Open Banking Initiative Requires Diligence to Maintain Security & Consumer Protection

One does not need to look far to see that digital banking requires innovation at the highest level - and that it does not show signs of slowing down any time soon. With the rapid pace and scale we are seeing this innovation unfold, particularly with Open Banking and Payment Services Directive (PSD2) initiatives overseas. Financial institutions and Fintech innovators are being driven to not only collaborate on intelligent banking platforms, but to also provide consumers with the power of choice and foster both innovation and competition without skimping on the highest of security standards. As the financial services industry in the U.S. looks to move toward more of an Open Banking model, like we are now seeing in other countries, there are critical elements necessary for a rollout to work here. Our belief is that in order for the U.S. to be successful in developing and implementing a similar model of Open Banking, we need an ecosystem in place that not only enables this innovation to continue on a large scale, but also solves for security and privacy issues where all involved parties are held accountable. In order to maintain the highest of security requirements, we need to foster a system in which consumers, financial institutions, aggregators and policymakers alike can come together to agree on and form a common standard that promotes traceability and accountability of consumer data use for all involved parties. This can be achieved through implementing the proper security measures into existing platforms that help identify the ways a given requirement or process has been implemented in a system, enabling someone to follow the path of dependencies from the initial request to final deployment and everything in-between. This could be a similar approach to the recently proposed Secure Open Data Access (SODA) model, in which a set of suggested guidelines are identified and strictly adhered to. With a central focus on the consumer, highlighted by increased accountability and traceability on behalf of all involved parties, an Open Banking ecosystem is actually more secure than today’s system, and that of one-off bilateral agreements. Security starts and ends with putting the consumer first. In such a model, putting the consumer at the center of everything is paramount. In addition to having unfettered access to their own financial data whenever they want it, it is important that consumers always provide consent to their data being accessed, and that they are informed of the particular ways in which said data is used. Additionally, consumers would have the right to access their data via trusted third-party tools, and should not have to worry about what is done with their data when accessing the latest and greatest in Fintech. To that end, consumers also must feel empowered to provide access to all of their own financial data to the trusted third-party applications for any permissible purpose. Along with this ability to provide permission and consent, consumers also have the right to expect that the flow of data between their financial institution(s) and any third parties with which they elect to share their data is safe and secure. Financial institutions play a critical role in how this new era of intelligent banking will unfold, specifically with regard to consumer security and protection. In order for an Open Banking system to be successful in the U. S., all entities that handle consumer account information should make it a top priority to uphold leading for security standards and continuously promote and implement traceability. It should go without saying that there is great responsibility in safeguarding sensitive consumer information; however, it is important to note that these protections must never make a consumer feel restricted. Financial institutions should be mindful when considering placing potential restrictions on the ways in which consumers use their own data, as well as overriding any consumer consent to having their data accessed by third-party applications. As data sharing continues to be a critical driver of innovation in the financial services sector, those who handle and analyze data have an equally important role to play in its protection. This is where the crucial role of financial data aggregators is made clear. In addition, it is up to aggregators primarily to adhere to leading industry practices on data security and privacy, as well as assume responsibility of their platforms to protect against abuse and misuse of consumer data. Without ensuring their platforms and services maintain transparency and traceability, aggregators will fail to provide all market stakeholders, in particular regulators and consumers, with clarity into who has access to what information, and what it is subsequently being used for. If there is a lack of transparency throughout the aggregators’ innovation and development process, it is ultimately the consumer who suffers the most. We are seeing this concept continue to gain momentum throughout the financial services industry, most recently with the U.S. Treasury’s Department of the Treasury’s Fintech Report titled “A Financial System That Creates Economic Opportunities Nonbank Financials, Fintech, and Innovation” released in July of 2018, in which it stated that public and private institutions need to work in partnership to develop and institute best practices. The report demonstrates the great importance and totality of all initiatives that need to be in place in order to adequately protect consumers and keep their data secure. It also provides consumer protection groups, such as the Consumer Financial Data Rights (CFDR) Group, with a mandate to leverage in their work with regulators on implementing secure data access recommendations. The CFDR has the technical and practical expertise to work alongside financial institutions and regulators in moving forward on the U.S. Treasury guidance. Realizing the full potential of the future of financial services lies in identifying and maintaining specific terms and rules, which makes policymakers and regulators key players in the implementation of this new banking landscape. It is the role of governing parties to not only promote guidelines and principles well in advance of actual implementation, but also to ensure said guidelines are modernized and updated as the industry continues to shift and new technologies and methods are brought into the fold. Regulators must keep a watchful eye on these developments and possess the ability to evolve at the same pace in which the world of Fintech is evolving. As we navigate the new waters of Open Banking, we must be mindful of data’s tremendous power. While the changes we are witnessing are exciting and promising for financial institutions, consumers, regulators, aggregators and developers alike, each must be diligent and responsible in their roles to maintain security and consumer protection above all else. The information, analysis, and opinions expressed herein are for informational purposes only. Nothing contained in this column is intended to constitute legal, tax, accounting, securities, or investment advice, nor an opinion regarding the appropriateness of any investment, nor a solicitation of any type.