Big Banks vs. Silicon Valley Startups - Whose Customer Financial Data Is It Anyway?
As we all know by now, data is valuable. The more data a company has about you, the more power it has over your decision-making. In today’s big-data driven economy, the companies with the most data have the most power. So it is unsurprising that companies recently have been jockeying over who controls, and has access to, consumer financial data.
In recent months, major banks including JPMorgan Chase and Capital One have essentially launched a new campaign to control, Silicon Valley fintech startups’ access to consumer financial data. As tensions rise behind-the-scenes between financial institutions and the fintech companies, some banks have threatened to block fintech companies’ servers from accessing customer data, in order to improve their customer accounts’ safety and increase consumer protection. Banks rationalize this move by asserting that fintech apps often collect more data than they need, store it insecurely, sell it to third parties, and sometimes also get hacked, exposing account numbers and passwords. Therefore, the banks say, by limiting access, they are simply looking out for all of our best interests.
The banks are correct that cybersecurity, privacy and fraud prevention play a critical role in the financial regulatory ecosystem; those issues are relevant to the two key pillars of financial regulation: consumer protection – as fintech companies’ apps might abuse or lose customers’ most valuable data – as well as prudential regulation, which focuses on maintaining the safety and soundness of our financial system. These pillars are critical to keep in mind. Indeed, regulators already have expressed concerns about a potential cyber 9/11 on our financial industry, and cybersecurity attacks on banks can easily have broad ripple effects resulting in far-reaching impact on other sectors. Thus, the banks are not necessarily wrong when they seek to limit third party access, especially as security concerns also stem from fintech companies’ practice of “screen scraping” information of banks’ customers by scanning online banking websites.
But the motivation of the big banks may not be so pure. The banking industry’s recent push against fitech is sure to be at least partially driven by the tremendous disruption that fintech companies are causing to the landscape of the financial industry. Simply put, banks do not want to give a competitive advantage to the financial industry’s new entrants and are afraid of losing customers to the fintech companies. What better way to avoid losing ground than to choke off the data? After all, closing off access would keep the data (i.e., the power) in the hands of the banks, and put tremendous pressure on fintech companies, potentially driving some out of business.
Companies like Mint, for example, provides consumers with an aggregated snapshot of their accounts from multiple financial institutions; without access to the bank data, Mint’s business would collapse. In fact, most fintech companies are somewhat—if not entirely—dependent on access to traditional bank data. So it seems logical that fintech companies argue that the banks’ approach regarding access to customer data is stifling innovation.