The approach to financial services for consumers and businesses is quite vast, but across the spectrum, access to and management of financial data is a critical component. Today, APIs have become a popular way for banks to share this financial data with other services and have given rise to more possibilities for FinTechs in how they meet their customers’ needs — and more debate about the security of such facilitated information-sharing.
Finicity, a company built for financial data aggregation, is jumping into the conversation. Earlier this week the firm announced that Wells Fargo has struck a data sharing agreement and will facilitate the sharing of data with Finicity for the apps and other financial tools deploying Finicity’s services.
According to Ryan Christiansen, VP, FI Data Solutions at Finicity, data exchange deals like these are essential to making financial management more efficient, accurate, real-time and secure for consumers and businesses alike. He cited third-party apps in spaces like expense reporting, payments and tax management as a few of the areas that stand to benefit from an agreement like the one made with Wells.
But these agreements also tend to inflame the debate over data privacy.
“One of the main considerations when entering an agreement like this is the security element,” Christiansen told PYMNTS, adding that API technology enables a secure and reliable method of data exchange. “I think what you see with this announcement is the commitment of both organizations to provide customers with their financial records — that’s very much the opinion, that these are the customers’ records.”
The argument that the business or individual customer of a financial service provider — and not the financial service provider — owns the data has been a cornerstone for the industry in the debate over data sharing. According to Christiansen, the rise in use of APIs for the purpose of sharing financial data between FIs and third-party players has also helped ease security concerns.
“The adoption rate is really starting to pick up in so many industries,” he said. “Once you see someone adopting a technology, it starts to move very quickly as others ‘sign off’ on this technology, so to speak.”
He added that APIs are the “best tool” to ensure both the security and reliability of the data being shared, and financial institutions, too, are beginning to understand and trust that technology, further helping the adoption data-sharing tools. And as the financial services market gets more comfortable with the idea, regulatory bodies like the Consumer Financial Protection Bureau (CFPB) are similarly looking to gently guide the space by issuing best practices.
Christiansen pointed to the CFPB’s inquiry last year into data sharing practices, taking a stance in support of technologies like APIs that facilitate data exchange.
“Consumers should be able to use their financial records and account information and securely share access in an electronic format,” said CFPB Director Richard Cordray at the time. “Technology provides opportunities to use these records to create new consumer tools that help improve financial lives. To realize that potential, we are launching a public inquiry into how much control consumers have over their records and how easy and secure it is for them to share their records with third parties.”
But the CFPB’s and other regulatory groups’ efforts are by no means a free pass for financial data sharing, and the debate continues about who owns this data, who can share and access it, and whether doing so heightens risk for hacks, privacy breaches or fraud. Companies like Finicity are striking data-sharing deals in a market climate wrought with data breaches and fraud, too: Earlier this year, the Identity Theft Resource Center and CyberScout found that data breaches in the U.S. reached a new high in 2016, with 1,093 incidents marking a 40 percent increase from 2015 levels.
There was a 31 percent increase in compromised data records in the first half of 2016 alone, the report found.
While the rise in API technology may be leading to a greater focus on the issues of data security and privacy within financial services, Christiansen said the API technology is what makes longstanding data sharing practices secure.
“These financial records have been out there for a long time, in the form of online banking and statements and things like that,” he said. “What we’re doing is really digitizing a very manual process that has existed in the marketplace for a very long time. Really, lining up the industry with more access to individuals’ or corporates’ financial records is where we’re trying to make a lot of progress.”