preparing for 'em, but this is a market driven approach in the US so far. And so I think the policy issues that we want to see reflected in the rule, we should continue working towards them as we have been for the last decade plus, and continue driving to do what's right for our customers. Notwithstanding, the, the forthcoming rules.

There's a quick analogy we use too, from a standard setting perspective. Imagine you're building a truck, and the truck is what's actually driving the technology. So we believe that in the US being a market driven organization/jurisdiction, that we are the technologists that are building how the standard actually comes into play. So you're talking about your payloads, you're talking about your connectivity, you're talking about your user experience when it comes to your dashboards,

that should be controlled, arguably, by the industry. But there is a role for government, especially when it comes to the "what", and you think about in the analogy of driving a truck, it's your speed limit. Government has this responsibility for ensuring safety and soundness and oftentimes will hopefully help, help provide some guidance on some of the elements that Adam was alluding to

that haven't necessarily been solved yet by the industry. So I do believe there's a, a space for both.

So, Mike, since you asked if there were Canadians in the room, I've seen a couple more trickle in, I'm looking at you, Andrew. So I'm gonna have you answer similar question. It feels like Canada was supposed to have open banking regulations already, but you don't. So what do you think will happen? Not your fault.

So what was the question?

It was: when do you think the government will formalize something and what it would look like? It's a big question

I like open banking as a truck is funny 'cause this Canadian truck's in a ditch somewhere right now. So one thing I will say, I can say things in Salt Lake that I can't say in Ottawa, so my fellow Canadians can't rat me out when I'm being a little critical of the progress our government has made. But your your five second overview, five minute overview here of where we are in Canada. So, to understand the current dynamics, you kind of need to understand the broader context. So in Canada right now, we have a minority liberal government on very, very shaky ground, under fire on a number of fronts, popularity decreasing. And we're not set on fixed election schedules.

So there are rumors that there could be a spring election next fall. So that threat of an election with a minority government is kind of hanging over Ottawa right now. We have a very feisty opposition party and a cabinet shuffle that just happened.

So right now we're not even a hundred percent sure where the open banking mandate sits. It was very clearly with an associate Minister of Finance before. We think it'll go to the Minister of Finance. We don't know that till we see mandate letters. And so right now the whole file is shrouded with uncertainty. So this government had actually promised open banking, they had committed to, a regulatory framework by early 2023. That obviously was a lie. It started promising though. So they appointed an open banking lead. His name's Abraham Tassian from PWC, fantastic leader, great convener of the ecosystem. But that was in March, 2022, technical working groups were formed. Now we are in the abyss. He's supposed to develop a report and submit a report to the minister. However, the government has not committed to making that report public. He has not shared that report with stakeholders. I think everyone has a sense of where it might go, but there are so many questions. So not only do we know what his report to government will look like, we don't really have any commitments from government on timelines, on delivery,

on what even the next step could potentially look like.

And so in my conversations through groups like FDX and, and Fintechs Canada and F-data, what we're hearing is it's been a bad luck story, which frankly to me doesn't cut it. They say, you know, we wanted open banking, but covid, you know, we wanted open banking, but trucker convoy, you know, we wanted open banking, but inflation crisis. They're saying it's just not important enough right now when, you know, I mentioned the narrative challenges that we've been having. You know, we're trying to really bring forward that this could be a massive non fiscal boost to the economy. And what does this look like for Canadian small businesses? We've been hearing that government is really concerned about potential instability to our bank institutions and that a big strength of the Canadian economy is our banking stability. But we have evidence from other jurisdictions that that isn't the case. So right now where we are is we're watching for mandate letters. There's going to be a fall economic statement, normally in November, that could provide some clarity, and then the budget cycle in the spring. But it's kind of a sad story and it's very dire right now. And we're trying the best we can as the FinTech lobby to get out there and say, hey, we need some assurance. We need to at least have a sense of where we are going because we don't have that right now. So if you thought the American process was convoluted, that's your Canadian politics lesson for the day. But we remain hopeful just because of the upside in the great players that we have in the ecosystem.

Yeah, I love this Mike. 'cause it's showcasing we are in one continent, but it's so dramatically different about how things are unfolding. So I wonder if there's some danger, to some extent, to what you're alluding to, which is in Canada, everyone's waiting, they're waiting for the government to say...

There's no market driven open.

So there are some market mar market driven alternatives right now, but the use cases aren't quite there yet. I think industry players are a bit skeptical, and those market driven solutions are coming from the same banks that own all the data currently. So I think from the FinTech side, there's a little bit of trepidation, not to say whether that's right or wrong, but our government has promised us that quote unquote made in Canada solution. So in the absence of what that could look like, who's gonna be the first mover to go change what they're doing and, and, and make that investment, right?

So what council do you have for us down south of your border here, right, where we know something's happening, but it's likely to be a bit more vaguer than what they've been talking about with the DOF, the Department of Finance in in Canada. What do you suggest? I mean, should we wait as well? As far as for something to come that's very prescriptive?

Well, absolutely not. think the banking ecosystems are so different. We've got five banks that control everything. And I think the number of players in the US financial ecosystem means that there are lots of potential solutions. Everyone sits in a different spot on the risk spectrum. In Canada, when five banks control all of, you know, all your consumer and business data, they're not really incented to make a lot of dramatic changes in the absence of government intervention. I also don't wanna come off as too anti-bank. Just for the record, Xero loves our financial partners, but I think the American financial ecosystem is just more conducive to that type of, not necessarily risk taking, but innovation.

You talked about convening, and I think that's what MX has done here. Not to put a plug for our sponsor, but essentially, you look around and the types of people here and the conversations that I've heard having being between banks and fintechs, it's pretty impressive. And I know, Jason, you alluded to open finance earlier, right? And we have you here, Mike. You're representing small and medium sized businesses, not just retail. We have members at FDX who are talking about corporate treasury instances. We have payroll task forces underway. We're thinking about telecom and utilities, much more outer horizon. But open finance is something that's interestingly happening, probably uniquely in North America and nowhere else across the globe.

Yeah, I completely agree with that. So like I mentioned, we started out with open banking, that was your basic connectivity, getting your basic account information open. Finance seems to be the next evolution of that. But, you know, even thinking beyond that, open data is the next evolution of that. So you know, getting the data out there for the financial institutions, to partner with fintechs and so forth, is extremely critical and also in support of the customer's needs.

But I think that need's going to be bigger than just the financial industry. I think in the next few years you're gonna start hearing more about open data. I also think you're gonna hear more about things like embedded finance and banking as a service and product originations utilizing open banking APIs and offers and marketing. I think those are all capabilities that are going to find themselves into the realm of open finance. And ultimately you have to consider that as a new digital channel to your organization. Because it will eclipse what your current channels are, just by sheer growth that we've seen within the last five years.

The beat of the beat of change is constant, it sounds like. Right? So I think we can't wait for 10:33.

I'd just sort of add that I think common theme we've heard from the CFPB that they want these rules to promote competition, right? In the United States, we've got over 4,000 banks and credit unions, thousands of fintechs coming up with new and interesting ways to use and analyze this data to provide value to consumers. I think we have to consider that full context. And I don't know if competition is as much of a driver in Canada as it is down here but facilitating competition is critical. I also think we're talking a lot about open data, right? And the context today trends towards more control and more access to understand how companies are using your data. Thinking about CCPA, California rights to access and delete data. And we have to think about the juxtaposition of those concepts of sharing more and more data, but at the same time wanting to drive towards concepts of data minimization and more consumer control and making sure that the two worlds play nicely together.

Thanks. So with all that being said, who will have regulations first? US or Canada? I'm just kidding. That's not one of the questions.

Come on, Don, you can't gang up on me.

What'd you say?

You can't gang up on me here. It's not fair.

Ok Jean-Paul from an FDX perspective, how important are standards and certifications in open banking?

I'm biased for sure, right? Considering the seat that I'm sitting in. It's an argument of where does the end consumer benefit the most? And we talk a lot about ecosystems, and that's one that's really interesting from a vantage point when it comes to financial data being exchanged while we're the financial data exchange. And as you think about that occurring in an ecosystem, there is so much complexity, but at the same time, it's so simple because the consumer ultimately should be permissioning whoever their data provider is to share data to someone that's going to receive it. And theoretically it can go back and forth. Many of you probably have bilateral agreements somewhere in existence with other parties. So the reality is data exchanging, the data amount that's being consumed is increasing, and therefore, by default, from a pure logical perspective, data exchange will continue to increase as well. So with all of this happening around us, and if we do believe that the unique insights that data can help us create is true, the innovation that can be driven from the insights coming from the data, is the sweet spot for us to create new value propositions for those end users.

Should it be in the data structures that you build around your data elements to ensure that the API is consistently interoperable across all those exchanges? Should that be the business model? My strong position is no, it's not effective. It's very cost inefficient. And the belief therefore, from a standard perspective, if we buy into the idea that we wanna support the end consumer, if we buy into the idea, the amount of data will continue to increase, the efforts you all have. I think this is a common thread we've heard multiple times, is that capacity is always a real thing, as far as not having unlimited capacity, resource constraints are another one. Where do you wanna allocate them to building APIs or leveraging a standard and building new value propositions? So I feel like the core argument there is so powerful. I recognize that it's not as simple as that in the real world, but that's truthfully where the power of this comes in, is it unlocks the possibility of open banking and open finance because you can get one really critical piece out of the way.

So I would probably add to that, you know, certification is a key part of that standardization, that without certification you have no, teeth to the actual standard itself. So being able to create that standard that helps build trustworthiness, between you and other institutions. I believe certification's an extremely important part of that standard setting process as well.

Absolutely. You can't drive ubiquity and adoption in the absence of having certifiable instances and building to something that's something like a standard is one direction, that's a great step forward, but actually having true interoperability is what we're trying to achieve. And I recognize it's a journey to get there, but absolutely right. You can think of all these different practical applications that you probably have in your pockets or in your, in your backpack. So if there's tools out there where there are communication like Bluetooth, USB, where there are certification programs, so therefore, you know, with confidence, that I'm at bank A and I wanna create a partnership with FinTech B, that as you have your core platform, they're gonna work, they're gonna communicate. You don't have to spend two years trying to figure out how to ensure it's actually compatible. Talk about cost, right? So absolutely Jason. I think certification in some ways it's assumed when I think about the standard doesn't necessarily exist today, but absolutely something we need to focus on in the coming year.

Jason, maybe this one's a good one for you to kick off. Can open finance be a rising tide that raises all ships? Or is it more zero sum?

Oh, absolutely. It can be a rising tide. I mean, ultimately it's about the benefit of the customer. So, what we've seen is you benefit the customer, it benefits the institutions as well - al parties involved, right? Not just limited to the financial institutions or the fintechs. It's all parties that actually participate in that ecosystem. So when you create that consistency, you create that accuracy, you create that expectation from the customer to get data and be able to utilize it, track it, and it have faith in the actual accuracy of it. It's extremely important. And it helps all parties in the ecosystem and it avoids situations, where...we have concerns around security, for instance. So, every party involved in the actual data sharing ecosystem is worried about security and fraud, right? There's, there's no one who's immune to that. So by creating these standard setting organizations like FDX, following certification programs and standards, aligning to the interoperable nature of open banking, you ultimately benefit everybody.

So I'd love to build on that in the Canadian context. I mean, we see it as rising tide for sure. I talked about cashflow constraints on small businesses right now. They don't have accurate forecasting on even accounts receivable, accounts payable, following the implementation of open banking in the UK, 85% of small business users say they're making better financial decisions with data that they've gotten through open banking platforms. 85% also say that they feel like they have a more secure backup that's more accessible of their data. So when we look at that and we look at a North American economic context of, like I mentioned, cashflow crunch, just knowing where your money is, where it's going, when it's coming, is such a huge, huge benefit to help businesses. So that's not one bank worried about losing a customer. These are tens of thousands of small businesses now getting access to data. The other use case that we use in Canada a lot is, is newcomers. So we've had 500,000 immigrants in Canada last year alone. They have no access to credit. Imagine leveraging their ability to start businesses through alternative means of financing. And again, this is an underserved population based on the traditional financial institution lending models. Open banking can just open that right up. This is all net new. So I get really fired up about this conversation, because it is a rising tide that can really lift both economies in North America, I think significantly.

Yeah, I'd agree. I'm really excited about the use cases that we're talking about here. These are added net new added value opportunities. But I'm also an attorney. Yeah. Did you know that? Did I mention that? So part of my job is to think about how things are gonna break, right? It's not always gonna go right. And what are the risks that we need to be thinking about with all these new use cases? And so we were talking about, the last session was, direct deposit switching, right? Payroll. What if you get that wrong, right? That's gonna have massive impacts on a consumer. If their money, their payroll goes to the wrong account. You have to thinkabout those risks. And it's not to say, I think another comment earlier today was, well, we have to take risks, right? We have to take risks to move the ball forward. But manage them. I think about underwriting a lot and the use of all this transactions data to build models and the risk of bias, going into those models is something we have to be really aware of. And the regulators are going to be intently focused on those risks as well.

I think it's a great call out, right? Because it almost could be a wild, wild west type of a situation of what's unlocked because of this exchange. And that's one, I think Hallmark positively, we'd like to speak ill of banks from time to time, but banks have become professional risk managers over a century and they have so much learning and knowledge in that space that there's so much value that gets brought into that. And I think that's what you're trying to allude to is it's not to say we should not introduce risk. It's how do we introduce it prudently and have mitigation tactics in play and contingencies if something goes awry. And I think that's also, by the way, supported by open banking because we now have alternative ways to build new models that are probably more powerful than the ones we've used historically.

Yeah. And I think the challenge with new rules coming out is that the CFPB is going to be thinking a lot about these risks, and we wanna make sure that the framework that they put into place is gonna find that right balance of managing risk, protecting consumers, but not stifling innovation

I mean, I also call out it's managing risk for all parties involved, not just focusing on the financial institution. Like I mentioned earlier, we all have risk associated with the interchange of that data. And when products are built on data, you want to ensure that data's accurate and complete and available and you want to be able to make decisions based off of that. So back to creating standards - extremely important when trying to manage risk.

For all those data engineers and data architects out there, this is probably more fuel for the fire to support what you've been arguing as far as data hygiene and all of that for many years. So more plug for open banking. But yeah, I agree, Jason.

So we only have a few minutes left. So instead of asking the last two questions, I think we should probably turn it over to see if anybody has any questions, and we've got one already.

I'm gonna run a mic to you just so that we can hear on the recording.

She's the second row

I had to think. I have two questions, but I'll only ask one for now. So Adam, you had noted a couple things that might be in the crystal ball of what's coming from the proposed rules, which by the way last week in DC, Amy Zirkle from the CFPB said fall-ish release of the proposed rules. So it may not be October. Several of us are taking bets if you wanna get in on the betting pool.

I want in, I want in.

Yeah, I, I'm thinking December 24th, some people are Thanksgiving, other people are saying January. So that's kind of in flux right now. Something you you're familiar with, right, Mike? Little uncertainty there. Anyway, my question is, one of the things you didn't mention, Adam, is do you think the CFPB is gonna draw a line in the sand around screen scraping? Like let's put Affirm and to screen scraping and maybe why they didn't do it is why we had SBREFA, right? To consult with the small businesses and banks who may not be able to afford to end that. But do you think that's something that's in the crystal ball coming from CFPB?

It seems like they're focused on this issue and the outline of the rule was intended to get feedback from small businesses. And so they were particularly focused on the impact and feasibility for smaller data providers to create APIs. And so I think they may lay out like a timeline. I guess one option would be a timeline for everybody to move away from credentialed screen scraping to more secure methods. I sort of hope that it'll be a tech neutral rule and, and it'll say you cannot, you know, do do, XYZ risky things like share your credentials and you must enable these authorized third parties to access data without credentials and be silent on the technical, protocol because APIs are what we have now, but in five, ten years, maybe we're talking about something else.

Yeah. So kind of going off of that, Adam, looking at kind of the market that's that's there today and the potential for fragmentation in the open banking market where you have certain financial institutions and banking platforms that are basically saying, yeah, we support open banking, but you have to go through a specific platform to do that. And so that fintechs that are partnered with a platform that doesn't support that they're not able to access a wide range of open banking partners. Do you see that as something that FD X needs to apply where this is kind of outside the scope of what the intent of FDX is? Or is this something that CFPB needs to, like you just said,

consumers need to have multiple paths to, to get their data. But if, let's say I'm partnered with an MX or a plaid and I can't get to 800 financial institutions through open banking, what am I supposed to do as a FinTech? Do I have to code up to two platforms to be able to support that?

I suspect to kind of on Adam's point that the, the rule will be kind of agnostic to some specificity around the existing...do you think differently?

I think there's already been language in their previous blog post about utilities. Which is kind of what I'm hearing you say is I think within regulations, if MX is like an approved intermediary as I assume we would be, we would've access to all the possible data providers that we would need. That's how I foresee regulations should be. And I'd love to hear if you guys agree or disagree.

I don't necessarily agree or disagree. I feel like it's more of the intent of what you're trying to achieve as far as enabling financial access rights and probably making some nods to principles around how you need to enable that. And that's maybe back to somewhat of your question.

FDX has always been principle based when it comes to some of the ways in which the technical standard has been built. So a lot of times, times the trade-off decisions on how we prioritize the RFCs that are ultimately enabling the evolution of the actual FDX API, our data structures are always informed by those principles. So again, I know it's a crystal ball, Susan, right, to your point from, from before. But I don't know, I, I love your vantage point. I think there's an aspiration 'cause that makes it easier for all of us. But I'm also trying to be a bit more realist and realize that they probably are gonna be more principle-based.

So you guys are talking about open banking and regulation and it's coming to the forefront, 10:33, all that. How do you guys see not just the opt-in components? Cause we talk about when we have these types of things come to the forefront, how do we empower the individual to say yes or no or those kind of things, but once they opt in to this data exchange, how are they gonna back out of it if there is some partner they don't want to share their data with anymore?

The ultimate with FDX, we created a a standard around consent. And essentially the consumer has the ability to revoke consent. So it's up to the institution or the, to actually implement, you know, the ability to revoke it. But we have standardized the ability to revoke a consent that was given for a given purpose. A lot of times consumers do forget that they share data with an application that they no longer use. So, you know, it's one of our principles to create that transparency and the mechanism in order to revoke that consent.

I think, I think that really underscores the importance of education as well. We're really big on educating our client bases, accountants and bookkeepers, but the small businesses themselves and the consumers themselves to know, here's what open banking is, here's what it means, here's what it can do. And it's on every member of the ecosystem to kind of participate in that. But education as this evolves is gonna be really critical.

We've advocated for periodic reauthorization requirements so that when a consumer grants, authorization, it doesn't last in perpetuity. Just based on that one authorization and the CFPB incorporated, that concept into the, the outline and seems like they're sort of debating the couple of, some options as to how, you know, what that actually might look like in practice.

So what I'll point out is like with the FDX standards, we have our security and controls considerations publication and it actually outlines how you should manage the lifecycle of access. So the actual timelines you should put on a refresh token, what the longevity of access for an individual should be and the need for the re-consent process to be executed. From the FDX perspective, definitely we focus very heavily on user consent and management.

I think one final piece, it's principle based, generally, but these are really complicated questions and it goes back to the point I think from earlier is: I don't know if the CFPB is going to get specific 'cause if the industry can't align on some of the technical and really detailed components, how are they? So it's a final plug. These are the conversations that actually occur in your trade associations and your standard setting bodies. And a lot of these are still being flushed out. So if you have a strong point of view, it's incumbent upon you to get more participatory to Adam's call out from before. And certainly FDX is a great place to do it.

All right, thank you so much for coming to our panel. Great questions and some of us might stick around in case anybody wants a little more.

Thanks everyone.