The fintech industry faces regulatory scrutiny on a number of fronts this year. Some of that comes as the administration has made key appointments and charged new agency leaders with reining in companies and better protecting consumers. And some has been driven by external events like the meme-stock saga, which added to the spotlight on financial startups.
For companies like Plaid, regulation can be a threat — or it can be a useful tool. Plaid, which makes tools used by other fintechs to connect accounts and share data, has been leading the charge on open banking, which it argues should be mandated by Section 1033 of the Dodd-Frank Act and it views as critical to the growth of the sector.
We caught up with John Pitts, head of Policy at Plaid and former deputy assistant director for Intergovernmental Affairs at the Consumer Financial Protection Bureau, to get his view on where fintech is heading in Washington this year and how his former agency will handle the open-banking question.
Not everyone sees eye to eye with Plaid on open banking. Some banks argue that more access to consumers’ banking data brings cybersecurity risks and will increase costs that will be paid by banks and credit unions, while fintech gets most of the benefit.
Open banking isn’t the only big regulatory question in Washington. Pitts believes this will be a watershed year for financial data, cryptocurrencies and digital identity rules.
This interview has been edited for brevity and clarity.
What are you expecting in the fintech regulatory landscape this year?
We've now reached a critical mass in terms of a number of innovative financial services and products where regulators recognize them as a permanent and mainstream aspect of consumer finance, and are looking for ways to appropriately pull them into the regulatory perimeter.
I think about regulation as a rubber band, where you write a law or regulation on a financial service or product, and over time an agency can stretch the boundaries of that regulatory perimeter to accommodate some minor changes in how consumers are using a product or how someone's offering a product. But at a certain point, as consumer preference changes, and as the world changes, that rubber band can’t stretch anymore, and you need to create a new rubber band.
That's the moment we are in right now on things like data access — something that Plaid cares quite a bit about — cryptocurrency, digital identity. All those are really high-profile issues in the minds of D.C. regulators. And this is the year where they pretty clearly laid down a marker that they want to take action.
What are you expecting as far as Dodd-Frank rule-making on financial data this year?
The world is expecting the start of a 1033 rule-making to give consumers the right to access their financial data this year. We are almost a year after President Biden made it the key element of his executive order on competition for the CFPB. And our expectation and the expectation of industry is that sometime in the first half of this year, we will see the CFPB move forward with a small business review panel process in order to kick off that rule-making.
One of the reasons everyone is so interested in that and why that executive order was so important is that we now have a director of the CFPB who has competition as one of his main focuses as a regulator, and he came from the FTC, where competition was a huge part of his role. All of these pushes he has made are in the direction of: We need more competition in financial services, and specifically, the benefits of that competition to consumers will come from fair access to data for all consumers when it comes to financial services.
That hasn’t been the case before?
Right, that has not been part of the 1033 open-finance conversation to this point. But Director [Rohit] Chopra has really clearly injected that dynamic in, and that's going to be a major driver and a top priority issue for the [CFPB]. It also creates a real roadmap for founders and leaders of financial services companies and fintechs that they can rely on. You know that the critical things for you are going to be: Do you have access to consumer data? Are you providing your customers with access to their data? Are you being put at a competitive disadvantage against any other incumbent because of any sort of data hoarding or asymmetry? Those are going to be really critical regulatory but also commercial strategies that drive the year.
The CFPB has also taken enforcement actions recently on things like ISAs. What do you make of that?
Yes, they've also started to do things, like issue new FAQs on Regulation E, that again are suggestive that the bureau takes a expansive view of its jurisdiction and wants to ensure that the consumer has a level playing field in terms of their rights wherever they are getting financial services, whether it's a bank or a non-bank. Data fairness and, critically, the consumers’ control over their own data are a pillar of that strategy from a regulatory perspective and should be top of mind for anyone dealing with the CFPB this year.
How do you implement 1033 data rules with different levels of technology that exist for community banks versus big banks?
It's a great question. And it is complicated, but complicated is what we do. One of the things that Plaid has done over the last year is drive the industry transition into APIs as a next generation of data connectivity, with the largest banks being the first ones. And actually, now more than half of Plaid’s traffic is API-only traffic, which has been a real, significant shift in the industry that we've led over the last year.
But that also means you need to have the same connectivity for small banks, because you wouldn't want a future where only the largest banks and their customers have access to all of these amazing fintech innovations that have benefited consumers so much. So Plaid has rolled out products like Core X, an API that community banks can use to ensure that they can get the same kind of connectivity as a JPMorgan Chase, even if they don't have a $12 billion-a-year digital budget.
Is there a role for companies working with these banks, since many banks have a lot of work to do?
Yeah, there is definitely a role. This is a village effort. So, Plaid is a board member of the Financial Data Exchange. FDX is building an open API that any bank can adopt. That's going to be critical to the success of APIs for small banks. Also, we've worked quite closely with the core services providers like Jack Henry and have made sure that they are building API connectivity using Plaid’s technology into their offerings for those small banks who are on their platform.
What do you see happening with crypto regulation this year? Who’s driving this?
I do think the headline here is that the administration is going to have the most significant role in defining the regulatory future for cryptocurrency over the next year. And part of that is going to be driven by the SEC, I would say probably the most significant part of it is going to be driven by the SEC. Chairman [Gary] Gensler has made quite clear that he thinks his existing legislative authority covers a substantial part of the crypto market and that he is quite comfortable using it. Even if that wasn't the case, in the absence of confirmed leaders for many of the other bank regulatory agencies, in some ways, the SEC is the only game in town for robust regulatory action in the crypto space. At least for the immediate future.
The administration hasn't at least publicly done anything to make people think that it's not in Gensler’s court?
That's right. And we know that the administration is roughly a month away from a comprehensive crypto strategy that they've said that they're going to publish. And an administration doesn't signal real timing on something like that unless an immense amount of work has already happened behind the scenes to give them the confidence that they are ready on that timeline.
Does this overlap with the CFPB work you were discussing before?
It does, actually. One of the things that's really interesting in the conversation of crypto in Web3 generally is even as Web3 gets built, consumers still are going to be moving back and forth between traditional financial services and sort of Web 2.0 and Web3 and DeFi. In a lot of ways, Plaid is already that Web 2.5 layer that consumers use to move back and forth between those two. I would expect that the importance of that 2.5 layer as the place where consumers move back and forth between crypto and fiat will become even higher and having clear rules of the road there will become even more important because that's the critical point of transition for the consumer. I think that having that consumer be able to do things like KYC and onboarding as they move back and forth, that's going to be one of the things that regulators and policymakers care deeply about, and that we think there is a really significant market opportunity for companies that are thinking about how to serve the customer in both Web 2.0 and Web3 worlds.
What else is there to watch for?
Not a lot of people paid attention to it, but we are roughly at the one-year anniversary from a symposium that the Treasury held last year on digital identity. And you've seen recently that the IRS tried to move into a new sort of photo-recognition identity requirement for filing your tax returns.
There's a recognition that financial services has gone digital and government is going digital and the result of that is identity needs to go digital too. And that raises a bunch of sort of complicated issues of how do you move what was essentially a fax-machine process into the internet era.