The following article is an adapted transcript of Episode 3 of the Mr. Open Banking podcast with Don Cardinal. The audio version is available here.
We are about to explore the following question: Is Open Banking exclusively a set of laws and regulations?
After all, the revised Payment Services Directive (or PSD2), a European law enacted to protect consumers and drive innovation in banking, is what caused the explosion of Open Banking activity in Europe and abroad.
Because of this, many people automatically equate open banking with regulation. But we’re going to challenge that assumption. In this edition of Mr. Open Banking, we discover how one region is trying to get there through a market-driven approach, without any regulation at all.
The United States remains home to one of the most innovative financial sectors in the world. US FinTech activity continues to thrive. US banks are laser-focused on digital innovation. And US companies still handle most global payments.
However, there remain over 10,000 financial institutions (FIs) in the US that need to be stitched together and no easy secure, standardized way to do so.
Enter the Financial Data Exchange or FDX, a not-for-profit organization that aims to unify the US financial industry around a common interoperable standard for secure access to financial data, and to do so in a fundamentally market-driven way. To dive into how the FDX operates, we were joined by its Managing Director, Don Cardinal.
Before joining FDX, Don spent over 10 years in traditional financial services at organizations such as Bank of America, the University of The Incarnate Word, and Thomson Reuters.
In 2019, Don testified before the US Congress to advocate for the future of financial technology, encouraging the empowerment of consumers to take control of their financial data.
So, how did FDX start?
For many years, US FinTechs and FS-ISAC — a group of global financial services firms working to share data for cybersecurity — were unsatisfied with the legacy-data sharing model.
This decade-old credential sharing model was designed to grant access through the holding of millions of customer IDs and passwords, which are used to essentially trick a banking website through a process sometimes known as “screen scraping” — certainly not the most secure solution.
As a result of the widespread use of screen-scraping techniques, banks are seeing about 25% of their daily sessions coming from third-party software. That’s a lot of infrastructures wasted on non-humans.
At the same time, FinTechs were facing the privacy risk of holding customer passwords while sorting through data that wasn’t always uniform.
So, in 2018, these two groups joined forces. Together, US banks and FinTechs joined forces to launch FDX to work on behalf of their common customer and shift to a lower-risk, API model that acts as a reliable data source. Since then, FDX has grown to 115 organizations, migrating about 12 million consumers to this new digital model.
Still, Don estimates another 80-100 million migrations left to go in North America.
Think about that for a second.
100 million usernames and passwords in North America alone, all providing access to real bank accounts. All floating around out there in the databases of various FinTechs without any clear guidance around risk management or liability approach.
What Don calls credential sharing is used the world over. This proves two things. First, there is a significant risk that currently exists in the system today. All these banks and FinTechs are sharing data using unreliable, inefficient, and — worst of all — insecure methods.
And second, the demand is there. People want to share their financial data if it means getting better financial products. They just want to do it more safely. And that’s exactly what FDX is trying to achieve. Interestingly, that’s also what open banking is trying to achieve.
The fact is the term “open banking” is not widely used in the US.
That’s because in America, they have a market-based solution to open banking, and there is a concern that the term carries with it the implication of regulation. For the US, Don leans towards the market-based approach, arguing that:
No one can be as close to the consumer as the people who actively depend on them for their livelihood.
He says this approach is more durable and meets real, pressing consumer demands.
In the US, a more accurate term for open banking is “consumer-permissioned data sharing.” It’s all about shifting the focus from banking with a focus on consumer rights.
Does the government have any role to play in defining these standards?
Unlike Australia’s highly regulated Consumer Data Right (CDR), the FDX is more focused on the market. US regulators are interested in their progress and want to stay informed, but they generally leave the FDX to continue doing what they’re doing.
Still, Don stresses that regulatory clarity is important, especially for coders and programming engineers. With no policies in place, the FDX instead clarifies rules to solidify something everyone can be on board with while working towards their common goal: “permissioned, tokenized access through an API to make [banking] better for everyone.”
According to Don, most players are seeing this common goal as an opportunity to foster innovation. For example, apps like Experian Boost that allow people to be more accurately scored for their credit.
Of course, all of this sounds like open banking, but Don stresses the need to think of it more as “little “o,” little “b,” rather than the implied regulatory regime that may come with capitalization.
The FDX is supported by members all over the world, from Canada to the UK. It is committed to solving what the members want and isn’t tied to any one jurisdiction, which means it can provide a spec that will work for all members, no matter where they go.
Simply put, Don believes the market will reveal what the global capabilities are.
This kind of member-driven approach is the way most technical standards are developed. Working groups meet and based on open participation and frank discussions, the best ideas and contributions are approved by a democratic process rather than a central authority. Ideas are tested by the market, which decides what works and what doesn’t.
Make no mistake, this approach works. It’s led to the development of most of the standards we see around us, both within and outside technology.
Despite the lack of regulation, Don says FDX brings a level of “fairness” to the market, leveling the data access playing fields so even the smaller FinTechs can enter and receive funding.
Which brings us to CATTS, a useful acronym for remembering five key principles to follow when developing an effective Open Banking standard.
- Control: You should be in full control of your data and how you share it.
- Access: You should have and allow access to your personal financial data.
- Transparency: You should be able to see who has access to that data.
- Traceability: You should see every stop your data has taken along its journey through a centralized registry.
- Security: There should be tech standards that cultivate trust.
Although FDX uses a market-driven approach, the larger philosophy of Open Banking – the idea that customers should own their financial data – is clearly still very present in its mission.
In terms of recommendations, the FDX has focused on three main factors for developing standards.
- First, take a market-based approach by solving real consumer needs and casting a wide net.
- Second, make sure your members are always getting value in exchange for their time.
- And lastly, stay hyper-focused on your mission and don’t let your decisions stray from it.
These standards are developing better, faster, more secure innovations in the financial world. As Don says:
I think there will be new things to come as long as we build and secure robust, extensible pipes and a lot of people have a say in what goes into them.
Back to our original question: Is Open Banking just a set of regulations?
Well, perhaps the capitalized version is. But the “little “o,” little “b” version seems to be something more.
While it still goes by many different names, lowercase open banking is an idea that is taking hold everywhere. In some places like Europe, it is indeed driven by laws and regulations.
However, in other places like the US, the same goals of competition, innovation, and transparency are being met by the market.
Instead of getting stuck in the endless debate over which is better, market-driven, or regulatory-driven, just get on with it. Because regardless of how you get to open banking, whether pushed by regulation or pulled by market forces, you end up in the same place: a standard, secure, and open way for banks to share your financial data.
To listen to the full podcast episode and subscribe via your favorite player.
If you have missed out on our other podcasts, discover more Mr. Open Banking today.