Highlights from the Treasury Department’s Report on Consumer Financial Data

 

The following is an excerpt from an Insight Vault article that includes further analysis by Ron Shevlin on the Treasury report’s findings on lending, payments and regulatory sandboxes.  

Tuesday, July 31, 2018, may go down in history as Fintech Day in the United States. On that day, the U.S. Treasury Department released a 222-page report titled A Financial System That Creates Economic Opportunities: Nonbank Financials, Fintech, and Innovation, and the OCC announced it would consider charter applications from fintech companies. One of the first sections in the report—and one of the most important in my opinion—was a discussion of the need for better regulation and policies concerning the sharing and use of consumer financial data.

According to the report:

“Data aggregators, consumer fintech application providers, and financial services companies generally agree that consumers should have secure and reliable access to their financial account and transaction data, and that, in principle, consumers, if they opt-in, should be able to utilize fintech applications and other innovations that make use of their data. However, there is a lack of consensus on what secure and reliable access entails. As described by one observer, ‘the U.S. debate seems stuck at the yet-to-be resolved issue of migrating account aggregators from screen scraping-based to more secure and efficient API-based data-sharing methodologies.’

“Consumers’ ability to realize the benefits of data aggregation is limited, in part due to the lack of agreement between data aggregators and financial services companies over access to consumer financial account and transaction data. As information and data technology advances, and with sustained commitment to the principle that consumers should be able to freely access and use their financial account and transaction data, Treasury believes that improved approaches to data aggregation that will benefit consumers and financial institutions alike are surely attainable.”

The Treasury recommended that:

• The bureau work with the private sector to develop best practices on disclosures and terms and conditions regarding consumers’ use of products and services powered by consumer financial account and transaction data provided by data aggregators and financial services companies.
• Consumers should have the ability to revoke their prior authorization that permits data aggregators and fintech applications to access their financial account and transaction data. If necessary, banking regulators and the SEC should consider issuing rules that require financial services companies to comply with a consumer request to limit, suspend or terminate access to the consumer’s financial account and transaction data.
• Barriers to data sharing agreements should be eliminated. Legal and regulatory uncertainties currently holding back financial services companies and data aggregators from establishing data sharing agreements that effectively move firms away from screen-scraping to more secure and efficient methods of data access should be removed.
• Data elements should be standardized. Any potential solution [to data sharing and access] addresses the standardization of data elements as part of improving consumers’ access to their data.

SO WHAT?

The Treasury’s report and recommendations go nowhere deep enough in addressing the complexities of how the data is used and how to deal with the issues of what data is stored and where it’s stored. The report’s consistent reference to “data aggregators and fintech applications” ignores the role of non-fintech players like the big tech behemoths (Amazon, Google, Apple, e.g.) and even retailers (Starbucks, Walmart, etc.) who are increasingly offering funds storage and payment (i.e., financial) capabilities. Lastly, financial institutions should be concerned about the future costs of complying with any regulations concerning the standardization of consumers’ financial data elements. How those standards will even come about should be of some concern.