Several big banks, including JPMorgan Chase, Bank of America and Wells Fargo, have joined forces with data aggregators and fintechs to form a group designed to create a consistent standard for sharing customer information.
The Financial Data Exchange, launched Thursday, could mark a turning point in the battle between the various institutions over how to safeguard data yet at the same time allow access for legitimate purposes.
The goal is to create a standard that provides interoperability within the financial ecosystem in a way that maintains consumer control, security and choice.
“We feel like it fuels innovation,” said Lila Fakhraie, co-chair of the new group and manager of the Digital Banking API team, including the data-sharing program, at Wells Fargo. “Today we’re all focused so much on the risks and security aspects of things both from the financial institution and the fintech perspective. In the future, we could work together and partner on how we can move this forward in terms of innovating new, better ways for customers.”
Steve Smith, co-chair of FDX and CEO of the data aggregator Finicity, compares the new group to the Bluetooth Special Interest Group, which drove the creation of the short-range wireless communication standard.
“Twenty years ago, five companies came together to talk about how devices might connect seamlessly and in short range,” he said. “Had that not taken place, we wouldn’t be looking at the extraordinary amount of innovation that’s taken place; we all just take Bluetooth for granted today.”
Today the Bluetooth group has 30,000 members, he noted.
“In the financial services industry, we have had fits and starts,” he said. “There haven’t been great, concrete standards for how this data can be used to benefit the customer in removing friction from the lending process or providing new great insights from products and services rendered by financial institutions themselves or by vendors.”
The new group’s board members come from BofA, BB&T, Capital One, Charles Schwab, Citigroup, Experian, Fannie Mae, Fidelity Investments, Finicity, FS-ISAC, Intuit, JPMorgan, PNC Bank, Quicken Loans, the Securities Industry and Financial Markets Association, TD Bank, TCH, USAA, U.S. Bank, Wells Fargo, Xero and Yodlee.
Others are on the wait list, according to Fakhraie.
“The board decided to launch first and then start evangelizing and increasing adoption,” Fakhraie said. “We know more companies are interested and will be joining.”
The group is a subsidiary of the Financial Services Information Sharing and Analysis Center.
The Financial Data Exchange is funded and supported by banks, fintechs and data aggregators. The board members have an annual financial commitment, members pay a fee based on the size of the organization.
Taking on data disputes
The group will address some of the challenges that arise in trying to share consumers’ financial data.
One issue is the practice of screen scraping, where third parties use consumers’ login information to access accounts and “scrape” account data. Banks would like to eradicate this practice.
“Banks view the way credentials are shared in the marketplace as high risk,” Fakhraie said. “It’s not only that customers are sharing credentials and they’re out there, but also the friction and the unreliability of the screen scraping practice. And customers don’t get to choose which accounts they want to share.”
Under the
For example, when a consumer wants to start using a new fintech app and link a bank or brokerage account to it, they are passed to a secure server at the financial institution, where they are presented with the financial institution’s consent page and they authorize the data they want to share with the new app.
After authenticating, the consumer is passed back to the app. Data sharing between data aggregators or fintechs and financial institutions is done through a virtual token that identifies the consumer and their accounts.
The standard gives the customer visibility and control, Fakhraie said.
“They can come to mobile or online banking, view what data is being shared, and turn that off and on at any time they choose,” she said.
But the Durable Data API standard doesn't directly resolve all such disagreements.
In one recent dispute, a bank claimed a data aggregator would not agree to delete data even after a person had stopped being a customer or using a service. In this case, the data aggregator also wanted to be able to obtain routing numbers and move money in and out of bank accounts which the bank didn't want to allow.
The Durable Data API standard doesn't resolve these issues.
“But we think it will solidify and pave the way for how data is shared,” Fakhraie said. The FDX is also thinking of creating a governance framework for the privacy and security of data sharing, she said.
Another complaint
“Those are issues that will continue to be in the forefront of the minds of organizations tasked with maintaining the security of consumers’ data,” he said.
Finicity has signed a number of bilateral agreements with banks including Wells Fargo and USAA, Smith noted.
“We have always as an organization suggested the bank is a custodian of their customers’ data, and needs to maintain the security of that data and needs to be concerned about that data,” he said.
Some data-sharing disputes may be settled by simply having all parties hash them out in FDX meetings. The group has been holding monthly board meetings and it meets in person quarterly. A data aggregator working group has also been meeting regularly.
“I think this will be a great forum for the interchange of ideas, discussion and progressive development of standards for the industry,” Smith said.
“We’ve been in this space for about four years, and this has been refreshing to be able to have that conversation, not only with other financial institutions but also with aggregators and other players within the ecosystem,” Fakhraie said. “We all share a common goal, which is sharing data in a more secure, reliable way where a customer has control over it.”
There’s always going to be some level of disagreement, she acknowledged.
“Each party has a certain amount of interest, but this to me is where we have common ground: establishing a technical standard that we can all agree on,” Fakhraie said. “Once we build that, the other stuff will hopefully follow.”
Editor at Large Penny Crosman welcomes feedback at