How fintech got banks to come around on open banking

The CFPB will likely write rules on Dodd-Frank Section 1033 next year, after over a decade of stalled progress.

Three different game pieces with bank heads playing a game at a table

An industry group called the Financial Data Exchange has been a key player in breaking the stalemate among fintechs, banks, and consumer groups.

Illustration: Christopher T. Fong/Protocol

It’s been 12 years since Congress passed the Dodd-Frank Act, the largest Wall Street reform in American history. The effects of the bill have been far-reaching, but one key part, Section 1033, has been on hold all this time.

The provision was meant to provide marching orders to banks and fintech firms looking to share data and grow their businesses by providing new digital services to customers, like budgeting software and online bill pay. Instead, it prolonged years of squabbling and competition between banks, fintech companies, and consumer advocacy groups, which couldn’t agree on how rules stemming from Section 1033 needed to be written. At stake was control over customer data, the ability to ensure secure online transactions, and a chance to shape a new era of digital banking.

Now, finally, an end appears to be in sight. The Consumer Financial Protection Bureau, the agency tasked with rulemaking under Section 1033, has signaled that the issue will go before its small business review panel before the end of the year.

An industry group called the Financial Data Exchange, or FDX, has been a key player in breaking the stalemate, generating surprising cohesion between fintechs, banks, and consumer groups on the technical tenets of what those rules should be. Though FDX doesn’t advocate for specific policy proposals, its approximately 230-organization membership — composed of banks like Citi and Wells Fargo, fintechs like Intuit and Plaid, and consumer groups like the National Consumer Law Center — has settled on a single open API standard they think should adequately address any regulatory or industry concerns. Now those members are acting in unison, pushing CFPB director Rohit Chopra to write rules that are friendly to their standard.

“Once you start getting everyone together, you realize there’s a lot of commonality,” Don Cardinal, FDX’s managing director, told Protocol. Cardinal says his sources on Capitol Hill tell him that draft rulemaking can be expected six months after panel review, and rules 90 days after that, putting the end of what would be a 13-year wait for rules governing the field of open banking sometime near August 2023.

But anyone who works in finance knows that generating alignment among banks, fintechs, and consumer advocates on regulatory policy isn’t nearly as easy as Cardinal makes it sound.

Once you start getting everyone together, you realize there’s a lot of commonality.”

Open banking got its start in the mid-'90s in part as an unlikely collaboration among companies in bitter competition: Microsoft, Intuit (which then owned Quicken), and CheckFree. Microsoft and Intuit each had their own proprietary APIs, then open versions of their APIs, before laying down their weapons and forming a combined open API standard that is still used to this day, called OFX. The standard was formed in 1997, before “open banking” was even a term, but the premise was the same as now: creating an open-access standard to transmit bank information to financial technology companies for consumers’ use.

Banks recognized that tech companies “had an inside track with the customers,” explained Eric Dunn, CEO of Quicken and then-CTO of Intuit. “Banks were open to sharing data with Intuit and Microsoft so that customers could have a digital experience with their financial information.”

Data fight

By the early 2000s, however, banks and fintechs were tussling over who was in control of data transmission. Banks’ argument was that data sharing should be minimized in order to ensure financial and data privacy. Fintechs, meanwhile, felt that customers should be able to share as much of their own data as they would like, so they can use fintech products and services — positions that, for the most part, have remained the same ever since.

However, banks began to lose leverage as investment in fintechs exploded, nearly tripling in 2014. That led to a new wave of venture-backed, fast-growing, often consumer-facing startups offering online payment and lending services. Each of these companies required access to customers’ bank-held data, and a tactic known as screen scraping, which had existed since the late 1990s, took off. The process involves customers sharing their login credentials with fintech companies so they can access their financial records — something banks and consumer groups saw as a red flag for data security. Fintechs had access to data without having to ask financial institutions’ permission, and the balance of power was off, forcing banks and consumer groups to come to the table and search for a compromise.

“The CFPB should encourage aggregators to move away from screen scraping,” reads a comment letter Chi Chi Wu, a staff attorney for the National Consumer Law Center, sent the CFPB on rule 1033 in February 2021. The bureau should instead “encourage financial institutions to accept data sharing through application programming interfaces (APIs).”

Cardinal, who worked at Bank of America before leading FDX, says that the threat of screen scraping — and the clear improvement that can be made by allowing fintechs to access data via a secure API — is the biggest reason banks now mostly support open banking. “In one fell swoop, I can improve my cyber posture, my risk posture, and my privacy posture, and it doesn’t cost the customer anything. How cool is that? I mean, I retired from my job at B of A to go do this,” Cardinal said.

The CFPB’s press office did not respond to the direct question of why rulemaking has taken over a decade. But the bureau’s director, Rohit Chopra, was appointed last year and has suggested open banking is an issue he’s eager to tackle.

“Currently, the United States is lurching toward a consolidated market structure where finance and commerce co-mingle fueled by uncontrolled flows of consumer data,” said Chopra in his testimony last year before the Senate Banking Committee. Chopra’s stated goal is to increase competition while giving consumers more control over their data. According to hosts and two attendees, Chopra clarified at the Fintech Policy Forum last month that impending rules would place guardrails on what APIs should and should not do, rather than forcing the implementation of a singular standard like the one crafted by FDX.

“One of the things we hear regularly from the CFPB is that the market is moving fast and they want to make sure the rule is one that captures the real issues in the market,” Plaid’s global head of policy, John Pitts, told Protocol. Pitts criticizes PSD2 — an early example of open banking regulation, which came into force in the U.K. in 2018 — for only addressing data in “payment accounts,” rather than all asset-holding accounts. Meanwhile, the CFPB “started with principles of data access, and part of the reasoning behind those principles was that they can help guide decisions on ‘These are the basic protections that should exist,’ but still allow space for the market to continue to create more innovation and competition.”

FDX, cat herder

The organizational structure of FDX also has allowed for more constructive conversations around open banking standards than previously existed. When the organization is making decisions, whether that be on cybersecurity specs or how information should be presented to end users, each company gets one vote. This means that smaller firms and big banks have equal say, despite their sizes. A two-thirds majority is required to approve changes, forcing the members to reach more widespread consensus. “We don’t have the tyranny of any groups or cliques,” Cardinal said.

We don’t have the tyranny of any groups or cliques.”

There still remain a few unanswered debates in open banking, however, that the CFPB will need to settle. FDX’s standard suggests interoperable data formats that should be used, but does not force any firm to comply, for example. Cardinal also confesses that there are edge cases — small, regional financial institutions, for example, of which there are thousands in the United States — that are not as engaged in standards creation or may have suggestions that are yet unaccounted for. The diversity of the financial system in America allows for many different niche perspectives, which Cardinal coyly refers to as “a lot of cats to herd.”

Despite those wrinkles, after a long wait, open banking appears to be on the cusp of being mostly ironed out. Its history proves that tactful, savvy collaboration is still possible in an industry that is at times bitterly divided. The legacy of the first collaborative standards in the 1990s was proving that collaboration was possible, Cardinal said, and that belief is also what has generated consensus today. “Without OFX proving it could be done, I think open banking would still be being built.”


Judge Zia Faruqui is trying to teach you crypto, one ‘SNL’ reference at a time

His decisions on major cryptocurrency cases have quoted "The Big Lebowski," "SNL," and "Dr. Strangelove." That’s because he wants you — yes, you — to read them.

The ways Zia Faruqui (right) has weighed on cases that have come before him can give lawyers clues as to what legal frameworks will pass muster.

Photo: Carolyn Van Houten/The Washington Post via Getty Images

“Cryptocurrency and related software analytics tools are ‘The wave of the future, Dude. One hundred percent electronic.’”

That’s not a quote from "The Big Lebowski" — at least, not directly. It’s a quote from a Washington, D.C., district court memorandum opinion on the role cryptocurrency analytics tools can play in government investigations. The author is Magistrate Judge Zia Faruqui.

Keep ReadingShow less
Veronica Irwin

Veronica Irwin (@vronirwin) is a San Francisco-based reporter at Protocol covering fintech. Previously she was at the San Francisco Examiner, covering tech from a hyper-local angle. Before that, her byline was featured in SF Weekly, The Nation, Techworker, Ms. Magazine and The Frisc.

The financial technology transformation is driving competition, creating consumer choice, and shaping the future of finance. Hear from seven fintech leaders who are reshaping the future of finance, and join the inaugural Financial Technology Association Fintech Summit to learn more.

Keep ReadingShow less
The Financial Technology Association (FTA) represents industry leaders shaping the future of finance. We champion the power of technology-centered financial services and advocate for the modernization of financial regulation to support inclusion and responsible innovation.

AWS CEO: The cloud isn’t just about technology

As AWS preps for its annual re:Invent conference, Adam Selipsky talks product strategy, support for hybrid environments, and the value of the cloud in uncertain economic times.

Photo: Noah Berger/Getty Images for Amazon Web Services

AWS is gearing up for re:Invent, its annual cloud computing conference where announcements this year are expected to focus on its end-to-end data strategy and delivering new industry-specific services.

It will be the second re:Invent with CEO Adam Selipsky as leader of the industry’s largest cloud provider after his return last year to AWS from data visualization company Tableau Software.

Keep ReadingShow less
Donna Goodison

Donna Goodison (@dgoodison) is Protocol's senior reporter focusing on enterprise infrastructure technology, from the 'Big 3' cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.

Image: Protocol

We launched Protocol in February 2020 to cover the evolving power center of tech. It is with deep sadness that just under three years later, we are winding down the publication.

As of today, we will not publish any more stories. All of our newsletters, apart from our flagship, Source Code, will no longer be sent. Source Code will be published and sent for the next few weeks, but it will also close down in December.

Keep ReadingShow less
Bennett Richardson

Bennett Richardson ( @bennettrich) is the president of Protocol. Prior to joining Protocol in 2019, Bennett was executive director of global strategic partnerships at POLITICO, where he led strategic growth efforts including POLITICO's European expansion in Brussels and POLITICO's creative agency POLITICO Focus during his six years with the company. Prior to POLITICO, Bennett was co-founder and CMO of Hinge, the mobile dating company recently acquired by Match Group. Bennett began his career in digital and social brand marketing working with major brands across tech, energy, and health care at leading marketing and communications agencies including Edelman and GMMB. Bennett is originally from Portland, Maine, and received his bachelor's degree from Colgate University.


Why large enterprises struggle to find suitable platforms for MLops

As companies expand their use of AI beyond running just a few machine learning models, and as larger enterprises go from deploying hundreds of models to thousands and even millions of models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

As companies expand their use of AI beyond running just a few machine learning models, ML practitioners say that they have yet to find what they need from prepackaged MLops systems.

Photo: artpartner-images via Getty Images

On any given day, Lily AI runs hundreds of machine learning models using computer vision and natural language processing that are customized for its retail and ecommerce clients to make website product recommendations, forecast demand, and plan merchandising. But this spring when the company was in the market for a machine learning operations platform to manage its expanding model roster, it wasn’t easy to find a suitable off-the-shelf system that could handle such a large number of models in deployment while also meeting other criteria.

Some MLops platforms are not well-suited for maintaining even more than 10 machine learning models when it comes to keeping track of data, navigating their user interfaces, or reporting capabilities, Matthew Nokleby, machine learning manager for Lily AI’s product intelligence team, told Protocol earlier this year. “The duct tape starts to show,” he said.

Keep ReadingShow less
Kate Kaye

Kate Kaye is an award-winning multimedia reporter digging deep and telling print, digital and audio stories. She covers AI and data for Protocol. Her reporting on AI and tech ethics issues has been published in OneZero, Fast Company, MIT Technology Review, CityLab, Ad Age and Digiday and heard on NPR. Kate is the creator of and is the author of "Campaign '08: A Turning Point for Digital Media," a book about how the 2008 presidential campaigns used digital media and data.

Latest Stories