September 23, 2021, Washington, DC – Today, the Financial Data and Technology Association (FDATA) of North America submitted comments to the US financial regulators as part of their proposed interagency guidance and request for comment on managing risks associated with third party relationships. The Federal Reserve, Federal Deposit Insurance Corporation (FDIC), and Office of the Comptroller of the Currency (OCC) sought comments on proposed guidance on sound risk management principles for banking organizations to consider in developing risk management practices for third-party relationships. In its response, FDATA North America expressed that streamlining the ability for banks to partner with third-party providers will be critical to the survival of small and community banks in the United States and to the financial wellness of their customers.
Throughout the submission, FDATA North America Executive Director Steve Boms discussed the scope, tailored approach, and information security around these relationships from the perspective of the aggregation and fintech community. “Though the proposed guidance is directed toward insured depository institutions, it directly impacts third-party providers which [FDATA North America] represents and, by extension their customers,” Boms stated.
Additionally, Boms discussed concern that the OCC’s 2020 FAQs on third-party risk management guidance have increased the complexity of bilateral data access agreement negotiations, thus creating an environment in which “the largest financial institutions are in a position of increased control over whether and how their customers will have the ability so share access to their financial data.” Therefore, Boms expressed that a solution to this problem would be to remove the interpretive role banks play today in this space through the creation of a regulatory structure in which prudential regulators “supervise and retain full responsibility for interactions only between banks and data aggregators,” while the Consumer Financial Protection Bureau (CFPB), upon finalization of a rule under Section 1033 of the Dodd-Frank Act, “is similarly responsible for supervising the relationship between data aggregators and third-party providers, and by extension, the end users.” Doing so, Boms stated, would eliminate the “legal grey area” which is currently stifling the growth and innovation of third-party financial tools to the detriment of US consumers.
FDATA North America urged the agencies to embrace the letter and spirit of the July 2021 Executive Order on promoting competition in the American economy and ensure that any policy changes resulting from the development of this guidance do not interfere with the goals set out in the Order.
FDATA North America submission to financial regulators’ request for comment on third-party relationships
ABOUT FDATA NORTH AMERICA
FDATA was heavily involved in the UK Open Banking Working Group in 2015. In 2016, the working group’s output was published by Her Majesty’s Treasury as the Open Banking Standard. FDATA North America was founded in early 2018. Its members collectively provide tens of millions of consumers in Canada, the United States and Mexico with aggregation-based tools to better manage their finances.
Members include air (Alliance for Innovative Regulation), APImetrics, Basis Theory, Betterment, BillGo, Codat, Direct ID, Envestnet Yodlee, EQ Bank, Experian, Fiserv, Flinks, Interac, Intuit, Inverite, Kabbage, Mogo, Morningstsar, M Science, MX, Petal, Plaid, Questrade, Rocket Mortgage, SaltEdge, Trustly, ValidiFI, VoPay, Wealthica, Xero, and others.