Technology and Cyber Risk Management Archives - Financial Data and Technology Association (FDATA)

March 2, 2022by rebecca rebecca No Comments

FDATA North America Submits Letter to NIST on Draft Open Banking Report

March 2 2022, Washington, DC – Today, the Financial Data and Technology Association (FDATA) of North America submitted a comment letter to the US National Institute of Standards and Technology (NIST) on its draft report “Cybersecurity Considerations for Open Banking Technology and Emerging Standards.”

The letter expressed appreciation for the Institute’s research in this important policy space, but respectfully offered that this report, published in January, would significantly benefit from expanded input from market and government stakeholders to appropriately frame the current open banking environment in the United States as well as to accurately reflect the significant regulatory attention that has already been given to this space.

The letter states that “as one of the earliest federal government research publications on open banking, it is crucial that this report accurately define and describe all the elements of open banking that are relevant to policymakers. Unfortunately, in many cases we believe that NISTIR 8389 falls short. From the onset, the definition and framing of open banking is too narrow, and critical distinctions between customer-permissioned data access – the foundation of open banking – and non-permissioned data mining, as well as the important differences between propriety and non-proprietary data, are insufficiently distinguished. Use cases are inaccurately described, and the full impact of Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act on the development of open banking in the United States could be better articulated.”

FDATA NA is concerned that certain errors and omissions in this paper could misinform both the public and key policymakers as they develop open banking regulations. In the absence of this meaningful stakeholder engagement, we are concerned that this draft paper also does not fully appreciate the market and regulatory environment in which open banking use cases are currently delivered to consumers and small businesses in the United States today and will be in the future. Our letter therefore urged NIST to consider input from key stakeholders and republish a revised version of this report.

FDATA Response to NISTIR 8389

ABOUT FDATA NORTH AMERICA
FDATA was heavily involved in the UK Open Banking Working Group in 2015. In 2016, the working group’s output was published by Her Majesty’s Treasury as the Open Banking Standard. FDATA North America was founded in early 2018. Its members collectively provide tens of millions of consumers in Canada, the United States, and Mexico with aggregation-based tools to better manage their finances.

Members include air (Alliance for Innovative Regulation), APImetrics, Basis Theory, Betterment, BillGo, Codat, Direct ID, Envestnet Yodlee, Equitable Bank, Experian, Finansystech, Fiserv, Flinks, Interac, Intuit, Inverite, Kabbage, Mogo, Morningstsar, M Science, MX, Petal, Plaid, Questrade, Rocket Mortgage, SaltEdge, Trustly, ValidiFI, Vaultree, VoPay, Wealthica, Xero, and others.

February 22, 2022by rebecca rebecca No Comments

FDATA North America Submits Comments to Canada’s Department of Finance in Response to 2022 Budget Consultation

February 22, 2022, Washington, DC – Today, the Financial Data and Technology Association (FDATA) of North America submitted comments to the Canadian Department of Finance, Finance Minister Chrystia Freeland and Associate Minister Boissonnault as part of the Canadian government’s 2022 Pre-Budget consultation.

With the resumption of Parliament, and Budget 2022 planning well underway, our letter urged the Department to fully implement all phases of the Advisory Committee on Open Banking’s recommendations, which lay out a thoughtful, well-researched approach to building a “made in Canada” open finance system that puts consumers and small businesses at the center of a more competitive financial marketplace.

Our letter also clarified that the first step to achieving this important goal, and to provide market stakeholders with a legally binding policy framework under which such a regime can be delivered, is to appoint an Open Banking Lead, which should be responsible for working with industry and government stakeholders to create the policy and governance standards under which open finance can be delivered in early 2023.

We also called on the government to begin work on the Advisory Committee’s second phase, which must include write access – a critical component of account creation and account switching capabilities – as well as modernization of the Canadian Payments Act to ensure payments service providers, including credit unions and fintechs, have access to the critical Payments Canada system. As we say in the letter, these are thorny issues which require much consideration and engagement and will take time to get right.

FDATA Finance Canada Budget 2022 submission

February 7, 2022by rebecca rebecca No Comments

FDATA North America Submits Comments to OSFI’s Consultation on Technology and Cyber Risk Management

February 7, 2022, Washington, DC – Today, the Financial Data and Technology Association (FDATA) of North America submitted comments to the Office of the Superintendent of Financial Institutions (OSFI) as part of its public consultation on Draft Guidance B-13: Technology and Cyber Risk Management.

Throughout the response, FDATA North America discussed the interplay between B-13 and the development of open banking in Canada, particularly that the harmonization of efforts between the Department of Finance’s open banking work and OSFI’s approach to third-party cybersecurity risk will be essential. FDATA North America’s Executive Director Steve Boms noted that as OSFI develops its technology guidelines for third-party technology partners to banks, “we respectfully offer that significant consideration has already been undertaken on this issue by the Department of Finance, and stakeholders would benefit from some form of public documentation that clearly distinguishes OSFI’s authority and responsibilities with regards to third-party financial technology providers from those of the Department of Finance as it works to implement a Canadian open banking system.” Boms noted that publicly clarifying how these two projects will interact will provide clear direction to the marketplace about how third-party providers can continue to offer their valuable financial services and products in an innovative, competitive marketplace.

Additionally, FDATA North America touched on the importance of clarification from OSFI that providers with whom consumers engage directly, without any intervention from their federally regulated financial institution (FRFI), do not fall under the B-13 framework. Thus, the goal of the consultation should be to ensure that FRFIs third-party risk management requirements mirror their ability to oversee entities with whom they have direct relationships, and not to overburden FRFIs with system-wide oversight that instead “should fall to a collaborative regulatory effort including Finance Canada’s open banking accreditation regime.”

Boms concluded by noting that in order to facilitate enhanced market competition and customer choice, “it is imperative that OSFI with the Department of Finance to harmonize regulatory expectations of customer-selected financial providers as open banking takes hold in Canada.”

FDATA North America Submission to OSFI’s B-13 Consultation on Technology and Cyber Risk Management