What happens when third party fintechs try to access banking data on behalf of their consumers, but each way has a different way of doing so?

That’s exactly what’s happening in the U.S. right now, and it’s a major factor in preventing the country from adopting an open banking culture. In an era when consumers conduct their banking activities with multiple providers, open banking not only safeguards consumer data but also places them in control of how they want their data used and for how long.

Speaking different languages

The lack of a consistent approach is also the reason why customers of some U.S. banks have been locked out of third party applications such as Robinhood and Digit. While these customers were prevented from using their own banking data, banks had good reason to lock out the third party providers, citing security concerns. Our piece Are U.S. Banks Leaning Towards Closed Banking? covers the drama in more detail.

What’s needed is a standardized regulation for data sharing. Banks can’t trust third parties and what they may do with customer data. With new regulations such as CCPA and GDPR, banks are required to keep track of how their clients’ data is used. Once a third party possesses customer data, the bank can no longer guarantee it will be used and stored properly.

Aligning the approach

So how does the fintech industry get everyone on the same page when it comes to data sharing?

The Financial Data Exchange (FDX) was created to solve that very same problem. “FDX is member-driven and governed by majority vote and we’re united by a common mission and purpose: providing secure and convenient financial data sharing,” said FDX Managing Director Don Cardinal. “Our Working Groups are inclusive, transparent and benefit from our members’ decades of experience and professionalism.”

FDX is a non-profit organization that is creating what is essentially a playbook of data communications rules for banks and third party fintechs. FDX currently counts 102 organizations– only one third of which are banks– that vote on an agreed upon global standard for data sharing.

Keeping the end consumer in mind

Importantly, FDX not only helps its member organizations speak the same language, the alignment trickles down to benefit end consumers as well. That’s because FDX helps place consumers in control of their own data, allowing them to decide which organizations can use their data and for how long. Aiding in this transparency, some banks have created dashboards that allow customers to view and edit which apps have access to their data.

To promote more consumer awareness, FDX is working to create a certification stack that would indicate to consumers whether a bank, fintech, or organization is part of FDX. You can think of this similar to a bluetooth logo on a device that informs consumers that a product has undergone the Bluetooth Qualification Program.

So when can we expect mainstream adoption of FDX?

“While we cannot give an exact date, we know from similar innovations (online banking, billpay, mobile banking, EMV chip cards) that we are moving from the Innovator to the Early Adopter stage and that acceleration of adoption will accelerate once we pass the mid-market peak,” said Cardinal. “To date, our members have moved nearly 12 million U.S. consumers over to the FDX API.”

Odds are, if you work in fintech, you know what open banking is. It is such a popular concept that in Europe an entire regulatory regime, PSD2, has sprung up around the concept.

So if Europe is progressive enough to create regulations mandating open banking, how is the U.S. doing? It turns out that some banks in the U.S. are taking an opposite approach and preventing third parties from accessing consumer data.

Keeping it secure

The motive behind this move is pure: banks are closing down connections to third party apps to keep customer information secure and limit data breaches. Data retrieval methods such as screen scraping or using the customer’s password to gain access are indeed unsafe. We spoke with Chief Growth Officer and Co-founder of Flybits, Gerti Dervishi, who said this type of data sharing is “risky in so many different ways” since data scraping is not a standard protocol. Regarding recent decisions of U.S.-based banks who are gating off third parties, Dervishi said, “Honestly, this couldn’t go on for much longer.”

First-movers

JP Morgan Chase recently came up with a new access plan for third party fintechs that require access to customer data. The aim of this new plan is to stop third parties from using password-based access to retrieve customer banking data. Starting July 30, fintechs will be barred from pulling customer information until they sign data access agreements and stop using customer passwords to retrieve banking information. Instead, JPM wants third parties to connect to consumers’ accounts via its open API. The bank made it clear that not only is this method more secure, it will also place consumers in control of what data they want other applications to access.

PNC Financial is also cracking down on third party data access, but is leaving third parties with fewer options. Explaining the decision to the Wall Street Journal, PNC Chief Customer Officer Karen Larrimer said, “When aggregators access account numbers, many store them indefinitely, often unbeknownst to customers. This puts customers and their money at risk. We want to make sure we know who is setting up the account.”

As part of the move, Pittsburgh-based PNC is preventing customers from using P2P money transfer app Venmo and has blocked “multiple different aggregators,” including Plaid, which PNC states circumvented its security protocol. Plaid, a popular data transfer network, connects consumer information to other third party apps such as Square’s Cash app, Robinhood, and Digit.

Who owns the data?

But shouldn’t the consumer be able to decide if they want a third party to use their data? This became a major issue when PNC began directing users from PayPal’s P2P payment app Venmo to Zelle, the bank’s in-house P2P money transfer tool. This is because, as Dervishi said, “There is already an agreement in place with Zelle. [PNC] understands data sharing with Zelle, but they don’t have a standardized agreement with Plaid.”

When it comes to the issue of data ownership, Dervishi circled back to the need for standardization. Because PNC does not have a clear agreement in place with third parties, there is nothing to hold them accountable when it comes to how they use or store customer data. “We need a NAFTA for data,” he said.

So though it may seem as if both of these U.S. players are taking a “closed banking” approach, that statement isn’t exactly correct. Both banks offer open APIs. The difference is that PNC has shut out Plaid (and, in turn, the many third party apps that use Plaid) to head off security issues. JPM (and potentially others) may not be far behind. As Ron Shevlin pointed out in his piece The Real Story Behind the PNC Venmo Clash, “[JPM will] be watching what happens with PNC, for sure. If PNC sees limited account attrition, other Zelle banks will be likely to follow.”

At the end of the day, the only thing to prevent banks in the U.S. from taking a “closed banking” approach may be to follow in the footsteps of the European Union and create a PSD2-like, standardized regulation for data sharing. “Because each bank takes a different approach to third party data access,” Dervishi said, “until we have a well-understood framework like open banking and PSD2, we will have a thousand different methods [to access data].”

The five-day World Economic Forum wrapped up late last month. The event, based in Davos, Switzerland, hosted some of the brightest minds in the world to speak on some of the biggest issues facing our society today.

We combed through the agenda to bring you a view of the discussions through a fintech lens. Here’s a summary of some of the most interesting fintech-related topics covered at the global event.

Shaping the Future of Financial and Monetary Systems
The majority of this session wrestled with digital transformation. One of the overarching themes in this discussion as it related to digital transformation was the idea that we’ve recently reached a major inflection point in the banking industry. That is, banks are no longer adding products and services to their existing models, but the very nature of how they operate is beginning to change. And as these changes happen, banks can only move as fast as their customers are willing to move alongside them.

Shaping the Future of the Digital Economy
This panel represented a range of industries. Specific to the financial services industry, PayPal CEO Dan Schulman said he expects the fintech industry to see more innovation in the next five years than it has seen in the last 30. The cause of this development speed comes down to AI. Along with AI, digital transformation was another hot topic. The panel agreed that digital transformation has opened up new opportunities and in many cases requires firms to revamp their entire business model.

From Token Assets to a Token Economy
This session sought to answer the question, “how can tokenization make illiquid assets accessible without creating new financial risks?” The panelists explained how tokenization makes fractional ownership possible with physical goods, such as a famous painting or a piece of real estate. One overarching theme that pulsed throughout the discussion is that global regulation is behind in the tokenized asset realm. So while technology may be advanced enough for a tokenized asset economy, we are still many years away from it being commonplace.

How to Implement Responsible AI
The World Economic Forum has teamed up with the government of Singapore to create a model framework of governance for the use of AI. This panel discussed the new framework and how it addresses the explainability of AI, which aims to be simple enough for all players to understand. As a part of the effort, the group has also released a toolkit for boards of directors to understand how to conduct AI oversight.

The Real-World Impact of 5G
This session hosted representatives from Verizon, Qualcomm, and ABB. The group addressed political and policy issues around security and trust. Secondary to the conversation were social concerns. The first considered if 5G will cause a digital divide between societies that have 5G and those that do not. The other social concerns addressed were potential climate change and health concerns.

Global Cybersecurity Outlook
The general consensus of this panel is that we are currently losing the battle of cybersecurity. The panelists looked at who is ultimately responsible to act as the authority to govern fraudsters, discussed the balance between security and consumer privacy, and considered whether businesses’ cybersecurity spending is happening in the right areas. Finally, the panelists concurred that security is not an IT problem, but that it is a business problem and everyone at the organization should be a security expert to some extent.

Creating a Credible and Trusted Digital Currency
This discussion looked at opportunities, challenges, and concerns around digital currencies. The panel acknowledged that digital currency adoption has a certain and definite future. Representatives addressed real use cases, including cross-border payments, financial inclusion, and fraud prevention. Among the discussion points were stablecoin competition, central banks’ participation, as well as cultural effects. Much of the dialogue circled back to digital currencies issued by central banks (CBDCs).

Other sessions worth a look include Valuing Unicorns, Building Trust in Data Flows, and Investing in the next Frontier.