Quick favor: Our records indicate that you aren’t opening this email. But records can be wrong. Please click here if you’d like to remain subscribed to Fintech Takes.
{/if}
Happy Monday, Fintech Fans!
I hope you had a lovely weekend.
Mine was consumed by a war. A war that I did not ask for. A war that I did not want. But a war that I am determined to win.
There’s a wasp nest in the wall of my house.
Not a pleasant situation to deal with. It has involved the use of fly swatters and chemical agents. It has led to the removal of several different trees and bushes. It has, fortunately, not resulted in any stings (yet), but we still have a long way to go.
But that’s fine with me. I am in this for the long haul. I will not rest until my enemy has been defeated, utterly.
As the old saying goes, a man’s home is his castle.
- Alex
P.S. — On the subject of preparing for battle, I think it’s a very good time for lenders to be thinking about how they will handle the inevitable turn in the credit cycle (whenever that happens and whatever it looks like). I’m going to be talking about that with TruStage and the Financial Health Network on November 6th. If you’re available, please register to join us! (BTW, everyone who registers will have the chance to win one of these awesome Fintech Takes hoodies, which are equally good at keeping you warm and protecting you from wasps (I speak from personal experience here).
#1: The Open Banking Fight You’re Not Paying Attention To
What happened?
Fidelity is (quietly) winning its war against open banking:
For years, employees with workplace retirement plans like 401(k)s were largely expected to choose investments from a menu provided by the investment companies hired by their employer and then manage the investments on their own.
But now, upstart financial technology firms are connecting outside financial advisers to employer-sponsored plans, allowing the advisers to take steps like rebalancing accounts on behalf of their clients.
At least one investment company is resisting the financial tech firms’ moves. And both employees and the outside advisers are finding themselves caught in a tug of war over who can manage these retirement accounts and how they do it.
Fidelity Investments, the country’s biggest 401(k) administrator, has been warning investors in these plans that they may lose online access to their accounts, and that it could even void certain customer protections, if they share their online credentials with firms offering such tools.
One investor who was temporarily locked out of his account at Fidelity was Kelly Havins, 63, a grocery brand consultant in Phoenix. Mr. Havins said he had hired a financial adviser who offers 401(k) management through a service provided by a technology firm called Pontera. “I don’t have the time or the understanding” to manage investments, he said.
In late August, Mr. Havins received a letter from Fidelity, saying that because he had shared his login with an outside provider, he had to contact the company to reset his credentials — or risk being barred from online access to his 401(k).
So what?
Allow me to put this into a more familiar open banking context for you.
Fidelity is JPMorgan Chase. It’s the 800-pound gorilla that has all the accounts. Pontera is Plaid, circa 2016. It’s using screen scraping to access Fidelity’s data, using the end consumers’ credentials (and with their permission). And the outside financial advisors are the fintechs. They are using consumer-permissioned data to improve their services and to compete with Fidelity for the consumers’ broader financial advisory business.
The arguments from all sides sound familiar as well.
Fidelity argues that screen scraping is a data security risk and that it is often used in ways that end consumers do not authorize or even know about. The outside financial advisors argue that consumer-permissioned read/write access to 401Ks is essential for them to do their jobs. Pontera and its fellow aggregators argue that it’s the consumers’ data and they should have the right to share it with whomever they want.
Pontera also argues that it has tried to move beyond screen scraping, but Fidelity didn’t want to play ball:
Pontera said that a year ago, it offered to create an API and customize its access to Fidelity accounts, but that Fidelity had not responded to its request.
I find this last argument — that Pontera tried to establish a more secure API integration with Fidelity, but was rebuffed — to be credible because this isn’t the first time Fidelity has flexed its market power to reshape the consumer data sharing landscape.
Do you guys remember this story from October of 2023:
Fidelity … has taken by far the most aggressive steps to limit data sharing outside of Akoya. The brokerage serves 37.1 million retail accounts, 40.9 million workplace accounts, and 8.2 million accounts managed by wealth management firms and has some $10.3 trillion in assets under management.
Over the summer, Fidelity began notifying third-parties that access its customers’ data that they had until October 1 — today — to transition to Akoya or lose access.
PNC Bank, which was the other big financial services incumbent that tried to play hardball in late 2023, ultimately backed off its threat to cut off access to anyone using a non-Akoya data aggregator (likely at the urging of the Chopra CFPB).
However, from what I can tell, Fidelity actually did cut off access to anyone trying to access its data without going through Akoya!
(Editor’s Note — In case you are unaware, Akoya is a data aggregator that was incubated by Fidelity and then spun out as a separate company, and is now owned by Fidelity and a consortium of big banks, including JPMorgan Chase, Wells Fargo, Bank of America, and PNC.)
Indeed, the company brags about it pretty openly, claiming that nearly 100% of consumer-directed data sharing happens through Fidelity APIs (I’m guessing either directly to Fidelity’s OAuth connection or through Akoya).
Now, seemingly, Fidelity is trying to stamp out the last bits of resistance to its open banking plan, which … isn’t great!
If this were just about getting rid of screen scraping, it would be fine. But that’s not what this is about. If it were, Fidelity would have APIs and data access agreements with all of the major data aggregators, including the ones like Pontera that are specifically focused on wealth management.
The fact that it does not, coupled with its recent history of anticompetitive shenanigans using Akoya, tells me that this is just about control.
Visa is prepping for AI holiday shoppers with a new "Trusted Agent Protocol" that helps retailers distinguish legitimate AI shopping agents from malicious bots, the payments giant exclusively told Axios.
AI-fueled shopping is rising fast and Visa's move could lay the groundwork for "agentic commerce" — when your digital assistant can safely browse, compare and buy on your behalf.
Visa developed the open protocol with Cloudflare and support from partners including Microsoft, Shopify and Adyen.
It's meant to help merchants manage a surge in AI-driven shopping activity — up 4,700% year-over-year, according to Visa — without blocking legitimate agents or requiring major checkout changes.
So what?
Agentic commerce protocols are all the rage these days. Indeed, if you’re working in payments and you haven’t yet partnered with Cloudflare and Shopify to develop and launch an agentic commerce protocol, you should probably just pack it up and go home.
(Editor’s Note — Sarcasm.)
Visa’s Trusted Agent Protocol, or TAP, helps merchants establish trust with AI agents in much the same way that web browsers establish trust in websites via HTTPS and digital certificates:
An approved agent (onboarded by Visa or whatever company is operating the agent registry) receives cryptographic credentials.
When that agent interacts with a merchant (e.g., browsing, adding to cart, paying), it includes a signed request: a digital signature that proves the agent’s identity and the intended action (intent). And it binds it to the merchant domain/transaction context.
The merchant (or the merchant’s infrastructure) verifies the signature, checks the intent, ensures the consumer recognition data (if provided) is valid, and then allows the agent‐driven commerce transaction to proceed accordingly.
TAP is designed to solve a very narrow problem: how can merchants (which are currently overwhelmed by fraudulent and scammy bots) identify trusted AI agents, working on behalf of legitimate human customers?
It does not solve for the broader set of technical integration challenges around the online shopping and checkout processes that exist between AI agents and merchants. That’s what Stripe and OpenAI are working on.
It does not go quite so far as to mandate the actual payment, made by an AI agent on behalf of a human user. Google and a gaggle of design partners are working on that.
And it does not address the question of who is liable if the AI agent makes a mistake, which (shockingly) is a challenge that no company has stepped up to try and solve yet.
Instead, Visa is just trying to help merchants sort the bad bots from the good bots.
I’ll be curious to see how it’s operationalized. Which company (or companies) will onboard legitimate agents and manage the agent registry? How will the end user’s consent be captured (and will merchants be able to rely on that data when fighting chargebacks)? Will Visa be able to make this a standard that Mastercard and its other competitors get on board with?
The financial-technology firm Plaid Inc. is launching a credit-score service to provide banks and fintechs more detailed and timely information on consumers’ financial health.
Plaid — whose services connect banks and fintechs — is launching LendScore, a rating that will range from 1-99 with a particular focus on helping lenders serving subprime and near-prime consumers, according to a statement Wednesday.
Real-time cash-flow data will be used to generate the ratings, unlike other scores that may present a delayed assessment of a consumer’s creditworthiness. Traditional scores typically take into account factors such as payment history and age, as well as varieties of credit already utilized and to what extent. Cash-flow data is different, given its timeliness.
So what?
This is not terribly surprising. It has been clear for quite some time that Plaid’s best path forward is to move up the stack, away from data aggregation (which is becoming more expensive as it signs deals to pay for data) and towards value-added services like pay by bank, fraud detection, and, of course, cash flow underwriting.
While it has been operating as a consumer reporting agency (CRA) for the last couple of years, Plaid has not offered a credit score on top of its cash flow data. Indeed, Plaid has established distribution partnerships with Experian and Prism Data (both of which offer their own cash flow credit scores).
My understanding is that the Experian and Prism partnerships will continue, but still. It’s hard not to think about this news in the context of the traditional credit bureaus, VantageScore, and FICO.
Quick refresher. FICO launched its general-purpose credit score in 1989. Since then, the score has almost exclusively been distributed by the big three traditional credit bureaus (Experian, Equifax, and TransUnion). In 1995, FICO was gifted a monopoly on selling credit scores to mortgage lenders by Freddie Mac and Fannie Mae. This monopoly quickly led to FICO becoming the industry standard for credit scoring across all consumer lending products (not just mortgage). However, it took the credit bureaus 11 years to realize the mistake they made in allowing FICO to seize that role for itself (they launched the VantageScore in 2006), and it took almost two more decades before the bureaus were able to claw back the mere right to compete with FICO in the mortgage space (which I have been writing about a lot recently).
Plaid is obviously keen to avoid making the same mistake that the credit bureaus made. It has no interest in allowing another company to become the FICO of cash flow underwriting.
In fact, the company is advancing a vertically-integrated vision of cash flow underwriting (and open banking, more broadly) that the credit bureaus, with their commoditized, modular, and heavily competitive product sets, can only dream about.
Plaid’s LendScore is only available to lenders that use Plaid to pull the bank transaction data that powers it. The company argues that this requirement, which is very unusual in the cash flow underwriting world, is necessary because of the nature of the score and the analytic insights it’s built on.
While a majority of the score’s predictive power is derived from the end consumer’s bank transaction data (inflows and outflows), a decent chunk (roughly 20%) comes from Plaid’s “network insights”. These are essentially everything else that Plaid knows about a consumer, based on their prior history of connecting accounts through Plaid. For example, Plaid has found that if a consumer has attached a couple of wealth management accounts to their bank account, they are likely to be lower risk. However, if a consumer has attached 10 wealth management accounts to their bank account, or has attached a wealth management account in the last week, they are likely to be higher risk.
I’m not sure why that would be. Perhaps the person with 10 wealth management accounts is an inveterate gambler? Perhaps the person with one recently connected wealth management account is trying to borrow money to increase their leverage on a risky investment?
I don’t know. But that’s exactly the point. Plaid doesn’t know either.
In lending, there are risk signals that are predictive and intuitive (e.g., history of on-time payments, history of positive cash flow, etc.) And then there are risk signals that are predictive, but not overly intuitive. These are the signals that often get uncovered through the use of clever machine learning algorithms. A good example, from the world of traditional credit data, is inquiries. We know that the number of times someone has applied for credit within the last couple of years is correlated with their overall risk level, but it’s not perfectly obvious why that is. It’s just something that the math tells us is true.
Given the scale of its network and the amount of traffic that goes over it, Plaid has a lot of data that it can apply math to in order to find interesting correlations. As long as lenders using Plaid’s score can explain when and how attributes based on those correlations lead to declined applications (i.e., adverse action), and those attributes don’t lead to a disparate impact for protected classes (Plaid partnered with FairPlay to help on this front), it can leverage these network insights to enrich and differentiate its score.
(Editor’s Note — Beyond FCRA and Reg B compliance, there is a broader societal question about what data is fair for lenders to use when evaluating a consumer for credit. I think cash flow underwriting will present some interesting tests on this front. Will consumers think it’s fair if they are declined because they have too many of a certain type of account connected to their bank account? To be determined!)
Plaid, like most analytic providers in the cash flow underwriting space, is positioning its new score as a tool that should be used in addition to traditional credit data and FICO/VantageScore. In addition to its own data, Plaid’s score is trained on unsecured credit tradelines purchased from the credit bureaus. This means that it is likely best used by lenders originating unsecured credit products (personal loans, credit cards, etc.) rather than secured products. However, that could change in future versions of the score, especially if Plaid decides to start collecting performance data through a consortium, as many of its competitors already do.
{ad_content_secondary}
MONEY20/20 SPOTLIGHT
It’s officially Money 20/20 season, which means I’ll be highlighting a handful of sessions, meetups, and happenings in every newsletter.
I’m thrilled to be moderating this discussion at Money20/20, featuring the head of fraud at Varo and the co-founders and CEOs of SentiLink and Oscilar.
Join Luke Voiles (CEO of Pipe) and yours truly for an intimate evening of sushi, sake, and smart conversation. It’ll be an exclusive gathering of fintech execs and leaders. Space is limited; request to join us here.
Start the AM with lending leaders unpacking the real-world journey of cash flow analytics (where to begin, how to apply it, and what it takes to make it work). Breakfast, networking, and discussion included! RSVP here.
Small panel conversation featuring Jane Barratt (Chief Advocacy Officer, MX) and yours truly (among others!), followed by drinks and hors d’oeuvres at The Grand Lux Cafe, Venetian. RSVP here.
Come for the conversation on the future of embedded finance and small business lending. Stay for the one-on-one conversations (over drinks and appetizers, of course!)
Join Salman Syed (CEO of Astrada) and yours truly for a lively AM conversation on data, AI and open banking. Who will win as the battle lines are redrawn? Bring your hunger and curiosity to Bouchon at The Venetian. RSVP here.
Crypto folks tend to equate any objection to yield-bearing stablecoins (which, to be clear, were clearly not intended by Congress to exist in a post-GENIUS world) as simple community bank protectionism.
There’s some truth to that, certainly, but it’s also overly simplistic.
I don’t believe that community banks have an inherent right to exist or should be shielded from competition. However, I do believe that the unique credit creation role of community banks should be protected.
Or, as Andrew wrote in this very good and well-researched piece, “Protect Credit, Not Banks.”
We have mobile sports betting, thanks to the U.S. Supreme Court’s epic fuckup in 2018. We have national sports betting via prediction markets (including parlays! Wow, what a feat of financial engineering!) because the folks working at the CFTC have apparently just decided to stop doing their goddamn jobs?!? And we will apparently be getting “Performance Securities” because a company called InPlay Global thinks that it can convince the SEC to be as pathetically inept as the CFTC is in regulating novel forms of sports betting.
I absolutely hate it here.
And this paper (h/t: Kelvin Chen for finding it) is yet another example of why I care so much about this topic. The author finds that following sports betting legalization, states experience a higher rate of cases of child maltreatment. He speculates that the cause of this increase in maltreatment is a combination of the amplification of emotional cues from bad sports/betting outcomes and the family stress of accumulated financial hardship.
There are a TON of interesting questions being asked in the Fintech Takes Network. I’ll share one question, sourced from the Network, each week. However, if you’d like to join the conversation, please apply to join the Fintech Takes Network.
Should Congress place CARD Act-like restrictions on young consumers’ ability to use BNPL (and on BNPL companies' ability to market to young people)?
If you have any thoughts on this question, reply to this email or DM me in the Fintech Takes Network!
FINTECH TAKES: BUILDERS SUMMIT
As you may know, Fintech Takes is hosting our first-ever in-person event on November 12th and 13th in the mountains outside Bozeman, Montana.
The Fintech Takes: Builders Summit is the industry event that I’ve always wanted, but have never quite been able to find. We are bringing together experienced founders and operators from banking and fintech — the folks who are actually building products in our industry — and giving them the content and networking opportunities they need to find (and understand) the next big problem they are going to tackle.
If that sounds like something you’d be interested in participating in, apply to attend or hit reply to this email to get more information on sponsorship opportunities. We still have room, but it is going fast!
Thanks for the read! Let me know what you thought by replying back to this email.
— Alex
{if profile.vars.rh_reflink_11}
Share with Fintech Takes, get cool stuff!
Have friends who'd love Fintech Takes too? Click the link below to share with your friends and get awesome rewards when they subscribe!
PS: You have referred {{profile.vars.rh_totref_11}} people so far
