Money1033: Top Takeaways From This Year's Event & Open Banking Rulemaking

Themes included: AI, Regulation & Compliance, BaaS, and, of course, Open Banking

Hey all, Jason here.

Well, I survived! Las Vegas is probably my least favorite city, but it’s worth it to catch up with seemingly everyone I know in fintech and banking. Post-Money2020, I’ve been visiting family in the Chicago area, before heading on to Texas this Wednesday.

Thanks to the generous, paying subscribers of this newsletter, I made a donation this morning to the Hispanic Federation. A reminder that 15% of revenue from subscriptions goes to charity — if you have a suggestion for the next cause I should support, please let me know!

Existing subscriber? Please consider supporting this newsletter by upgrading to a paid subscription. New here? Subscribe to get Fintech Business Weekly each Sunday:

BaaS Resiliency

Sponsored content: As banks invest in alternative delivery channels and distribution through fintech and brands, it is critical to the regulators that the bank has a resiliency plan in place to ensure the smooth and timely transition of all customers, accounts and balances.

When a fintech or BaaS middleware provider shuts their doors, the sponsoring bank needs to be ready to act and act quickly.  Banks are satisfying this requirement by maintaining a bank-controlled platform where customers, accounts and transactions can be easily migrated in case the fintech or BaaS middleware provider ceases operations.  Banks are able to offer seamless service to the end customer and grow the end customer relationship.  Recent headlines reflect this struggle to maintain customer and account relationships when these situations occur. 

Eliminate the struggle.  It’s time for the right approach.  The platform approach. 

Infinant provides a bank-controlled, fully transparent platform which solves the challenges associated with BaaS resiliency, giving the bank a virtual account management platform to enable the switch-over without impact to existing bank operations.

Find out how leading banks are scaling their BaaS and embedded programs in the next wave of banking by utilizing our interlace platform.

Advance With Infinant

Six Trends From This Year’s Money2020

Money2020 is always a blur — a busy, fun, chaotic blur.

I wanted to share a brief recap, a chance to reflect and get some thoughts down on paper for myself as much as for anyone else.

With the caveat that these trends are constrained by my information-availability bias, here are some of my key takeaways from this year’s pilgrimage to Las Vegas.

1. Bye Bye Crypto

Believe it or not, but my first US Money2020 was in 2021. That year, despite the still-looming disruption of COVID, plenty of folks donned masks and made it to the event.

And crypto was absolutely everywhere. From the stage to the exhibit hall and the happy hours, crypto, NFTs, and blockchain had a dominant presence at the event.

Given the carnage in the sector, from a fundraising, revenue, and criminal charges perspective, it should be no surprise crypto had a substantially subdued presence this year.

To the extent that crypto-related firms were present, it was the ones focused on compliance, more “boring” use cases, or adjacent topics like CBDCs / “programmable money.”

It’ll be no surprise that, in my opinion, this is generally a positive development. Beyond facilitating crime and rank speculation, practical, scalable use cases for crypto/DLT remain largely illusory.

2. Hello AI

Now — AI — that was a dominate theme at this year’s Money2020, including a Sunday track of programming powered by chipmaker Nvidia and AWS.

The abrupt explosion of interest in “artificial intelligence” with the release of ChatGPT earlier this year belies the fact various AI techniques have been in use in financial services for years.

Machine learning models, a type of AI, albeit one that uses structured data, have long been used in computational problems like credit decisioning, fraud analysis, and even predictive dialing for customer service/collections purposes.

With the burgeoning hype around generative AI, the challenge is separating fiction from reality.

It’s easy to describe your company as “AI-powered,” in the same way two or three years ago the next hot thing was often “blockchain-powered.”

But if you can’t explain why it matters that you’re using AI and, particularly, how it changes the economics or business model, your pitch may fall on deaf ears.

And for consumers, I’m as of yet unconvinced they do or should care whether or not something is “AI-powered” — that describes the “how,” not the “what” or the “why.”

It’s like saying a product is “Excel-powered” or “SQL-powered,” who cares?

That said, I do see real opportunity and use cases for generative AI and LLMs in creating novel UX — think application flows, onboarding, account management — as well as in customer service.

3. Regulation, Regulation, Regulation

With an entire track on “Washington Explained” on Sunday, there seemed to be a stronger interest in understanding (and shaping) how what happens in DC impacts what business and operational models are viable vs. the ones that aren’t.

A comment from Senator Mark Warner in his session with QED’s Nigel Morris (not to be confused with NYCA’s Hans Morris) struck me — something to the effect of, if you went to Capitol Hill and asked legislators what fintech is, apart from a handful of folks on the Senate Banking Committee and House Financial Services Committee, they probably couldn’t tell you.

If I stop to try to think outside my own information bubble, I suppose that isn’t too surprising.

But, unlike crypto, which learned the importance of a well-orchestrated (and well-funded) DC lobby early on, fintech has only more recently begun raising its profile, thanks to organizations like the Financial Technology Association and the American Fintech Council.

While “lobbying” may have an unsavory connotation for some, the most important mission of these kinds of industry trade groups should really be about education.

To Sen. Warner’s point, most legislators couldn’t define “fintech” or identify a specific “fintech” company — even though they probably have a fintech app or two on their phone (well, except Chuck Schumer.)

Expending the resources to build relationships with legislators, regulators, and their staffs is a soft-power opportunity to explain what the industry is and does and how it can align with elements of government’s agenda, whether by boosting competition, improving access and inclusion for typically underserved consumers and small business, or supporting community banks.

4. Compliance, Compliance, Compliance

This one should be no surprise.

If crypto was the them of 2021, compliance was the reigning champ this year.

Since last year’s event, two more BaaS partner banks were hit with consent orders, and general wisdom is there are likely more public actions coming soon.

An interesting point an industry colleague made: part of the reason fintech/bank partnership enforcement has seemed to be focused primarily on BSA/AML compliance is because that is an area that is historically well understood by bank examiners with a clear playbook of what to look for in examinations.

For partner banks, particularly those that operate through “middleware” providers, there may be novel kinds of technical, operational, or consumer risk that bank examiners are just less familiar with, and thus less likely to result in a regulatory action.

But banks and their fintech partnerships shouldn’t expect past to be prologue here.

There are ample signals from multiple bank regulators they are paying much closer attention to the smaller banks that power these partnerships: beyond the growing number of enforcement actions, the Fed also created its “novel activities program” to further scrutinize “complex, technology-driven” partnerships.

And Acting OCC Comptroller Hsu made quite clear in his remarks during Money2020 more complicated relationships tend to drive greater risk and, as a result, will get greater scrutiny.

5. Banking-as-a-Service

Again, nothing too surprising here.

Given the recent tumult in the sector, with one major middleware player having a public fallout with its most important partner bank, and another being sued by its own investors over alleged accounting fraud, some are coming to question the viability of the “middleware” or “connector” model altogether.

Acting Comptroller Hsu pointed out this elephant in the room, saying:

“Sometimes you have a BaaS middleware player, different fintechs or your bank sponsor trying to do things at scale with lots of different kinds of players. That just, inherently, is more complicated. And if it’s more complicated, there’s likely going to be just a bit more risk there. And where there’s a bit more risk, we’re going to apply more scrutiny.”

With compliance costs on the bank and fintech side likely to increase, leveraging technology will be key to meeting heightened expectations.

But even where tech and automation can help scale to meet compliance obligations without throwing more bodies at the problem, the risk-reward calculus for banks is changing.

The de-risking is having various knock-on impacts in the fintech ecosystem. Rather than focus on the sheer number of programs, banks and middleware platforms are becoming pickier about the fintech clients they will work with: expectations about capital raised, level of legal/compliance sophistication, and revenue opportunity have all increased.

Some banks, including Evolve Bank & Trust, are transitioning away from the middleware model to focus on direct relationships, which can be easier to manage.

And others, like Blue Ridge Bank, are dramatically shrinking their fintech footprint and refocusing on their community banking roots.

As I’ve said before, absent the creation of some new, non-depository charter type, which has about zero chance of happening, fintechs will continue to rely on bank partnerships to offer regulated products, issue cards, process payments, and so forth.

So while the next several quarters are likely to be challenging, the bank/fintech model isn’t going anywhere in the near future.

6. And, Of Course, 1033

With the timing of the proposed rule on personal financial data rights, aka 1033, of course this was a major theme of this year’s Money2020 — so much so that I’ve broken this out to as separate section 👇

Image: Aaron Suplizio / X

The Personal Financial Data Rights Proposed Rule Is Finally Here: Six Key Takeaways

It’s finally here!

Just prior to Money2020 last week (a coincidence, surely) the much-anticipated proposed rule on personal financial data rights, aka “1033” or “open banking,” was released.

And, at 299 pages, I’ll admit I still haven’t had time to read the entire thing (but I have a 10 hour flight next Friday, so maybe I’ll finally get to it.)

But I did have the chance to review key portions, read statements from industry participants that will be impacted by the change, and speak with representatives from fintechs, data aggregators, banks, trade associations, and regulators to hear their various points of view.

This isn’t intended as an exhaustive analysis of every element of the proposed rule and its potential implications, but rather the things I found the most interesting, surprising, or potentially impactful.

1. What 1033 Covers (And What It Doesn’t)

It’s helpful to recall exactly what 1033 empowers the CFPB to do, as well as what entities and products the rule will cover at inception (and what may be added later.)

Section 1033(a) of Dodd-Frank states that:

a covered person shall make available to a consumer, upon request, information in the control or possession of the covered person concerning the consumer financial product or service that the consumer obtained from such covered person, including information relating to any transaction, series of transactions, or to the account including costs, charges and usage data. The information shall be made available in an electronic form usable by consumers.

For those that aren’t Dodd-Frank junkies, a “covered person” is defined as “any person that engages in offering or providing a consumer financial product or service; and any affiliate… if such affiliate acts as a service provider to such person.”

Though there are exceptions to what must be provided, including “any confidential commercial information, including an algorithm used to derive credit scores or other risk scores or predictors.”

While “covered persons” encompasses an incredibly broad range of potential data providers, the rule will cover only a subset of entities at the outset:

• those providing accounts subject to the Electronic Funds Transfer Act and Reg E, such as checking and savings accounts

• those providing credit cards subject to the Truth In Lending Act and Reg Z

• related payment facilitation products and services

Notably, this would include “digital wallets” like Venmo, Cash App, and Apple Wallet.

2. What’s Required/What’s Prohibited

There are a handful of requirements and prohibitions that jumped out as having the potential to disrupt current practices and shift market dynamics:

• the rule would require a “developer interface” (aka an API) and prohibit screen scraping.

• but, as currently written, the rule would only prohibit screen scraping of the “developer” interface — not the “consumer” interface (website), which is more commonly where screen scraping occurs.

• consumers must be provided with an authorization disclosure, and the third party obtaining the data must obtain the consumer’s express informed consent to access the covered data. While this sounds like a straightforward requirement, how such consent is obtained and recorded has the potential to cause headaches for less sophisticated companies.

• for ongoing services, access to a consumer’s data must be re-authorized annually and consumers have the right to revoke such access at any time.

• if a consumer chooses to end a relationship with a third party, the company must stop collecting their data and delete data it already possesses.

• third parties can only use data for what consumers authorized, and are specifically prohibited from re-selling the data to others and from using it for targeted advertising, including the cross-selling of products and services.

• data providers must achieve a 99.5% SLA, outside of scheduled downtime.

• data providers cannot charge fees.

• with consumers’ express, informed consent, third parties are able to define and obtain the data elements necessary for their use case, which is a reversal from the current practice of standards-setting body FDX defining what data elements are applicable for a given use case.

And while data aggregators that are merely facilitating access to data — acting as “dumb pipes” — wouldn’t be considered consumer reporting agencies (CRAs) subject to the Fair Credit Reporting Act (FCRA), those that are enriching, transforming, or analyzing underlying data could be — a possibility Plaid seems to be preparing for, based on job listings on the company’s site.

3. The CFPB’s Stated Goals

Along with the rule itself, CFPB Director Chopra released a statement.

And while the statement certainly doesn’t cover every detail of the proposal, it is useful for better understanding how Chopra himself as well as the Bureau at large think about the intended consequences of 1033.

Unsurprisingly, given Chopra’s background at the FTC and frequent focus on “competition,” his statement frames one of the goals of 1033 as boosting competition by making it easier for consumers to change providers (spacing adjusted and emphasis added):

“When it comes to our financial lives, a handful of very large banks and financial firms control much of the market. This has left many families with fewer viable options, and many people feel stuck to the provider they signed up with years and years ago.

One of the main drivers of these trends is the simple fact that it is too hard to switch providers. Since many deposits and payments are now automatic, people feel that if they make a mistake when switching, they’ll face a nightmare of errors and fees.”

Chopra blames what he argues is a highly concentrated banking sector and lack of competition for a host of consumer ills:

• paltry savings interest rates, despite a target Fed Funds rate of 5.25-5.5% (for example, JPMorgan Chase still pays just 0.01% on its basic savings account)

• borrowing interest rates, especially for credit cards, that have seen spreads over the prime rate widen to the largest amount since 1995

• and poor customer service

So, an explicit goal of the rule is to make it easier for consumers to change providers “by giving people more power to walk away from bad service and enabling small community banks and nascent competitors to peel away customers through better products and services with more favorable rates.”

In Chopra’s words, because consumers will be able to more easily bring their “personal financial ledger” to a new provider, they’ll be more likely to change providers — akin to when mobile phone number portability was introduced in 1996.

4. But Will This Actually Happen?

While Chopra seems to hope codifying a personal financial data right will lead to a meaningful rise in consumers switching banks, thereby increasing competition and encouraging banks to raise savings interest rates, lower borrowing rates, and provider better customer service, I’m not so sure.

Evidence from the UK, which launched a current account switch service in 2013 (and has had open banking regulations since 2015), suggests this may not be the outcome.

The current account switch service enables consumers and businesses to move their balance and to automatically port incoming payments, direct debits, and standing orders to an account at a new institution. But actual usage of the service is relatively paltry, compared to the UK’s population of 67 million:

And, if the idea was that the service would lead to customers moving away from the largest institutions to the kind of more decentralized financial services market Chopra is advocating for, that hasn’t been the outcome in the UK:

Customer switch data from July 1, 2023 to September 30, 2023. Image: Pay.uk

Looking only at accounts opened and close via the switch service, already giant institutions like NatWest, RBS, and HSBC saw net customer gains, while startups like Starling and Monzo lost customers.

While it’s undoubtedly true that giant moneycenter banks like Chase and Bank of America pay next to no interest on savings, while other banks pay 5% APY or more, Chopra may be misdiagnosing the reasons why customers don’t switch.

The reality for most American families is, even with a competitive savings rate, on an absolute dollar basis, it doesn’t make much of a difference.

For a customer in the first income quartile who has a median of $1,300 in their account, a 5% APY on their savings still only amounts to about $65 a year.

Image: JPMorgan Chase Institute

Many US households simply don’t have enough savings for the interest rate they get to matter very much.

On the borrowing side, while credit card users that carry a balance should be rate sensitive, interest rate isn’t consumers only consideration when choosing a card.

For one, APR isn’t the only expense, as many cards carry annual membership fees, which can hit as high as $695 a year on premium cards like American Express’ platinum card.

Perhaps more importantly, interest and fees aren’t the only consideration when choosing a provider. In a landscape dominated by rewards cards, points and other perks, like lounge access, airline benefits, or the ability to use a card at a specific retailer like Costco may outweigh explicit costs.

Further, those that feel the brunt of higher interest rates — subprime borrowers with credit scores below 680 — just have fewer choices to begin with.

The more significant impact for non-prime borrowers, particularly thin/no file applicants, seems likely to come from cash flow-based underwriting enabled by open banking, rather than some simplification in moving from one card issuer to another.

5. Timeline/Likelihood of Legal Challenge

So, when is all this happening?

Comments on the proposed rule are due by the end of the year (my sympathy to all of the public policy and comms folks who will be working through the holidays!)

According to Chopra’s statement, the Bureau is aiming to finalize the rule by “next fall.”

There are political considerations in the timing of finalizing the rule: the Congressional Review Act, infrequently deployed until the early days of the Trump administration, empowers Congress to review and invalidate regulatory rulemaking.

The Biden administration notably used the CRA to rescind the OCC’s “true lender” rule passed in the waning days of Trump’s term.

From the time the financial data rights rule is finalized, Congress has a window of 60 legislative days to pass a joint resolution by simple majority in each chamber to invalidate the regulation.

With the future makeup of the House and Senate unknown, if the Bureau takes too long to finalize the rule, there is a risk the next Congress could reach back and rescind it — though analysts I’ve spoken to suggest such a move is relatively unlikely.

A Congressional Review Act challenge isn’t the only speed bump, however.

The CFPB’s original “payday lending rule” was finalized in October 2017, and, due to a lengthy court challenge, still isn’t in effect.

But 1033 isn’t the payday rule. With the payday rule, there was one constituency that was clearly the loser: all of the lenders that would be covered by the rule.

The “winners” and “losers” of 1033 are less clear cut.

Most banks, particularly big banks, have generally acknowledged the inevitably of open banking and have been working to influence the rule in ways that are favorable to them, rather than flat-out trying to block it from happening.

And, while the picture often painted is that “big banks = data providers” and “fintechs = data consumers,” that is an oversimplification that belies opportunities for big banks: getting (consumer-permissioned!) access to the trove of data in services like Venmo, Cash App, PayPal, and Apple Pay, among plenty of other opportunities.

Assuming the rule is finalized and CRA or industry legal challenges don’t delay its implementation, there will still be a ways to go before universal compliance is expect for covered products — and remember, for now, it’s basically just savings, checking, credit cards, and digital wallets that are covered.

While banks with over $500 billion and assets and non-banks with more than $10 billion in revenue are expected to comply within six months of the rule being finalized, smaller non-banks have a year, and the smallest banks, those below $850 million in assets, have four years to comply.

(Sure would be ironic if customers left their small banks if they take too long to support open banking use cases 🤣)

6. 1033 Winners, Losers & Unintended Consequences

Hopefully, the real “winners” here are consumers.

Dodd-Frank was passed approximately thirteen years ago — and it could still be another five years from now before all banks need to be in compliance!

Lacking an official legal and regulatory framework, market forces were left to work their magic.

But with market forces left to battle without clear rules and regulations, the outcomes for consumers have not been universally great, with inconsistent practices and requirements around access, disclosure, who can use data and for what purposes, information security, and liability for when things go wrong.

I’d also put data aggregators, like MX, Finicity, Plaid, and Yodlee in the “winner” column.

While this group surely didn’t get everything on its wishlist, and there are future battles to fight, the current shape of the rule validates their role in the market.

Requiring institutions to make data available, via API, at no cost ensures access to the key ingredient in the aggregators’ business model: data.

While it’s true any third party could go out and build its own integrations to avoid the cost of using a data aggregator, with nearly 10,000 banks and credit unions, the aggregators serve a legitimate purpose in the market.

For “fintechs,” and here I mean consumer-facing apps like Venmo, Chime, Wise, etc., the proposed rule also is a clear win. Many of these services depend on data aggregators to provide core features and to power competitive differentiators. The proposed rule will help ensure better predictably about what data they can access and how they can use it.

The flipside for fintechs is that, for those providing covered products, they will also have to comply with the rule and allow for data portability to other third parties — even banks.

For the “bank” side of the ecosystem, it’s challenging to reduce describing the impact of the rule to “winning” or “losing.”

The impact on a small community bank that is highly dependent on their core provider to meet the requirements will be very different than the largest banks, most of which have already built out their own APIs.

Even among bigger banks, whether 1033 “helps” or “hurts” their business will depend in part on how they respond. The flow of data isn’t unidirectional, from “banks” to “fintechs.” The sooner banks acknowledge this and identify how they can take advantage of data portability, the more likely they are to be “winners.”

Really, the only clear loser here seems to be Akoya.

As prophesied earlier this month, it’s difficult to imagine how Akoya can continue to exist in its current format with its existing requirements.

There would seem to be two paths forward for the fledgling consortium.

One, to become a sort of “API vendor” to banks. Rather than build out their own infrastructure, banks leverage Akoya to do it for them as a service provider — and, presumably, pay Akoya to do so, given in this circumstance, Akoya itself would be prohibited from charging third parties for data access.

But the biggest banks have already built out their own APIs — why would they use Akoya?

The second option could be for Akoya to morph into a data aggregator itself, going head-to-head with Finicity, MX, Plaid, and so on.

In this scenario, Akoya — like those other aggregators — could charge third parties that integrated with it. But the existing players have what is likely an insurmountable lead, both in achieving widespread coverage of institutions and in winning clients. What competitive advantage could Akoya possible offer?

As far as unintended consequences… there are bound to be plenty.

The Durbin amendment is the poster child for good and bad unintended consequences — it arguably led to a steep climb in fees for basic services for the lowest income Americans (bad) but also served as a key revenue source for fintechs and lifeline for smaller banks (good.)

As far as the unintended consequences of this rule — I’ll refrain from hazarding a guess, for now!

Other Good Reads

First Impressions on CFPB’s Proposed Open Banking Rule (Davis Wright Tremaine)

Material Loss Review of Signature Bank of New York (Office of the Inspector General of the FDIC)

Observations From Money2020 (Fintech Takes)

About Fintech Business Weekly

Looking to work with me in any of the following areas? Email me.

• Vendor, partner & investment opportunity advice and due diligence

• Fintech advising & consulting

• Sponsoring this newsletter

• News tip or story suggestion — reach me on Signal at +1-316-512-1571

• Early stage startup looking to raise equity or debt capital