Anyone who’s paid attention to the issue of 90-Day Reauthentication in the last three years since PSD2 went live in the European market is bound to have noticed the unexplainable and seemingly irrational conflicts that sit within the legal text that frames out the Regulatory Technical Standards (RTS) on Strong Customer Authentication (SCA).
Member Spotlight: Fiserv
Established in 1984, Fiserv is a leading global provider of payments and financial services technology, including data aggregation. Today, the firm, which has been named among Fortune “World’s Most Admired Companies” for eight years running, helps thousands of financial institutions, millions of businesses, and tens of millions of consumers in more than 100 countries move money and access information.
Fiserv is among the world’s most admired companies for good reason. Just consider, for example, how it has revolutionized consumer financial management. The company has made pioneering contributions in digital banking, electronic bill payment, person-to-person payments, and invented the e-bill.
Fiserv understands that consumers are not thinking about financial data – they’re thinking about buying a home or putting a child through college – or if they have enough money in their bank account to go out to dinner tonight and still cover the bill payment that is due tomorrow. Data is at the heart of what Fiserv does every day. From moving more than $75 trillion each year to delivering a better customer experience to preventing fraud, Fiserv enables today’s digital economy while solving real-world problems for real people and real institutions.
Leading financial institutions and technology providers use AllData® Aggregation from Fiserv to access real time consumer financial data from more than 18,000 unique data sources. Given data security and regulatory compliance are crucial, Fiserv is also focused on reducing risk associated with data sharing via its AllData® Connect product.
Fiserv plays a unique role in the market as both an aggregator and data source – with a client list that includes thousands of banks and credit unions. A range of companies as well as consumers rely on account aggregation solutions from Fiserv, from fintechs disbursing wages on-demand, to lenders automating and expediting the lending process, to financial institutions helping customers gain insight into investments and spending. Fiserv brings decades of data aggregation expertise to the industry, striving to improve the secure exchange of financial data, and deliver value to clients and consumers while helping move the industry forward.
Find out more about Fiserv at www.fiserv.com/alldata.
CDR RULES EXPANSION AMENDMENTS – SUBMISSION
Open Finance, a precursor to the Consumer Data Right began as a grassroots movement, campaigning for the legal rights of consumers and businesses to have control of their financial data and to be able to share this data with businesses of their choice digitally. It is part of a broader suite of Open Data initiatives, aimed at empowering consumers and small businesses to access, change and benefit from the data held about them by governments and institutions.
The initiative has gathered considerable momentum; various markets around the world are assessing, adopting or implementing laws and regulations to support it. In the EU, Canada, USA, Mexico, Brazil, India, Japan, Australia, Russia, New Zealand, South Korea, Singapore and many other significant markets are already at varying stages of review, policy development or implementation.
Despite these positive market developments, there is still much to understand about the versatility of Open Data, Open Finance and Data Portability to unlock economic potential and to improve the financial wellbeing of customers. In addition to exploring these opportunities, there are also risks and ethical considerations which will be critical factors for governments and regulators in developing policies and regulatory reform moving forward.
Research is needed to understand, measure and forecast the considerable impact of Data Portability on society and to shape public policy to ensure a Consumer Data Right creates positive disruption and the appropriate flows of capital allocation in markets, as well as to assess the techniques of regulation.
FDATA wishes to commend the efforts of the Australian Government in the continuing consultation with Industry and the release of the latest version of rules that will form Australia’s Consumer Data Right. Various groups have supported these works intending to design and develop a fit-for-purpose solution.
To arrive at the most suitable solution for Australia, working with such groups of expertise and enthusiasm, along with a comprehensive suite of participants, is essential. Globally, FDATA has provided comprehensive research and advisory to Federal Regulators and their Government’s alike. The design of the following sections provides targeted feedback in response to this final round of consultation. FDATA would be pleased to provide additional feedback or Global research to the Australian Government if required to progress the formalisation of CDR rules.
Australia has proven to be a world leader in legislative reform and its unique approach to adopting a Consumer Data Right. FDATA commends your attempts to learn from other jurisdictions and consider all options before deciding on the right path forward.
How SCA and 90-day Reauth Harm Competition & Security
If you’ve read the previous tomes in this series, you’ll know that the FCA’s proposed change to the 90-day reauthentication requirement will have significant positive impact on the industry – and why this course correction is good for the competitive landscape and fintech innovation. You’ll also already know the context for how the rules combining secure customer authentication (SCA) and the 90-day rule are mired in a conflicting quagmire that does nothing to materially improve customer security and access to open banking value propositions. Not to mention, you’ll already be familiar with how SCA and 90-day do nothing to further the PSD2 objectives to improve innovation, promote competition, and secure consumers better financial outcomes; in fact, it does the just the opposite as it dooms PSD2 to a political failure rather than an innovation triumph.
The Detrimental Impact of 90D Reauth & SCA on Fintech, the Market, & End Customers
Secure Customer Authentication (SCA), combined with the requirement for end-users to reauthenticate every 90 days, is meant to provide a secure and reliable way for consumer to connect their bank accounts to regulated fintech services. Or at least that was the intention when it was enshrined in law as part of PSD2’s Regulatory Technical Standards (RTS). But the road to Hell is paved with good intention, and the path that SCA and the 90 Day Reauth rule have created has been chthonic at best, and hellish at worst: the entire Open Banking market has suffered from lost revenues, lost opportunities, and less innovation with fewer value propositions brought to market because of it.
Opposing Forces: The PSD2 Secure Customer Authentication & Regulatory Technical Standards Quagmire
If you use any fintech product that relies on data from your primary bank account, you will have navigated Secure Customer Authentication (SCA) processes. You will also have run into the 90 Day Reauthentication requirement that demands you confirm you want the fintech to have access to your bank account data, while at the same time re-navigating SCA and consent mechanisms. These two components are part of PSD2’s regulatory technical standards. They’re also the finicky bits that are killing PDS2’s ability to deliver competition, innovation, and better customer outcomes to the EU and UK markets.
2021 Q1 Wrap
Formal Submissions
The New Zealand government has responded to our ‘Options for a CDR’ submission (September 2020) and has requested a discussion around potential involvement. Data 17th February 2020.
FDATA North America Responds to US CFPB ANPR on Consumer Access to Financial Records
February 3, 2021, Washington, DC – Today, FDATA North America submitted comments to the US Consumer Financial Protection Bureau (CFPB) in response to its Advanced Notice of Proposed Rulemaking (ANPR) regarding consumer access to financial records, or Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act.
In the submission, FDATA North America Executive Director Steve Boms praised the CFPB for formally beginning the process of crafting a rule in this critically important area following many years of careful examination of the customer-permissioned data access and financial services ecosystems. “FDATA North America strongly supports the authority given to the CFPB by Congress in 2010 to promulgate, by rule, a consumer financial data right that will spur greater financial services innovation and competition and improve consumer financial access and inclusion,” Boms noted.
Boms concluded the association’s submission by encouraging the Bureau “to fully utilize its Section 1033 authority to create a customer financial data right to allow consumers and small businesses to have unrestricted access to technology-based tools that can help them improve their financial wellbeing, along with other important bedrocks of an open finance regime.”
FDATA North America CFPB ANPR Submission
ABOUT FDATA NORTH AMERICA
FDATA was heavily involved in the UK Open Banking Working Group in 2015. In 2016, the working group’s output was published by Her Majesty’s Treasury as the Open Banking Standard. FDATA North America was founded in early 2018. Its members collectively provide tens of millions of consumers in Canada, the United States and Mexico with aggregation-based tools to better manage their finances. Existing FDATA North America members include: air (Alliance for Innovative Regulation), API Metrics, Betterment, Direct ID, Envestnet Yodlee, EQ Bank, Experian, Fintech Growth Syndicate, Fiserv, Flinks, Interac, Intuit, Kabbage, Mogo, Morningstsar, M Science, MX, Petal, Plaid, Questrade, Quicken Loans, TransUnion, Trustly, ValidiFI, VoPay, Wealthica, Xero, and others.
UK BEIS Cross Sector Options Feedback.
Thank you for the opportunity to respond to the BEIS Smart Data Cross Sector Options. The Financial Data and Technology Association (FDATA) has a vested interest how the HMG’s Smart Data initiative is delivered to market, as our members provide valuable digital financial services under Open Banking, and they will continue to serve UK residents with expanded value propositions as Open Finance begins rolling out across the market. FDATA is on the side of consumers, innovation, and competition; we welcome HMG’s willingness to orchestrate the initiative.
In regards to BEIS’ note on creating opportunities for wider collaboration within the ecosystem, FDATA strongly suggests engaging the capabilities housed in the Global Open Finance Centre of Excellence (GOFCoE), to whom BEIS awarded an innovation grant in 2020. GOFCoE has built a Global Open Finance Technical Working Group focused on establishing harmonised and interoperable international technical standards; along side this is a Consumer Data Protection Unit, an Economic Observatory, an Economic Crime unit, and an Innovation Sandbox. All of these capabilities align with the sort of support the Smart Data Initiative would require. We strongly encourage BEIS to identify other potential ecosystem resources that would contribute to enhanced cooperation.