Racing ahead of regulators and litigators, Plaid is changing how it operates.
The 8-year-old company, long content to cater to developers of fintech apps, was practically unknown before Visa launched a $5.3 billion buyout offer. That deal failed — but Plaid is now worth almost triple that as investors, grateful the startup stayed independent, pumped another $425 million into its coffers.
Its profile boosted considerably by the Visa deal, Plaid is grappling with challenges, including a class-action lawsuit filed by consumers who allege invasion of privacy and a separate though related suit by PNC Bank over trademark infringement, and pending reforms to Section 1033 of the Dodd-Frank Act governing consumer access to data that could either favor Plaid or make it harder to do business, depending on how particular rules take shape.
The issue in the two lawsuits is the way Plaid links bank accounts when a bank doesn't offer or use an API. With thousands of financial institutions in the U.S., Plaid sometimes has to present a login screen to users and scrape information from their bank's online-banking interface. The way it uses bank logos when prompting users to log in is at issue here — whether it deceives consumers and trods over banks' trademark rights in the process.
Plaid has several answers to these challenges. Of course, it's disputing the claims in lawsuits, as one would expect. But it's also moving past the business practices that left it open to such challenges by striking deals with banks and moving more and more of its transactions to permissioned environments. Three-quarters of its traffic will soon be done through APIs, Plaid says.
And it's positioning itself as a champion of consumer data access, arguing that allowing bank customers to use third parties like Plaid to connect their accounts to fintech apps encourages innovation and competition. While it doesn't see itself as a consumer company per se, Plaid sees giving consumers greater access to their own financial data as essential to its business.
The Consumer Financial Protection Bureau is considering changes to rules on financial data — particularly data shared between banks and fintech companies. This could move the U.S. closer to an open-banking system in which consumers can access and control the movement of financial data.
That change to Section 1033 of the Dodd-Frank Act has already received public comment and the CFPB is expected to come out with changes soon. (There could be delays, however, as the Senate has not yet confirmed nominee Rohit Chopra as head of the agency.) Whatever the outcome, it will have a major impact since fintech companies need to quickly and easily access consumers' financial data to make their products appealing. A lending app, for example, without a connection to a bank, might require a consumer to print out bank statements and mail them to a lender.
In the meantime, some companies are already positioning themselves for a changed regulatory environment. Plaid, one of the main fintech companies that could be affected, is assuming that changes are coming and is already making moves.
"Open finance has been a consumer-driven initiative in the U.S., not a regulatory-driven initiative," said John Pitts, policy lead at Plaid. "We view it as in our interests to do the right thing by consumers whether or not regulation is in place on the assumption that regulation will come."
Pitts, who was previously deputy assistant director for intergovernmental affairs at CFPB, previously said that Plaid would welcome being regulated as a data aggregator that helps consumers access data from a number of different financial institutions or fintechs.
"Once [1033] is secured, what are the next most important things to think about? We're already doing some of that. The other part is thinking through how to operationalize it," he said.
The company wants to make it easier for consumers to see what granular data they are sharing with a fintech or bank and why — both at the moment they click to approve a connection and in a broader data dashboard that they can access at any time to review and make changes. Plaid provides technology that can securely connect a consumer's data in a bank account and share it to fintech apps such as Chime, Venmo or SoFi. For example, when you sign up for a lending app and need to provide bank data to get a loan, Plaid will pop up a message for you to approve sharing that data to the lender.
Plaid has started providing more granular data through its Assets API product for consumers who, for example, share their data with lenders to underwrite a loan, Pitts said. Consumers can review this data before providing it to a lender.
"We're going to start expanding that to everything we do," Pitts said. "That ability to see everything in real time will become standard for everything Plaid offers."
Meanwhile, it recently launched an integration with US Bank for customers to see which apps are sharing data with the bank. Consumers can turn off an app from connecting with the bank from the Plaid Portal, which is in beta and is slated to officially launch this year, or from US Bank's page — and it will instantly update on the other site.
Plaid, which hasn't been a consumer-facing brand, has generally operated behind the scenes, but that could change with this consumer portal. "What that means is anywhere a consumer wants to exercise control on the network, it will be interoperable and all parts talk to each other," Pitts said.
Once fully launched, consumers could check Plaid's dashboard for any fintech apps or accounts that are connected, turn them off or request the deletion of data.
Plaid also just signed an API deal with Capital One, which had previously blocked Plaid, leading to complaints by Wave, a Plaid customer, among others. Plaid now has agreements with Wells Fargo and Chase and connects other banks through its Plaid Exchange.
Contrast that with the way PNC customers have to interact with Venmo, a Plaid customer. Because PNC doesn't connect with Plaid, customers have to add their bank account and routing number and wait for two sub-$1 transfers to show up in their account. That's a method that dates back to the earliest days of PayPal, now Venmo's parent — revolutionary in 2000, clunky and slow in 2021. Since Plaid doesn't connect with PNC, it can't show them on its dashboard.
PNC aside, banks have become more open to providing data recently, Pitts said — that's due to the pandemic accelerating banks' digital strategies as consumers stuck at home sought many more digital tools. Plaid has also sought to ease banks' fears by committing to having 75% of its traffic dedicated to APIs by the end of this year. "That's an important signal to the banking side of the ecosystem that we are aiming at a sustainable future for open finance that runs on tech rails," Pitts said.
This means that past practices that Plaid and other companies have used to access this data, such as native integrations or scraping it from websites — the automated copying of data from a web page — will not be necessary. Plaid and some banks have been trying to move to APIs because scraping requires giving up login information and cedes control as to which data is being accessed.
As fintechs gain more share, consumers are not just seeking to move data from their banks to fintechs. They're also looking to move data from fintechs to banks. Pitts declined to name any of its fintech customers that are sending data to banks, but there were 16 million consumers who connected a fintech to a bank in the first quarter, he said.
