FDATA North America Highlights Importance of API Standards and Monitoring
September 29, 2022, Washington, DC -As both Canada and the United States continue to move towards open banking via APIs, it is essential that minimum API standards be set to ensure that consumers and SMEs have uninterrupted access to their financial data.
To this end, FDATA has developed four principles that will be critical to the design of a well-implemented API environment in North America. These principles cover data scope, reliability standards, fallback options, and the necessity of establishing a neutral monitoring agency. These principles can be found here, and below:
- Any non-proprietary data available to an end user through a data provider’s online customer portal or paper statement must also be required to be made available in any API a data provider implements in an open banking environment. At present, data providers unilaterally determine which data elements their customers can and cannot share with third parties. In a true open banking environment, the customer – not their financial services provider – is empowered to make this decision. Within the PSD2 framework in Europe, this has led to services being withdrawn as API functionality did not keep pace with pre-existing technologies.
- Any APIs built by data providers to facilitate data sharing in an open banking environment must, at a minimum, be as reliable as that data provider’s customer-facing online portal. Regulatory agencies in both Canada and the United States have understandably set prescriptive requirements regarding the uptime of online customer-facing portals at financial institutions to ensure that consumers and SMEs have continual access to their data. This same standard must apply in any open banking environment.
- To the extent data requested by a customer is not available through an API connection, a fallback option must be permitted to be used to access the requested data. The legal customer data right upon which an open banking environment is built cannot be ignored if a data element requested by a customer is not available through a data provider’s API or if that API is down or unresponsive. Screen scraping must be maintained as a fallback option that may be used to access any data not included in or available from a data provider’s API.
- A neutral entity must be responsible for regularly monitoring the robustness, reliability, and usability of data providers’ APIs in an open banking environment. A neutral entity should be tasked with the responsibility for regularly measuring and reporting, among other metrics: the uptime of all open banking providers’ APIs; whether all of the data available to the end user on the data provider’s online customer portal and/or paper statement is available through the API; the responsiveness of the API; whether the API is constructed in such a manner that it introduces unnecessary friction in the customer’s data connectivity journey. These measurements should be the basis upon which a fallback option is permitted. Ideally, these metrics would be made publicly available to facilitate the ability of end users to identify the effectiveness of their financial provider’s data sharing capabilities. Such an entity should come from outside of the sector itself in order to not be perceived as having their own fiduciary interest in the metrics delivered.
Issues related to API robustness, reliability, and user experience have stunted the growth of open banking use cases in multiple markets across the globe that have moved more quickly than North America toward implementing legally binding customer financial data rights. It has been evident from experiences in Europe, the United Kingdom and Australia that well-defined standards without equally well-defined systems to measure them in a way that all parties can agree to leads to increased friction and a technical overhead placed on the regulator which they may not be well-positioned to adjudicate. Ensuring at the outset minimum API requirements for any open banking data providers, as well as a neutral monitoring entity to measure the quality and reliability of those APIs, will prevent Canada and the United States from experiencing similar issues as we begin our own North American open banking journey.
FDATA North America Submits Comments to Canada’s Standing Committee on Finance Pre-2023 Budget Consultations
September 26, 2022, Washington, DC – Today, the Financial Data and Technology Association (FDATA) of North America submitted comments to Canada’s Standing Committee on Finance (FINA) as part of its pre-budget consultations in advance of the 2023 budget.
In its comments, FDATA North America called on the government to:
- Include language in Budget 2023 asserting the importance of governance in an open banking framework, and that any open banking governance entity must be neutral, transparent, and nimble;
- Allocate sufficient and sustained funding in Budget 2023 towards the implementation of an open banking framework and governance entity; and
- Include language in Budget 2023 outlining its approach to Open Finance, the next logical step after Open Banking, and the framework needed to truly unlock market innovation and competition to benefit Canadian consumers and businesses. This includes an amendment to the Canadian Payments Act to grant federally regulated payment service providers access to Payment Canada’s forthcoming real-time retail payment system and make them eligible for membership in Payments Canada.
In the submission, FDATA NA also asserted that any open banking governance entity in Canada must be neutral (i.e. not controlled by any particular stakeholder(s) with commercial interests in the ecosystem), transparent (i.e. it invites and considers stakeholder input and subjects its decisions to an open, publicly visible process), and nimble (i.e. capable of making binding decisions relatively quickly and without undue bureaucracy), with all stakeholders in the open banking system agreeing to comply with the decisions and determinations made by the open banking governance entity as a condition of being active in the market.
A full copy of the submission is available below:
FDATA North America 2023 Pre-Budget Consultations
Video Member Spotlight: Betterment
In this Member Spotlight, Betterment’s Associate General Counsel Josh Rubin explains how access to consumer-permissioned financial data is critical to Betterment’s ability to offer high quality, low-cost advice to everyday investors:
Video Member Spotlight: Trustly
In this interview, Trustly Americas President Pete Ohser explains how consumer-permissioned data access greatly expands options, lowers costs, and removes barriers to financial services, as well as detailing how Trustly has been working with the policymaking and banking communities to make open banking a reality:
FDATA North America Responds to Banking Trade Associations’ Petition Urging CFPB Supervision of Data Recipients
Contact: Kerrie Rushton, (202) 365-6338, [email protected]
August 2, 2022, Washington, DC -In response to the recent petition from several banking trade associations urging the Consumer Financial Protection Bureau to supervise both data aggregators and data recipients, FDATA is releasing the following statement:
“FDATA and its members have long advocated for the CFPB to supervise data aggregators as part of its 1033 rulemaking. The joint trades petition, however, calls for the Bureau to supervise aggregators and data recipients. This would require the Bureau to supervise thousands of additional entities — including scores of community banks and credit unions that are today acting as data recipients but are currently exempt from CFPB supervision.
FDATA continues to believe that the most appropriate path for the Bureau to oversee the consumer-permissioned data spec is to supervise aggregators and to promulgate third-party guidance laying out the CFPB’s expectations for the aggregators’ clients: the data recipients.”
Video Member Spotlight: Codat
Codat is a fintech that provides a universal API for small business data, which powers integration of products built by other software providers and financial institutions. In this interview, Gabby Macsweeney, Head of Communications and Public Policy, discussed how universal APIs can simplify business processes and inform financial wellness:
FDATA North America Submits Comments to Canada’s OSFI on Draft Guideline B-10: Third Party Risk Management
Contact: Kerrie Rushton, (202) 365-6338, [email protected]
June 29, 2022, Washington, DC -The Financial Data and Technology Association of North America today submitted comments in response to Canada’s Office of the Superintendent of Financial Institutions’ (OSFI) public consultation on Draft Guideline B-10: Third Party Risk Management.
The comment letter focused on the interplay between this draft consultation and the concurrent development of Canada’s open banking framework, particularly the importance of clearly distinguishing third-party providers from open banking providers that will be accredited under the new OB system.
The letter also stressed that since it is OSFI’s mandate to keep FRFIs and, by extension, Canada’s financial system, safe, sound, and secure, it is critical to distinguish third-party providers who directly work with Federally Regulated Financial Institutions (FRFIs), from providers serving consumers whose only relationship with a FRFI is accessing data about that consumer to provide the customer with the benefit of their product or service. For example, an FRFI may have a relationship with the data aggregator who is performing the function of data portability on behalf of that customer, but it most likely does not have a relationship with that budgeting application, and therefore could not reasonably oversee or be responsible for its operations.
The letter also expressed appreciation for OSFI’s clarification provided by a footnote at the end of the consultation, which recognizes that this draft guideline is not intended to impede the establishment of open banking, but stressed that this footnote alone does not satisfactorily address the need to ensure coordination of accreditation for open banking providers. We therefore suggested to OSFI that the most appropriate amendment to address this critically important issue would be to make unambiguously clear that accredited open banking providers under Canada’s open banking system are exempt from OSFI’s third-party risk management framework.
We also urged OSFI to create a specific carveout from B-10 for all accredited open banking providers under Canada’s open banking framework as part of this consultation, and before the new open banking system is implemented.
A copy of the letter is available here: FDATA NA Submission to OSFI on Draft Guidance B.10
ABOUT FDATA NORTH AMERICA
FDATA North America was founded in early 2018. Its members collectively provide tens of millions of consumers in Canada, the United States and Mexico with aggregation-based tools to better manage their finances.
Members include air (Alliance for Innovative Regulation), APImetrics, Basis Theory, Betterment, BillGO, Codat, Direct ID, Envestnet Yodlee, EQ Bank, Experian, finansystech, Fiserv, Flinks, Hank Payments, Interac, Intuit, Inverite, Kabbage, Mogo, Morningstsar, M Science, MX, Petal, Plaid, Questrade, RocketMortgage, SaltEdge, Trustly, ValidiFI, Vaultree, VoPay, Wealthica, Xero, and others.
Video Member Spotlight: Morningstar ByAllAccounts
This month’s FDATA Member Spotlight features Katy Gibson, Head of Product for Morningstar ByAllAccounts, who explains how access to customer-permissioned data is critical for their customers in the investment and wealth-management sectors.
Video Member Spotlight: Xero
FDATA North America member Xero is a cloud-based accounting software platform for small businesses with more than 3 million subscribers globally. This Member Spotlight interview features Faye Pang, Xero’s Country Manager for Canada.