Should FinTech Startups Have Access to Banking Data?

Among the overwhelming number of news one encounters every Monday, one caught our attention. Plaid, a financial technology platform, raised $44 million in the Series B funding round led by Goldman Sachs Investment Partners.

As the company describes itself in its official blog, Plaid is the technology fabric that connects consumers, their bank accounts, and third-party applications. Our suite of APIs enables developers to build applications that interface with users’ bank accounts—whether to collect and use account data, set up payments, verify identities, or much more.

While it is certainly a great start to the week and also the next big cycle of growth and development for Plaid, the news has triggered a certain spill out over the problem related to all third-party companies ‘sneaking’ into bank infrastructure to access the banking data of the customers.

As Zach and William, Co-founders of Plaid emphasized, The bank account is the hub upon which everything in banking relies. Every deposit we receive, investment we make, bill we pay, and budget we make starts and ends with the funds or data in our accounts. So it’s particularly interesting that Goldman Sachs led a funding round for the company that wants to create sort of another hole in the closed infrastructure of banks to retract data about bank accounts.

The situation and the discussion may have changed since last year when Goldman Sachs’ opposition had quite a different strategy of dealing with third-party data access for personal finance management purposes.

In particular, Bank of America—at the end of last year—was reported to be among a number of financial institutions to temporarily cut off the flow of information to some websites and mobile applications that aggregate consumer financial data, as reported by the WSJ.

Referring to security and privacy concerns along with overwhelmed traffic to banks' websites, some of the major players are seeking to restrict services popular among consumers by providing extraordinary convenience at a price of the integrity of banking system.

Wells Fargo joined the league of opposition to aggregators when the bank "added an additional level of security to its accounts last year that prevented aggregators from being able to automatically retrieve customer data, as WSJ reported.

Last year, when JPMorgan temporarily restricted Mint from accessing banking account data, the banks’ spokesperson commented, "Handing over your password to your bank account just isn't a good idea. We're working with the industry to make a secure and private way for our customers to access these services."

Caution, however, can also be explained by tough competition. FinTech startups logically want data to be freely available to customers (and startups, of course), while banks tend to be protecting over precious information they own. At the end, it's wrapped into banks have said that they only want to make sure customer data are secure and that their servers aren't overwhelmed and FinTech startups leveraging the importance of customer experience and value provided to them.

But any outstanding customer experience with platforms easing personal funds management or any APIs providing access to banking data comes with its price.

Lucerne University of Applied Sciences and Arts brought an interesting analogy explaining the risks customer undertake by providing access to their banking data to wonderfully convenient financial technology platforms.

If you as a client pass on your personal access data in this manner, this is similar to you booking your holidays at a travel agency and then simply logging on the travel agent into your e-banking account and then leaving the shop—blindly trusting that the travel agent will now actually only debit the amount owed by you from your account, and will then log out again straight away. Any nosy employee might as well just have a look at how much salary you are paid, and if they have malicious intentions, they could even try to finance their own holidays from your account.

In addition to the risk of impersonation, the university also mentions a possible loss of control over banking data. In cases when large amounts of data access in one jurisdiction are processed in a different country with different regulatory and security environments, customers are risking to have little to no control over what is happening with their personal information collected by those platforms.

There is no doubt that FinTech startups and banks are giving the highest priority to customer protection. And the matter of data access is the same discussion that goes around open banking APIs. Putting aside the security, it probably boils down to strong competition and the power small players would gain given the opportunity to access rich banking data. In that scenario, banks would not have the leverage they have now and will be pushed out of their comfort zone to look for different ways of holding dominance in the industry.