I blogged recently about American banks beating up the regulators to stop account access via APIs. I heard this in various White House meetings in 2016, and assumed all banks and bank people felt the same way. Well, they don’t. Citi’s head of FinTech Policy, Andres Wolberg-Stok, got in touch to clarify the true situation. Here is his response …
I don’t know of any facts to support the assertion that “In the USA, there is a move by the big banks to get Washington to outlaw access to bank data based on security. The only person who should access bank data is the customer, the banks bleat.”
This is a hot-button issue in the U.S. since last November, when the Consumer Financial Protection Bureau (CFPB) put out 20 questions about data access and requested public comments (see CFPB request for information). The responses from various banking trade associations including The Clearing House (TCH), ABA, FSR and CBA are a good indication of where the majority industry sentiment lies.
You can read the over 70 responses here, but it’s really worth looking at these in particular: FSR-BITS, the ABA and the TCH. None of those suggest remotely that only the consumer herself should have access to bank data. The common position, in a nutshell, is that banks do realize that opening up account data to third parties as mandated by a customer is important – but that it needs to be done safely (i.e. not by making people share their bank credentials with un-vetted third and fourth parties; not by screenscraping – which the EU is banning once banks open up access– and not without some accountability for what happens afterwards to this very personal dataset i.e. perpetual storage, reuse, resale, etc).
As regards Citi specifically, two major steps that go diametrically in the opposite direction to the resistive one you stated:
- Our launch last November of a developer portal (live at developer.citi.com) with APIs providing legitimate developers with access to six different categories, including account data and authentication – note we explicitly embraced Open Banking in our press release;
- Our recent investment in Plaid, a leading modern aggregator.
Andres Wolberg-Stok, Global Head of Policy, Citi FinTech, New York
Thanks Andres. As I posted your email to me, I also noted The Economist had written a similar piece to mine about data access:
According to Deloitte, a consultancy, banks’ lockhold on payments serves as a handy source of income, earning European banks €128bn in 2015, around a quarter of retail-banking revenue. Many see PSD2 as a threat to their business models; they fear becoming the “dumb pipes” of the financial system. In a survey conducted last year by Strategy&, a unit of PwC, a professional-services firm, 68% of responding banks believed that PDS2 would leave them in a weaker position. The same proportion feared that they would lose control of interactions with customers.
Looking up the specific survey cited by PwC, they find three groups of bankers:
In our talks with bankers, it became evident that there are three distinct schools of thought with respect to PSD2:
- The threat school sees PSD2 as an exercise in compliance and tactical response. In this school, PSD2 is a driver of cost, not revenue. Moreover, the new level of competition stimulated by PSD2 is expected to mainly require a tactical response, perhaps in the form of lower prices, to defend the customer interface.
- The wait-and-see school views PSD2 as a not-yet-ripe chance to better serve customers and extend market reach. In this school, it is too early to tell how PSD2 can be used to create value. Thus, the proper response is to comply with the directive, and wait and see what happens when the changes it mandates are in place.
- The catalyst school sees PSD2 in the broader context of the fundamental disruption that is under way across the global financial sector. It perceives the directive as yet another of the catalytic forces that are providing momentum to the inexorable move toward open banking. This school believes that the time for responding to PSD2 is at hand — indeed, some say it is already passing.
So thank Andres. The US banks are similar to the European banks. Over two-thirds of them are control freaks who do not want to share data with anyone else. Unfortunately, those banks are Ostriches and will fade away or be forced to change. Luckily, your bank is not one of them.