Much has been written and debated on the concept of "open banking." The debate in the U.S. has thus far been primarily oriented on what consumer data the banks should expose to other service providers and how it should be done safely and securely.
While this is an important framing, the opportunity is much larger than transactional data on consumer accounts residing in the systems of financial services companies.
First, whatever final framework comes out of Washington, it is critical that it include small and medium-sized business (SMB) data in addition to consumer data. Leaving this massive segment of our economy out of the framework would be a missed opportunity.
So, let's establish what data should be "open" and why.
The aim of open data should be to enable financial services, retail services and business services of all kinds to deliver more value at a better price point to consumers and businesses. The availability and cost of credit is the most obvious example, but there are many others.
Equally important, though, the digitization of financial services and commerce has resulted in an arms race against bad actors of all kinds, fraudulently borrowing money, fraudulently obtaining unemployment benefits, fraudulently buying goods online and illegally accessing the banking and payments systems. This second objective of eliminating bad actors should resonate with all market participants, even those who will bear the biggest technological burden of providing open data.
If delivering more value to consumers through fair competition and eliminating bad actors are the right objectives, then open data should go beyond consumer financial data. It is the ability to access a wide array of real-time verified data that will enable this. Examples include data residing with payroll and benefits providers, accounting and enterprise resource planning platforms, merchant processors, insurance providers, utilities and telecoms, and government agency data, among others. Any source system of verified data on consumers and businesses should at least be considered to be part of a future framework.
Naturally, this brings into question how and when this broad set of data could be used. Around the world, open banking relies on the customer's consent for the vast majority of use cases.
In the U.S., there already exists a permissible purpose framework under the Gramm-Leach-Bliley Act, which provides for customer data to be used with consent and, in some cases, like fraud prevention, with simple notice to the end user. The lens of permissible purpose should be analyzed by each category of data and how it plays a role in fostering competition and eliminating bad actors from the economy. Some data naturally lends itself to the elimination of bad actors where permissible purpose becomes more nuanced and complicated.
All this said, there is a fine line to be trod between exposing this broad set of data and compromising business trade secrets. Businesses of all kinds invest enormous resources in designing how they capture, cleanse and structure data to inform their predictive models and business processes. At a minimum, no data provider should be obligated to expose data that they have derived from the consumer and business data they have captured.
Imagine if this framework was in place in both the consumer and small-business contexts in February of 2020. The precision of economic relief could have been much more targeted and the substantial transfer of wealth to bad actors largely avoided.
Take for example the key data elements required to deliver a Paycheck Protection Program loan to a legitimate business.
The loan issuer needed to verify the business was real and in good standing, what type of business it was, how many employees it had, specific payroll data, and the fact that the individual applying on behalf of the business was, in fact, associated with the business.
All this is possible through a combination of real-time verified data, other real-time data and through document review. For SMBs in particular, the ability to cross-reference data digitally on a business across an array of sources goes a long way to maximize the accuracy and minimize the cost of doing so.
Fortunately, there is a tangible next step in progress toward expanding the scope of open data beyond the CFPB's mandate. The IRS has already begun implementation of an application programming interface that would allow permissioned lenders to quickly verify the income of consumer credit applicants. However, the agency currently has no plans to expand access to similar small-business data even though the benefit of doing so would be immense.
If banks and other SMB lenders were able to access verified business data from the IRS, they would be able to significantly enhance the efficiency of their underwriting, know-your-customer and Fincen customer due diligence related processes. This should facilitate broader access to affordable credit for the small business community and lower the cost of capital for SMBs.
To wit: A
This week, Director Chopra confirmed that the CFPB will propose a rule to implement Section 1033 of the Dodd-Frank Act next year, which would provide consumers electronic access to their financial data and the right to share this information with the third-party financial providers of their choice.
This is a natural first step, but including SMB data in the framework should be a fast follower. Similarly, the IRS should seek to modernize access to the full breadth of its data on consumers and businesses. With that success behind us, we can pursue the broader ambitions of open data.