This psychological thriller has Jack (played by Jack Nicholson) and his family holed up in the Overlook Hotel for the winter so that Jack can break his writer’s block and produce his next masterpiece while serving as the hotel’s winter caretaker. Instead of writing his next novel, Jack goes insane, turns on his family and tries to kill them. This plot unfolds while his son, Danny, wanders around the hotel murmuring “REDRUM.” REDRUM, we learn, is MURDER spelled backwards, and Danny was telegraphing a message about the family’s future that no one figured out until it was almost too late.
The scariest real-life scenario playing out now in financial services is the bipartisan attack on banks and the services they provide to consumers. Regardless of who’s sworn in as president of the United States on Jan. 20, 2017, it’s a near certainty that life for banks — large and small — in this country will only get worse than it is today. And it’s already pretty bad.
That sobering reality has reportedly caused many in the banking sector to wander the halls of their own institutions muttering “DESOH” — a message that seems to foreshadow their future as they contemplate the outcome of the regulatory horror show that likely awaits them.
DESOH spelled backwards is HOSED.
OK, perhaps I’m channeling my inner Stephen King a little too much this Halloween season, but I’m pretty sure that I’m not that far off.
- We have a newly emboldened and still unfettered CFPB director in the wake of the Wells Fargo debacle. Just a week ago, he said publicly that he’s now “gravely concerned” about banks wanting to limit access to their assets, like customer data, to innovators who, without it, have no way to ignite their own ideas and monetize them. Never mind the cost and security issues that it raises for banks. Under the rubric of consumer protection, Director Cordray will press hard for change until he’s no longer “concerned.” And he can do that. He can do just about anything.
- We now have a bipartisan haranguing of banks — all banks — over their retail banking practices. “Y’all were rotten” were the words of Rep. Mick Mulvaney (R-SC), referencing the entire banking industry when addressing former Wells Fargo CEO John Stumpf at the House hearing on the Wells scandal. So much for counting on the Republicans for support.
- Meanwhile, the ranking member of the House Financial Services Committee, Rep. Maxine Waters (D-CA), has thrown down the banks-need-to-be-broken-up gauntlet. Wave bye-bye to Glass-Steagall, both sides of the aisle now say. Rep. Waters is said to be working on drafting legislation now that would break that Glass-Steagall ceiling.
- There’s a powerful senator on the Senate Banking Committee, Sen. Elizabeth Warren (D-MA), who’s been saying for years that she thinks bankers belong behind bars and is using the current banking environment to make her point even stronger. Whether she remains a senator on that committee — a certainty in a Trump administration — or someone more powerful, like secretary of the Treasury, in a Clinton administration, she will remain a loud and outspoken critic of banks and a very vocal voice for change.
Whatever happens on Nov. 8, we can be sure that the Republicans and Democrats will disagree about just about everything — Obamacare, women’s rights, foreign policy, who is the crookedest of them all.
Everything, maybe, except that banks are bad.
But here’s the scary reason why the future for the banking industry looks so bleak.
Not only is there bipartisan consensus that something needs to be done to smack the banking industry publicly on the heels of the Wells fiasco, but those who most staunchly defended their interests feel as though they can no longer do so.
Rep. Frank Lucas (R-OK) seemed to sum it all up: “[The banking industry] just made it really hard for those of us who want to maintain the concept of a market economy and who want to make sure that the bankers, not some bureaucrat somewhere, are the arbitrageurs of capital.”
THE BIG BANKER BACKLASH
The Wells Fargo scenario has really only poured gasoline on a fire that’s been raging on Capitol Hill since the financial crisis.
The bipartisan assault on the banks and the business models that underpin the delivery of banking and payments services were punctuated with the regulation of interchange under the Durbin Amendment to the Dodd-Frank Act. That piece of legislation had bipartisan support under the guise of lowering prices to consumers since merchants would pay less to those — all together now — “greedy” bankers.
Five years later, the reduction in debit interchange hasn’t reduced prices for consumers at merchants but has made it more expensive for consumers to maintain their checking accounts since banks gave up a revenue stream to offset the cost of acquiring, servicing and maintaining those accounts — including funding debit rewards that consumers seemed to like.
Dodd-Frank also drove bank capital requirements higher, which curtailed access to credit for consumers and small businesses, cutting off another source of revenue — interest on loans. But, thank goodness, we saw the rise of those disruptive alternative lenders, like Lending Club, to fill the gap that the traditional banks left. These players used innovative methods, like paper-based direct mail, to lure consumers away from banks to their super-spiffy alternative lending platforms, which have since crashed and burned in the wake of business models that were a little too cute to be sustainable.
Dodd-Frank also gave the financial services industry the CFPB and a director who’s accountable to no one and can only be relieved in the event of an egregious act. We’ll have to wait to see if the recent Appeals Court decision that found the structure unconstitutional and ties the director a little more tightly to presidential oversight is appealed by the CFPB. If so, that would mean business as usual until the case is heard again. Some law professors believe that it’s also quite likely that the Supreme Court will end up deciding the CFPB’s governance future.
In the meantime, in a Clinton administration, nothing at all would change. Mrs. Clinton has come out strongly in favor of the CFPB and the job that Director Cordray is doing. Trump, in the face of the rancorous banking environment that exists today, might also find it difficult to unseat or even change materially its function.
PROTECTING CONSUMERS OR DESTROYING BANK INNOVATION?
Now, not all of what the CFPB has done over the years has been without merit.
Advocating for transparency in how fees are conveyed to consumers, eliminating the kind of rope-a-dopey tactics that advantage the banks at the expense of consumers and exposing the fraudulent business practices at Wells Fargo were all good things for them to have done. And they are all, frankly, the kinds of things that it’s shameful we needed a 1,000+ person government agency to remind the industry were no-nos.
But often, the CFPB’s decisions on financial services and payments products reflect a lack of understanding of how consumers use and value them and the role of the bank in providing them, servicing them and protecting them.
And now, the CFPB seems to be warning the banks that they better figure out how to share the assets that they’ve invested in acquiring, servicing and securing with innovators who are banging at their doors trying to get in — or they’ll step in and decide how it will all go down.
BANKING’S LATEST THREAT — APIs
APIs have clearly accelerated the pace of innovation in all aspects of payments and commerce. Previously closed platforms that have opened themselves to innovators via APIs have unleashed a host of new ideas for how and where commerce can flourish. APIs allow innovators to save the time and money building core functionality that someone else has done better and more efficiently — leaving them to focus on how to solve a friction or unlock a new opportunity for themselves, the consumers or businesses they want to reach. And, importantly, the platforms that provide access to their assets via those APIs have a way to monetize that access and establish a process for how platform services are accessed and used.
As a result, there are a lot of APIs swirling around these days. Today, many of those APIs have their “Is” and “eyes” trained on bank customer data to make their business models hum.
Giving third parties access to customer account information isn’t new — screen scraping has been going on since the 1990s. It’s how Yodlee built a business big enough to sell this summer to Envestnet for $590 million and how Mint has built a business aggregating millions of consumers who monitor their financial health via the Mint dashboard.
But what is new is that, if Director Cordray has his way, every innovator with an app and a dream to monetize it on the back of bank customer data will soon have to allow them access to that data — regardless of whether doing so is contrary to the bank’s own business interests.
Cordray’s justification is that it’s all in the name of averting consumer harm over consumer data ownership. He cites an increasing number of innovators in the CFPB’s Project Catalyst program who need access to consumer data inside of a bank to build their own businesses. And he cites that bipartisan piece of legislation — the Dodd-Frank Act — as giving the bureau he runs the authority to make that access possible.
In his speech last week, Cordray said that the Dodd-Frank Act “stated that, subject to regulations issued by the bureau, consumers should be able to access information maintained by a financial provider about the consumer’s use of their products” and that “Congress also specified that the information shall be made available in an electronic form usable by consumers.”
Cordray’s loose interpretation seems to be that forcing banks to expose APIs that vacuum data from banks, at will, falls under the definition of “electronic forms.”
Never mind who really owns that data.
WHOSE DATA IS IT ANYWAY?
There seems to be a very, very grey line between consumer data ownership and bank data asset. Sure, it’s the customer’s own information about the activities that they undertake at that bank that they should have access to and be able to use. But the consumer’s expectation is that the bank should maintain their data accurately and keep it secure on their behalf.
Now, cybercriminals, being the clever people that they are, have managed to find the weak links in just about every environment. What happens if an innovator’s app is hacked, and customer data obtained via an API turns up for sale on the Dark Web? Who’s liable, and more importantly, who does the consumer hold accountable? Or if an API call to a bank comes embedded with a malicious piece of software and the bank is compromised? Who’s liable then?
Then, there’s the issue of the business rationale for the bank to give up access to its data asset to every innovator with enough VC money to develop an app but without a business model aside from getting access to bank customer data. Letting tens of thousands of APIs loose inside the bank’s data vaults, accessing consumer data at will, is very different than a consumer authorizing their bank to transmit information to a third party in a manner that is compliant, safe and, depending on the third party, with the exchange of some sort of value.
Quite often, these monetization schemes include serving ads to consumers for competing financial services products. In the U.K., where PSD2 will mandate open access to bank customer assets, it is predicted that banks will lose 10 percent of their revenue by having payments and business diverted away from them to innovators who are able to access consumer assets via APIs. But that’s OK. Banks need to get smaller anyway — they’re just way too big.
What’s really interesting is that, more often than not, these same innovators fail to even make a profitable go of their businesses, so banks must incur extra costs to, in many cases, help launch competitors who die on the vine years later anyway.
Now, it’s also worth pointing out that what Director Cordray seems to advocate is a very different business proposition for the banks than how APIs and API access functions in every other aspect of technology innovation. Calls to a platform via an API are for the purpose of accessing the services of that platform for which there is a mutual exchange of value that is decided by the market, not a regulator — and not for the express purpose of picking that platform’s crown jewels for the purpose of monetizing it at the platform’s expense.
It’s a totally bizarre business proposition.
But as nutty as we may think it is, it will just be another time- and cost-intensive — and, ultimately, a losing — battle for the banks.
Arguments that leveling the playing field will harm their business model fall on deaf ears. From the standpoint of the regulators and many sitting in the halls of Congress, banks make too much money anyway, and consumers need a choice about where to take their data if they want to. Banks will have to figure out how to deliver that choice by enabling it, no matter the cost.
That same consumer who, by the way, actually seems to like their bank, despite what the regulators say or think.
TRUST IS CRITICAL AND BANKS HAVE IT
The 2016 Edelman Trust Barometer was recently published and shows banks actually gaining ground — up 8 percent since the financial crisis. Edelman’s been doing these global studies for 16 years and surveys 33,000 consumers all over the world. Financial services, as a sector, was among the biggest movers in all of the industries surveyed — second only to technology. Further, that uptick came at the expense of trust in government.
Fifty-nine percent of those surveyed said that, while it is the role of government to regulate, 80 percent trust that it’s the business that should be called upon to solve problems — not the government. Sixty-one percent of consumers said that they trust businesses to keep pace with innovation and technological change; only 41 percent said that they trusted the government to do the same. This, Edelman reports, is a huge shift from prior studies.
Regarding banking, specifically, an E&Y study reported that 93 percent of consumers trust their bank to keep their money safe. We did an examination a few months back of all of the complaints collected by the CFPB since its inception and found that people don’t seem to complain much about their bank accounts. They complained about mortgage lending on the heels of the financial crisis, but mostly, they complain about debt collectors and credit bureaus. Consumers didn’t even complain about prepaid products until — coincident with the published prepaid ruling — a month ago. Only then did the CFPB report that complaints about prepaid cards topped their list for the month. (Prepaid cards are in the “other” category.)
We’re obviously at a very strange crossroads.
Banks appear to be a trusted provider of financial services, even by millennials, it seems, who use their products and seem happy with them.
Consumers embrace and trust their banks to deliver mobile and digital banking services, and their use is increasing.
Innovators and banks are collaborating, in earnest, to add value to each other’s products and services where it makes sense and in a way that adds value to all parties, especially the consumer.
Consumers also vote with their feet (and their bank accounts) when they don’t like how their banks are behaving. Reports suggest that consumers are closing Wells Fargo accounts in the wake of the controversy (140,000 a week, one report said) over their account and cross-selling practices and taking their business elsewhere. No regulatory prodding needed.
Yet, regulators continue to bear down on banks under the guise of consumer protection and leveling the playing field.
WHAT’S A BANK TO DO?
In the face of all of these headwinds, it’s not easy to advise banks about what to do beyond what they’re already doing to enhance the quality of their own products, to keep their customers happy, to keep their assets secure, and partnering with innovators where there is a mutually acceptable exchange of value for themselves and their customers.
In the meantime, banks will have to contend with more regulation, not less, and face the prospect of major structural changes, too. The pace of innovation will slow as risk, compliance and legal officers increasingly drive how and when innovation happens and where the complexity of the regulatory environment, the increasing threat levels presented by cybercriminals and the pressure on KYC and AML policies in a digital world add layers of cost and time in getting new products into the market.
It’s likely consumers, too, will feel the change, as options for monetizing the banking services they use dwindle and costs of operation increase. In an environment where interest rates are zero, banks only have so many options. It’s not implausible that banks will be forced to raise the cost of banking products and/or reduce services — or possibly both — giving the regulators even more with which to whack them for not being consumer-centric.
Those who say that an “Uber” for banking will emerge to disrupt fail to recognize that Uber was able to take on the highly regulated taxi industry because it was schlepping people to and from work or the airport — and not holding their money. And speaking of API’s, the money part of the Uber transaction is handled by a payments processor who handles the payments side of their business.
Now, if we could only get the regulators to understand that it didn’t take an act of Congress or the CFPB to innovate the transportation sector, maybe we’d have a shot at letting banks and innovators work out who, how and what is shared and how all of it gets monetized.
Without the overhang of the regulators making sure that they’re totally satisfied with what gets done under the rubric of protecting a consumer who doesn’t seem to feel unprotected today.
Yep, as I said, DESOH’s the word you’ll probably hear financial services folks utter a lot over the next four years and probably pretty loudly the evening of Nov. 8 as the election results are tallied. In fact, while the rest of us will be sitting on pins and needles watching the votes get tallied, bankers should think about calling it an early night and rest up for the battles to follow. We may not know who’ll sit in the Oval Office in 2017, but whoever does will certainly have it in for them.