The Evolution of Open Banking Data Standards

A fossil found in Bavaria, Germany in 2015 has helped scientists decipher the evolution of a newly discovered species known as Skiphosoura bavarica that lived roughly 147MM years ago. The flying reptiles, known as pterosaurs, were closely related to dinosaurs and were the first vertebrates able to accomplish powered flight. Skiphosoura bavarica had a wingspan of 7 feet, compared with later pterosaurs, which evolved into larger versions with wingspans up to 36 feet.Fortunately for humankind, the era of flying dinosaurs is long gone, by roughly 66MM years. However, as open banking has gained popularity, the banking industry is keeping watch on a bit of evolution of its own — evolving data standards. The History of Open Banking StandardsThe European Union first introduced open banking rules in 2015; in the nine years since, the model has taken off in Europe. As the US seeks to follow suit, aided by the recent adoption of the Consumer Financial Protection Bureau’s (CFPB) open banking rule, financial institutions are bracing for the impact that free-flowing comprehensive information about people’s finances with third parties could have on the banking industry — both the pros and the cons. The key to open banking is a standardized approach to data sharing that will protect people’s data. Yet, as the US begins to head down this road, the major question is how those standards will be determined. Enter the Financial Data Exchange (FDX). Following a call from the CFPB for input from the banking industry to help establish open banking standards, FDX is the sole organization that has responded. FDX is a nonprofit organization dedicated to creating secure royalty-free standards for data sharing within the financial industry in the US and Canada. Membership in the organization is fee-based for participants other than consumer groups, with the amount determined by a member’s size. FDX membership comprises major financial institutions like Bank of America, Citi, Capital One, JPMorgan Chase, US Bank, and Wells Fargo, among others, as well as fintechs such as Plaid and Xero, and service organizations such as Fannie Mae, Schwab, and Quicken Loans. The organization was started in 2017 after technology companies, financial institutions, and data aggregators began looking for some continuity in the ways that organizations exchange data and information through open banking. While FDX’s banking standards have been fairly visible, the organization is not alone in working to establish guidelines for open banking. Multiple regulations exist outlining varying requirements for the rules that organizations need to adhere to when exchanging consumers’ personal data. There has been no shortage of input regarding how data sharing should be standardized. The Federal Trade Commission’s 1999 Gramm-Leach-Bliley Act required financial institutions to share a privacy notice to consumers outlining how their data may be shared and used. An early software standard known as Open Financial Exchange (OFX) was created by Intuit, Microsoft, and CheckFree around the same time. In the time since, about 20 different states have enacted their own data privacy legislation. California has been a leader in this area, having signed the California Consumer Privacy Act into law in 2018. This was followed by the California Privacy Rights Act in 2020, which expanded its initial rules.

Source: Bloomberg Law
Mixed Reactions to New Standards While open banking is inevitable, the idea continues to face resistance within the banking industry. The same day that the CFPB published its final rule, a lawsuit was filed against the organization and its director by the Bank Policy Institute, Kentucky-based Forcht Bank, and the Kentucky Bankers Association. The lawsuit alleges that the CFPB’s rules overstep its authority and outlines concerns regarding data security and consumers’ privacy. There has also been criticism within the industry over FDX’s position as the sole organization to influence the CFPB’s final open banking standards. There are some industry experts who also fear that having a single group helping to set the standards could be unfair and create a monopoly and could ultimately have a negative impact on innovation within the industry. “Standard-setters must reflect the full range of relevant interests [including] incumbents and challengers big and small, consumers and firms, and ideally would also represent the perspectives of firms that don’t even exist yet,” said CFPB Director Rohit Chopra, himself acknowledging that the agency would prefer multiple organizations to help shape the final rules. This potential for a monopoly could particularly impact community financial institutions (CFIs), which may have less influence in a standard-setting process dominated by larger institutions. It could limit their ability to innovate and offer specialized services tailored to their local communities, as they might be forced to adhere to standards designed primarily for larger banks.Absent multiple perspectives, a clear set of standards for open banking could still prove extremely beneficial for the banking industry, eliminating uncertainty and helping to enhance overall security — all of which could assist financial institutions in their efforts to reduce risks. FDX’s proposed standards, for example, aim to improve security by establishing consistent protocols for data access and authorization, reducing vulnerabilities associated with less standardized methods. A streamlined open banking experience could also help financial institutions provide customers with a more seamless experience and a way to enhance customer trust through greater transparency and enhanced security practices regarding data. This streamlined experience aligns with growing customer expectations for digital convenience and control over their financial data. Among the requirements that the CFPB has already outlined itself are a need for clear consent from customers to share their data with third parties and limits surrounding how that data can be used; free access to consumer data and the development of secure interfaces for the exchange of data. While the specifics could still change, the overall sentiment will remain: greater clarity for financial institutions and consumers alike about how data should be exchanged securely and transparently. While FDX is a prominent player, it’s important to remember that the open banking landscape is still evolving. There are other organizations and approaches to data sharing, and the final form of open banking in the US is yet to be fully determined. This presents opportunities for CFIs to proactively engage in discussions and explore different options that best suit their needs and the needs of their customers. By focusing on transparent and secure data practices, CFIs can build trust with their customers, regardless of which standards ultimately prevail.As the CFPB and FDX hammer out final rules, community financial institutions should keep themselves apprised of how things play out. Open banking will only continue picking up steam and financial institutions should actively be looking at their data-sharing processes, to ensure that they are as safe as possible and are approached in ways that can help reduce risks. Staying informed and adaptable will be crucial for CFIs as these standards continue to evolve. FDX’s role is a significant part of the broader conversation about data sharing in financial services, and CFIs should prioritize maintaining flexibility and readiness to adapt to changes in the regulatory and technological landscape.