Who Should Decide The Fate Of Digital Banking — The Markets Or The Regulators?
In the banking industry, there’s a constant push-pull relationship between markets and regulators, especially when it comes to innovation. Digital banking is opening up new services for consumers, including personalized, on-the-go advice and swift, seamless payments to peers and merchants. Along with those services come concerns about privacy and who gets to control what data. In the U.S., we are relying on the market to find the right balance, while Europe and much of the rest of the world are turning to regulators—everyone is watching to see who will come up with the best solution.
The promise of truly digital banking is compelling. Eventually, consumers will be able to walk into their favorite big box store and have their digital wallet present them with the perfect coupon—chosen by an AI algorithm that has reviewed past purchases and can provide advice on which payment options are available. Or not. Consumers will also be able to choose to keep their information private.
But across the globe, different countries have very different views on how we’ll get there.
In the U.S., Visa’s recent $5.3 billion acquisition of fintech Plaid is a concrete sign that American financial services companies are doubling down on a market-driven approach to data sharing. The Plaid deal ranks as one of the largest fintech M&A deals in the last three years, an especially impressive price for a company founded only seven years ago. Some estimates are that—whether they know it or not—one in four Americans have used Plaid, an unseen middleman for online banking that connects consumer-facing apps with various bank services.
In addition to consumers allowing banks access to their data behind the scenes, digitization is starting to tap into the deeper pools of customer data available through services where consumers voluntarily allow access to their data in exchange for better deals. For example, Finicity helps consumers provide in-depth financial data to lenders, such as utility and rental payment history, which is more information than is available from the mainstream credit rating services so lenders can better assess consumers’ creditworthiness.
Major banking markets outside the U.S. have the same end goal of better digital connections and personal information controls, but rather than trusting the markets, they are traveling a regulatory-driven path to get there. In Europe, PSD2—the EU payments directive—requires banks to share customer data upon their request, which is unlocking a slew of new competitors and services. PSD2, and the broader Open Banking regulations in the U.K., give third-party companies the ability to access bank customer data and process payments on their behalf. While the original intent of PSD2 was to break the link between checking accounts and payments initiation, the reality is that well over 90% of the API calls are for data sharing rather than payments. The idea of connecting different accounts in the U.K. through well-regulated data sharing is now becoming common, with 40% of people under the age of 25 in the U.K. having at least one secondary bank account, typically with a new neobank like Monzo or Starling.
Last year, Australia followed suit with its Consumer Data Right legislation, which allows consumers to access their own transaction data, and more importantly, directly share it with banks and other providers. Although the implementation has been delayed, the intent is to provide customers with control of their banking, telecoms and utility information. Canada, Mexico and Brazil have similar Open Banking provisions in various stages of implementation, while India has gone one step further by founding its own government intermediary to gather and share consumer data known as the account aggregator.
To complement the data-sharing mandates, global regulators also require companies to offer increased individual control over private data. We are seeing this with the EU General Data Privacy Regulation (GDPR) that requires businesses that touch consumer data to guarantee certain protections or face large fines and other legal penalties.
The risk for the U.S. banking industry is that the pursuit of a market-driven framework holds an inherent conflict of interest for institutions sharing their customer data. The institutions that control the data—mainly traditional banks—have an incentive to not share their customer data, potentially throttling access to competitors and instead directing customers to their preferred services. We have already seen multiple examples of banks using ‘data privacy concerns’ as the reason to restrict access to third-party services. Under a market-driven approach, banks may decide to retain their customer data, ultimately stifling innovation and putting American consumers and banks behind their global counterparts.
That said, U.S. banks are under competitive pressure to improve. Last year, PayPal’s person-to-person payments service Venmo disclosed its volume grew 73% in one year. The evolution of small payments services like Uber Cash, where people park a modest amount of money with a vendor to pay for specific services, is another in a series of small nicks at big banks’ armor. Add the specter of Big Tech probing to enter consumer banking and there is an incentive to find a good market-driven solution. The development of the original Visa and Mastercard networks is evidence that market-driven data sharing solutions can work well. As we move towards embracing open banking in the U.S., we not only have Visa’s recent move to occupy a central role in data sharing but also trade organizations like the National Automated Clearing House Association (NACHA) seeking to standardize data access and sharing across accounts.
If that fails, there is the ultimate incentive to drive Open Banking for U.S. banks: regulation. We are already seeing it in some states with California’s Consumer Privacy Act, the Golden State’s twin to GDPR. Ultimately, the process of requiring consumer permission and controlling access to personal data is likely to evolve towards a blockchain-based solution. In that scenario, one’s digital identity sits in a secure online box that can be shared in specific and discreet ways, with consumers controlling what gets shared and knowing third-party access ends after a period of time. How quickly such a solution reaches banking consumers may depend on who is getting the balance right—the market or the regulators.