The sweeping post-financial crisis law known as Dodd-Frank requires banks and other financial service firms to make customers’ financial data available to them in a useable form. But some banks are not complying with the rules and have been blocking consumers from accessing their data such as transaction records and account balances, Yahoo Finance has learned through sources with direct knowledge of this matter.
A major way consumers choose to access their information is through third-party apps that aggregate transactions and accounts or authenticate accounts without using passwords. Some banks, like Barclays (BCS), have acknowledged to blocking some third-party apps, citing security concerns.
However, consumer advocates and other experts say these concerns are overblown and stifle innovation in the industry and costs consumers money by making it harder for them to explore new products or to change banks in search of lower fees and better rates.
Banks sometimes block apps if it competes with them
Banks receive requests on their networks for data, similar to how internet providers get requests. And similar to net neutrality concepts, banks can prioritize releasing some data and throttle others, though section 1033 of the 849-page Dodd Frank Act gives consumers the right to their data when they want it.
“Over the past six to nine months there’s been a sharp uptick in deliberate bank blockages,” a source with direct knowledge of the matter told Yahoo Finance.
Third-party fintech companies know it’s deliberate because the banks often tell them this directly, and will rectify unintentional blockages quickly. Generally, banks justify blockages with security concerns, but reach deals — often with certain large third-party aggregators like Intuit. Consumer advocates view this as partial compliance.
Banks feel threatened
Data sharing isn’t just about consumers owning their own data, Jason Furman, a professor at Harvard’s Kennedy School, told Yahoo Finance. It’s also about companies trying to stymie competition, which hurts innovation and wage growth, said Furman, former chair of the Council of Economic Affairs under President Barack Obama.
Banks don’t like sharing consumer information because they’re afraid of losing customers, said Ira Rheingold, executive director of National Association of Consumer Advocates. “Banks want consumers desperately, because once they get them they can keep them because it’s such a pain in the a** [for consumers] to change,” said Rheingold.
In Furman’s view, the banks are taking a defensive position when they should take an offensive one. ”I think a lot of big financial institutions are threatened by fintech and are looking for ways to protect themselves,” he said. “[Restricting data] takes the pressure off of them to innovate. It doesn’t just hurt startups, it hurts the customers and services.”
Simply “letting consumers have control over their financial data” would also inject competition to the financial industry in a more realistic way than breaking up big banks, since it’s just implementing a law that’s already on the books, Furman said.
“There’s no reason to think that the major banks will be the most innovative in designing more apps and ways to track their money,” he said. “If they are, they can win in a head to head competition, and they’d probably be better that way.”
Data sharing can lead to innovation
If banks share data, as they should be doing under the law, financial aggregators can introduce a wave of new products: not only making dashboards of financial lives but also creating services that can quickly authenticate services and replace the slow small deposit confirmation process or move cash around.
Venmo, for example, Rheingold notes, is an example of the type of innovation that third-party fintech firms can facilitate. Until recently, with the launch of Zelle, banks did not have a viable peer-to-peer payment system, and may not have created one if not for the popularity of Venmo. While some banks use data-sharing to speed up the customer authentication process and transactions in general, many of these functions don’t give banks an edge.
According to a recent study from McKinsey,“it seems unavoidable that open banking will result in the sacrifice of some degree of control by incumbent banks,” though it noted that “banks will gain the offsetting benefit of participating in larger profit pools, ones in which they should be well positioned to play a leading role.”
Banks: We’re concerned with security
Barclays’ Barclaycard department told Yahoo Finance that it supports innovation, but had improved its system to enhance security, and that the change ended up locking some fintech companies out. Some firms like, Intuit, for example, have been able to access customer data, a Barclay spokesperson said. “Other aggregators have not been able to accommodate these security modifications, and, as a result, access is currently hindered.” The bank said system changes in 2018 may better accommodate more third parties, and stressed that this is only about security, not competition.
JPMorgan Chase didn’t comment specifically about restricting data, but cited “protecting our customers’ information” as a top priority. Chase has deals with large aggregators such as Intuit and Finicity, but does not have a relationship with one-off smaller apps.
TD Bank cited similar concerns over security, but a spokesperson said the bank had no policy against linking to third-party vendors.
Fintech security is solid
This mantra of security isn’t necessarily a bad thing, but it is misguided, said Schan Duff, senior fellow at the Aspen Institute and an attorney specializing in regulatory matters who has represented many banks and financial institutions.
“Those concerns are a little unfounded,” he told Yahoo Finance. “With the type of innovation in the fintech space, tech is really improving to reduce security concerns when it comes to account information sharing.”
Duff cited secure tokened access and less usage of sensitive banking info like passwords as major security innovation. “No question that it’s a more secure approach to data access to, for example, check-based systems that contain routing and check numbers that are viewed several times. That eliminates third-party developers accessing and storing sensitive account info.”
Fintech companies are also creating security measures from scratch, Duff points out, whereas banks often have patchwork security protocols in place due to a history of merging with other banks.
“That’s their business, essentially,” Duff said. “[Fintech firms] have a high powered incentive to maintain the security of data. Their business depends on it, whereas a bank is doing multiple things at once.”
For now, even though banks are obligated to comply under Dodd-Frank, regulatory bodies of the Consumer Financial Protection Bureau likely do not have the bandwidth to enforce compliance of this somewhat esoteric section of the law, especially given the bank-friendly administration and Congress. However, McKinsey’s study says the market trends and consumer demand may be enough to move the needle.
“Change is rarely comfortable, but as market evolution in the United States and other countries illustrates, the forces of change are inevitable,” the study says. “Banks are better served getting ahead of and defining the trend rather than waging a futile battle to repel it.”