The Clearing House: New Data Risk Assessment Facilitates Bank/FinTech Collaboration

As mobile banking proliferates and digital-first initiatives become the hallmark of financial services, bringing FinTechs and banks together on the same page — literally — can save time and money as they develop new products and services.

And new players are starting to enable those collaborations. It was one of the topics in an interview PYMNTS CEO Karen Webster conducted with Ben Isaacson, senior vice president of product strategy at The Clearing House (TCH). Isaacson said connected banking and common data forms could shorten the time it takes to bring innovation to consumers. To that end, earlier this month TCH helped to launch the Streamlined Data Sharing Risk Assessment, provided by TruSight and KY3P® by IHS Markit – third-party assessment services.

As reported, the solution offered by KY3P and TruSight centralizes data so that it can be more quickly accessed by financial services firms that need to evaluate the risk of financial apps and data aggregators. Centralizing data can reduce redundancy reminiscent of the movie “Groundhog Day,” where apps and developers are providing the same information over and over — and over — again. Much ground could be covered, much faster, with the standardized set of questions in the Streamlined Data Sharing Risk Assessment.

At a high level, said Isaacson, TCH’s Connected Banking initiative has worked with KY3P and TruSight to create a streamlined data-sharing service for risk assessment data. “The service helps facilitate the migration path from the current way data is being shared, through screen scraping, to an API-based way of sharing data,” he said. The Streamlined Data Sharing Risk Assessment is an important part of this objective because managing due diligence requirements is a fundamental step to bringing data aggregators and FinTechs into application programming interface (API)-based contractual relationships with banks, he added. 

From Screen Scraping To APIs 

An API-centric data-sharing ecosystem, he explained, is more secure and transparent for all parties involved, especially consumers, who glean more insight into the data they are sharing and how that data is being used.

“That just doesn’t exist in the current ecosystem,” he said.

 Isaacson noted that to facilitate that transition, TCH has set its sights on easing the major bottlenecks of the migration away from screen scraping. There may be a universal acknowledgment that screen scraping — generally defined as a process where data tied to a digital display is copied and used for other purposes — is not a great solution for providing new products and services to end users. And most of these providers want to embrace APIs, but the question remains of how to get there.

Risk management and due diligence, said Isaacson, are key bottlenecks on the path to open banking done at scale. As he detailed to Webster, when screen scarping occurs, there is no relationship between a bank and a data aggregator.

“With no relationship, there’s no contract,” said Isaacson, adding, “there’s no due diligence.” But TCH, as reported, in late 2019 introduced a model agreement to provide a legal reference point to help banks enter into agreements with FinTechs and eventually connect to APIs in a bid to streamline the journey to financial innovation. “With the data-sharing agreements in place, consumers don’t need to share account credentials with third parties,” said Isaacson.

With a nod to the TCH’s Connected Banking initiative, Isaacson said the advantage lies in reducing the time it takes to do due diligence at scale. The need to shorten the time frame and eliminate redundancy comes, as Isaacson said, as data aggregators are inundated with bank requests — hundreds of questions, untold numbers of documents — and aggregators are fielding similar queries from a slew of financial institutions (FIs) at once.

“If one bank asks me for that, it’s hard, but all of a sudden, now 10 banks are asking me for a host of different kinds of information, and it becomes a massive time suck — expensive and time-consuming for the data aggregator,” said Isaacson. TCH has addressed this by creating a uniform template that should meet almost every institution’s due diligence needs.

Another time-intensive process for data aggregators involves simply maintaining the status quo of screen scraping. And the ripple effects are significant, Isaacson said — as every time a bank makes a change to its website, an aggregator like Plaid has to reprogram its bots and has hundreds of technologists whose full-time jobs consist of reprogramming bots to account for changes, across thousands of FIs. APIs solve this problem by providing an agreed-upon way for data aggregators and FinTechs to access information. The aggregators, he said, have to “up” their technological games — especially as regulatory oversight in the open banking age becomes more rigorous and as risk shifts to banks.

Banks, after all, have to determine whether applications that connect directly to bank systems to pull information have been authenticated, whether apps are real in the first place and whether onboarding has been robust enough to establish whether an app that wants access to the FI’s customers’ data is trustworthy. After all, with the various combinations of data accessed by apps, noted Isaacson, the potential for fraud increases, particularly with real-time payments.

“When you look at the ACH system, at least within ACH, you have a couple of days to deal with it,” said Isaacson, “and it’s not irrevocable. But RTP is real-time and irrevocable. As data aggregators increasingly facilitate payments solutions that are offered by FinTechs, it’s really important that you get that right.”

As the ecosystems evolve, he said, “you can do two things at once. You can figure out how you’re going to work with FinTechs, you know, for the benefit of your customers. And at the same time, I think there are things that the banks need to improve to facilitate those relationships.” 

In the effort to improve those relationships, he said, the streamlined data sharing risk assessment seeks to build trust on both sides of the equation — between the data aggregators and the banks. The banks have created a common question set and a common approach to those questions for the data aggregators.

“We didn’t know for sure we were going to get real alignment until the risk teams reviewed the results. And what came was a great outcome, which was: Out of around 500 questions and document reviews onsite, most of the banks came back and they said, “Do you know what? The set of questions is great, but I have a handful of follow-up questions that weren’t in here that I will need to ask.’”

That means data aggregators have not had to answer 500 questions from scratch every time they were queried. They only had to answer a few questions to fill in any extant “gaps.” With a more streamlined process in place, he said, banks have been accelerating contracting with providers to deliver new services.

“This is something everyone’s welcoming,” said Isaacson, who added that “transitioning to APIs is essential to getting data sharing to scale, and the streamlined assessment addresses a key bottleneck inhibiting that movement.”