There Are Still a Few Pirates Left in Fintech
By Alex Johnson
3 FINTECH NEWS STORIES
It! It happened! It finally happened!
The Consumer Financial Protection Bureau (CFPB) proposed a rule that would accelerate a shift toward open banking, where consumers would have control over data about their financial lives and would gain new protections against companies misusing their data.
“With the right consumer protections in place, a shift toward open and decentralized banking can supercharge competition, improve financial products and services, and discourage junk fees,” said CFPB Director Rohit Chopra. “Today, we are proposing a rule to give consumers the power to walk away from bad service and choose the financial institutions that offer the best products and prices.”
I have not read all 299 pages of the proposed rules yet. I tried to convince my kids to play a fun game – sit quietly while dad reads the Required Rulemaking on Personal Financial Data Rights out loud – but no dice.
I’ll have more detailed thoughts in future newsletters, but in the meantime, here are a few questions and observations, building on the essay that I published a few weeks ago:
- The CFPB is really focused on encouraging competition. The rules mandate data sharing for products covered by Reg E (deposit) and Reg Z (credit cards), but not other financial products (auto loans, mortgages, brokerage accounts, etc.) The bureau’s stated reason for this is that data from those other financial products “does not typically support transaction-based underwriting … or payment facilitation.” Translation – we only care about open banking if it helps consumers switch providers for financial products they use on a regular basis.
- The rules would not allow data providers to charge for data access, which is interesting given that a bunch of the big data providers (i.e. the big banks) are partial owners of Akoya, a data aggregator. Will they be required to divest their ownership stakes?
- Speaking of Akoya, it seems likely that PNC will have to back down from its plan to restrict data access through any service provider besides Akoya. The rules clearly state that data providers must offer a developer interface (i.e. API) in a “commercially reasonable manner” and without any “unreasonable access caps.” Fidelity, which instituted a similar requirement to use Akoya, would seem to be in the clear for the moment since it does not provide Reg E or Reg Z products.
- This excerpt from the rules, outlining why the CFPB thinks that the industry will voluntarily build developer interfaces for non-covered financial products, was laugh-out-loud funny to me – “Once developer interfaces have been established by data providers with respect to covered data, it will be more efficient for these data providers to provide access to other data types via the same developer interface. And, as the infrastructure for establishing and using developer interfaces embeds itself in the market for accessing consumer financial data, data providers outside the scope of the proposed rule will face competitive pressure to adopt and use developer interfaces as well.”
- The CFPB seems very concerned about the lack of truly objective industry standards for data sharing, which (it argues) inhibits the standard-setting bodies that do exist (FDX) from doing everything they should be doing (liability apportionment, accreditation, etc.) They also argue that this lack of standards gives data aggregators more market power than they would otherwise have, which can lead to less competition and more rent-seeking.
- How do the rules apply to fintech companies as data providers? It’s not super clear to me. As far as I can tell, fintech companies with more than $10 billion in annual revenue (think Apple and Block) would be required to make their covered data available via API within six months of the final rules being published, with all other fintech companies needing to be in compliance six months after that. But it seems like there might be some room for shenanigans from fintech companies (which are quietly just as reluctant to share customer data as banks are) to drag things out. Related – BaaS sponsor banks wouldn’t be required to be in compliance with the rules until 2.5 to 4 years after the final rules are published (depending on their size).
#2: A Good (Basis) Point
A fintech company focused on the accounting industry raised a seed round:
[Basis is] excited to announce the Basis Platform and our $3.6M seed round led by Better Tomorrow Ventures with participation from BoxGroup, Avid Ventures, several top accounting firms, and leaders from the accounting and machine learning communities.
The premise at Basis is that large language models (which are quickly becoming large multimodal models) have the potential to transform accounting workflows:
The emergent abilities of large ML models to reason through tasks and solve complex problems will change the very nature of work for accounting and finance professionals. Accountants will have a team of AI assistants working both alongside them and autonomously, completing core workflows end-to-end. This will not only ease the accountant shortage and allow accountants to focus on advice, judgment, and strategy, but it will dramatically improve the quality of service and array of offerings that accountants can provide their clients.
I think this is a really good point. In fact, I wrote about the same idea in last week’s essay.
The ability to embed generalized reasoning and judgment directly into workflows is a big change from how we’ve historically built software. It has the potential to dramatically reduce companies’ operating costs (by both eliminating human intervention and augmenting human workflows), but it will also require a fundamental rethinking of how we design systems and processes. You can’t simply ‘bolt on a chatbot,’ as Basis rightly points out.
And accounting – a core function at every company that sits upstream from a bunch of very important systems and processes – is a smart place to start.
#3: There Are Still a Few Pirates Left in Fintech
Teller, a data aggregator, released a new product:
Today we are excited to announce Bridge, our new product for bringing Zelle to neobanks and other types of non-bank fintech companies that issue their own debit cards and have been historically excluded from Zelle.
Despite not being a direct member of Zelle, with Bridge you can now enroll your users using the debit card PANs you’ve issued them. When a user sends money, their card is debited, and any incoming funds are immediately pushed to their card. In effect the debit card serves as both the entry and exit points to the Zelle network.
Zelle is owned and operated by Early Warning Services (EWS), which is, itself, owned by a consortium of large U.S. banks. Given its ownership structure (and the generally anti-competitive mindset of most bank consortiums), you won’t be surprised to learn that Zelle is not available for fintech companies to offer to their customers.
I don’t see this as an especially big problem given that A.) no one makes money offering P2P payments, B.) most consumers who need P2P payments functionality already have it, and C.) there are a variety of non-Zelle options for neobanks that want to offer P2P payments anyway (Varo has already found two different ways and is likely searching for more).
But cool, I guess. Now fintech companies can embed the magic of Zelle directly inside their apps.
The part of this story that I’m more interested in is how Teller is doing this.
Their product announcement is a bit light on details, but given that EWS is intentionally keeping Zelle away from fintech and is, therefore, unlikely to partner with Teller, my best guess is that Teller is hacking into Zelle via Zelle’s standalone app, which allows consumers that don’t already have a bank that offers Zelle to use the service via their debit cards.
And if you think the term ‘hacking’ is too strong, here’s a story about the CEO of Teller tweeting about his attempt to scrape data from Lloyds bank:
Sitting in his humid Soho office, surrounded by screens and Diet Coke cans, he tapped out a tweet.
“The Lloyds app is watertight, clearly some brilliant security folks have worked on it. I think they’ve been too smart for their good tho 👀 ”
Ten minutes later the official Lloyds Twitter account replied. “Put the hammer down & stop trying to break our lovely mobile app, we’d really appreciate it!! Thanks.”
Recalling the incident, [Stevie] Graham laughs. The Lloyds app is still giving him trouble, but he’s not going to stop until he’s cracked it. “There’s no company in the world that can stop us popping their app,” he says. “You can be the best at securing it, but when the best at popping it comes along, they’re going to pop it.”
(BTW, the whole Wired article is absolutely wild and worth a quick read).
This buccaneer attitude feels downright foreign in today’s fintech ecosystem, which is interesting given that much of what we take for granted in fintech today (open banking, BaaS, commission-free stock trading, etc.) was built by pirates who had a certain disregard for the rules.
But alas, the pirates have (for the most part) become privateers.
Personally, I’m happy that fintech has moved on from the pirate ethos and has embraced a more responsible posture, consistent with the important role it plays in the lives of its customers.
If I was building a P2P payments capability into my app, I think I’d prioritize using established infrastructure that I know will work consistently for the foreseeable future (like Visa Direct) over hacked-together infrastructure that seems intent on making a point and that could be disabled at any point in the future.
But maybe a flood of fintech Zelle product launches over the next 12 months will prove me wrong!
2 FINTECH CONTENT RECOMMENDATIONS
#1: The New AI Landscape in VC (by Daniel Kimerling, Deciens Capital) 📚
Smart and brutally honest stuff here from Dan, on a topic that needs it.
My favorite observation – “Being able to build a proprietary, extensible, and valuable data corpus remains the primary point of operating leverage and value creation in this new world.”
My favorite quote – “The human ability to engage in speculative excess seems to know no bounds.”
#2: Fundraising for fintech infra is different (by Matt Brown, Matrix Partners) 📚
Really interesting advice on how to pitch fintech infrastructure to VCs. The points about not being afraid to fire customers and the importance of professional services were especially resonant.
1 QUESTION TO PONDER
What’s one fintech thing (a product, a company, a regulatory change, etc.) that you’d like to be able to just magically wish into existence?