Transcription:
Penny Crosman (00:03):
Welcome to the American Banker podcast, I'm Penny Crosman. Are big banks spreading misinformation about fintechs? Penny Lee, president and CEO of the Financial Technology Association, is pushing back on some claims that banks and their trade groups have recently made about financial technology companies. Welcome, Penny.
Penny Lee (00:22):
Well, welcome Penny as well. It's is not every day we get to have two Penny's on the same podcast. Maybe we can get a little more alliteration there.
Penny Crosman (00:31):
We can give our two cents today. So just in case there are people in the audience who aren't familiar with the Financial Technology Association, can you tell us a little bit about your group and what its work and mission is?
Penny Lee (00:45):
Yes. We started the organization just a little over two years ago, and it's what you would typically find in Washington D.C., a trade association based off of one industry. And we are representing the financial technology industry and have a variety of different kinds of fintechs. So we have payment companies, we have companies that do lending, companies that are in capital markets, data aggregators, buy now/pay later companies, earned waged access. We have investment advisors as well using technology. Also those that are kind of disrupting the credit bureau model and thinking of new ways in which to use AI and machine learning to be able to advance credit underscoring. So kind of a wide variety of the definitional terms of the FinTech industry but kind of trying to showcase and kind of speak with a collective voice on a variety of different issues, policy matters, regulatory matters with the central focus on reshaping the finance of the future. And that was one in which we know is going to be digitally led.
Penny Crosman (01:58):
So in a recent op-ed, you said that big banks are choosing fearmongering over facts when it comes to FinTech. What are some examples of this?
Penny Lee (02:08):
Yes, I would say despite the headlines, what was written and recent testimony before Congress on this issue, we actually find that there is a lot of agreement with the banks. We obviously have strong bank fintech partnerships, but there were some facts there that we wanted to make sure that were corrected and weren't left standing. The particular op-ed that we spoke to was really around the 1033, the right for consumers to have to be able to share their personal financial data. And so we just wanted to set the record straight a little bit on what the banks were saying or some of the issues that they were raising that we really felt were unfounded. And that is, we both agree that consumers should have right to their personal data. However, some of the banks want to control it in a way that is not necessarily as advantageous as what we would can say for consumers. We know that eight in 10 consumers use a fintech product and more than half of them use it daily. And we're seeing banks invest in the digital experience. So despite what the bank trade associations might be saying, the reality is that we see large banks, small banks, community banks and others using these digital tools for the advancement of consumers. So a couple of things that we were just pointing out especially from the perspective of what it means to a consumer.
Penny Crosman (03:46):
So one thing that the Consumer Bankers Association has said is that although consumers often consent to sharing their financial data as part of the terms of service they must agree to when using certain non-bank services, consumers are generally unaware of how that data may be used or shared. Do you see that as a myth or generally true?
Penny Lee (04:12):
Earlier this year we put together as a trade association with all of our members signing off to a standard several different standards of what we feel is for privacy standards for consumers. And that means that consumers should have control of their personal data, they should have pool transparency as to where that data is going. They also should have the ability to delete their data, it should be protected, it should be informed of where it might be traveling to. And so what testified recently before Congress was to say is we need to modernize our own data sharing rules. It hasn't been updated since 1999 and as we know, there is a full industry many innovations that have occurred since 1999. And fundamentally, people are using financial services in a much different way and we need to ensure that our data privacy laws catch up to that.
(05:12)
We also are agree with the banks that the data aggregators, those that are controlling the flow of a lot of the personal information, they should be supervised as well. So several different things that we have put into place. One, establishing a privacy standard two, calling for the modernization of federal law on how your data is shared. And three, making sure that consumers have full understanding of where their data might be traveling and if they want to change their application, how they interact with different apps, and that they have their right to delete that data as well.
Penny Crosman (05:58):
So some of those things would require some restrictions on the data aggregators I would think because today, I don't know that they are subject to those kinds of things. I think it's assumed that they will only use consumer data for the explicit purpose of the particular app the consumer signed up for, but I don't know that anybody holds them to that. Do you think there need to be some restrictions on the aggregators?
Penny Lee (06:27):
We have called for and we have advocated for and put it into our comment letter before the CFPB that we believe data aggregators should be supervised. Again, going back to, we want to ensure that consumers have full understanding of their full rights to their data. And that is to be able to not only share it as they would like to see it share, but also that they should be receiving from the banks and financial institutions a full understanding or a full compliment of where their data is and where it's being stored so that it's not limited but they can have the full suite of services. So I wouldn't say that it's restrictions placed on it, but we all know that we want to make sure that consumer data is protected and that there's transparency of where that data flows.
Penny Crosman (07:22):
So one thing that bankers have definitely objected to over the years, and I think the Consumer Bankers Association recently repeated this, is that many aggregators still rely on screen scraping. There are more API agreements where there's direct data sent to and from banks and aggregators and fintechs, but there's still a fair amount of screen scraping where the aggregator uses a consumer's credentials to pull sensitive information, which banks consider fundamentally unsafe and puts the consumer data at risk. What are your feelings about that?
Penny Lee (08:07):
I think there's agreement between industry policymakers, industry with banks, industry with tech companies as well, that API technology is the future and one that we are leading the effort for and working with banks to be able to make that transition into API technology. But we also need to do it in a way that's responsible. Not every bank, small institution, CDFI, MDI has the technology or the budget to be able to make this switch in technology. It is costly. And so we want to ensure that it's done in a timely manner. And so we said in our comment letter to the CFPB when asked about this in their 1033 outline was we agree we are making that transition. We are leading that effort, but we also want to ensure that there's a reasonable transition period, not cutting off consumers from fintech products that they're being able to have the digital services available to them and that they do not have a disruption of service. So there is agreement, we also need to have a transition.
Penny Crosman (09:27):
So you've mentioned a couple times these data sharing rules that the CFPB is required to come up with as a result of the Dodd-Frank Act section 1033. What would you like the CFPB to include in those rules? What would be on your wish list for data sharing rules?
Penny Lee (09:54):
One, we want it established that the consumers have the right to be able to have access to their data, to be able to permission it to be able to share it with the applications in which they would like to see it shared, whether it be a budgeting app, whether it be an investment app, or whatever it is that they want to engage with, that there is that ability given to them that the data that is being shared is parody, that there is equal access, but also the data that is being shared is consistent across the board. We believe that it should be done in a safe and secure manner. We also want to see more. Right now, the rule just basically pulls from a limited set of data and we would like for that scope, and we agree with the banks on this as well, increase that scope to have a full, complete picture of who the consumer is and to be able to share with them to have a complete picture, to have a full, so they can fully enjoy all the different products that are out there as well.
So a couple of things that we agree on, similar things the industry-wide, both banks, fintechs and others. But first and foremost we want to see this right established for consumers to being able to share their financial data.
Penny Crosman (11:31):
And do you see that being blocked often today?
Penny Lee (11:36):
It's been 12, 13 years I believe since Dodd-Frank was first passed into what was passed into law. So I think it's been a while since that has occurred. So I would say we actually have more agreement than disagreement on this. Consumers are changing their behavior, they are moving to a digital world or how they interact with financial services is only becoming more digital. And so we want to make sure that our rules and regulations are modernized. And I think everyone recognizes that and sees that. And so as we make this shift into more digital financial services, we need to make sure that the U.S. is not left behind, that the U.S. has the rules and regulations put into place to allow consumers to have the greatest benefit afforded to them and going through and thinking through how we need to do that in a safe and secure manner.
Penny Crosman (12:45):
Another thing that the bankers complain about, and specifically recently the Consumer Bankers Association brought up, was this idea, you kind of mentioned the right to be forgotten, but they brought up this idea that because consumers commonly mistake deleting a mobile phone or computer application with revoking consent, many non-bank third parties maintain continued unfettered access to consumers' personal information even after the relationship has seemingly been severed. I know that's been a pain point for a long time. What is your response to that?
Penny Lee (13:24):
I can only speak to those members that I represent in the industry and the members that I represent do not sell their information to third party providers. That was something that they brought up in their op-ed and that was one of the facts that we wanted to correct. Our member companies are not in the ad-based revenue where they're trying to capture or sell third-party data to have ads pushed to them. Our member companies are compliant with GLBA and that has a very protective sense of where their financial data can be shared and should be stored. Our member companies use the financial data to fulfill an order, for example, if they're using a BNPL product or for a delivery of service for an earned waged access or to complete fraud checks or to do KYC or be compliant with anti money laundering. So our member companies are different than what you would consider data companies and are great stewards of the consumer's financial data.
Penny Crosman (14:40):
All right. And another thing that I think bankers might push back on is you said in a recent op-ed that the fintech industry is subject to the same robust consumer protection standards as other financial services. And I think a lot of banks would say they are heavily regulated, they have examinations every year, they have a lot of reporting they have to do, whereas a lot of fintechs don't have a prudential regulator. How do you see that distinction?
Penny Lee (15:13):
I would say it's based on risk also on activities. Our country has always had activities based regulation regulation that fits the risk and the activities in which you are engaging. Our member companies do not take deposits. Our member companies do not have access to Fed services. Our member companies do not have access to the Fed windows. So there are a lot of different activities that our member companies don't do, but if they were to accept deposits, have the FDIC insured deposits as well, they would be under those same regulations. So our member companies are highly regulated. They are regulated for the activity based as is all industry and which they're engaged with.
Penny Crosman (16:09):
All right. Well, it sounds like you do agree more than one might've thought at first. So it does sound like banks, fintechs and aggregators can come to some agreement on what data sharing should look like in the future. So Penny Lee, thank you for joining us.
Thank you all for listening to the American Banker Podcast. I produced this episode with audio production by Kevin Parise. Special thanks this week to Penny Lee at the Financial Technology Association. Rate us, review us and subscribe to our content at www.americanbanker.com/subscribe. For American Banker, I'm Penny Crosman and thanks for listening.