Building a financial life ledger: Portabl and the promise of Dodd Frank 1033
Hi Fintech Friends đ
Today, we have something special for readers - our first ever sponsored guest column, written in collaboration with our friends at Portabl.
Portabl powers reusable, consumer-permissioned data based on data ownership.The team is on a mission to the simplest path for users to be trusted anywhere in their financial life, no passwords required. The vision: universal financial identity for all.
đĄ Sponsored guest columns are how we collaborate with thought leaders in fintech to bring relevant, topical content to you on the key issues in fintech today.
In todayâs sponsored guest column, Portabl founder Nate Soffio and I dive in on the topic of open banking:
- Why is it so important to the US fintech ecosystem?
- What does ownership of your personal financial information unlock for you?
- What did the CFPBâs announcement at Money2020 really mean?
- And where do we go from here?
Interested in sponsoring a guest column? Let us know at news@thisweekinfintech.com.
Enjoy!
Nik & Nate
Last October, Money 20/20 â the largest fintech conference for payments and financial innovation â featured a landmark event for those who hope for a much more open and decentralized financial system.
Rohit Chopra, the director of the U.S. Consumer Financial Protection Bureau (CFPB) took the stage to make a huge announcement: a push for regulation that will allow users to have greater control over their data.
Having control over how your financial data is used is important for almost every consumer fintech app you can think of. Whether youâre connecting your bank account to Venmo, switching your direct deposits to Chime, or populating your payments history in TrueBill, being in control of your financial information lets you leverage that data to access more, better services.
As Director Chopra said in his keynote, âWhile not explicitly an open banking or open finance rule, the rule will move us closer to it, by obligating financial institutions to share consumer data upon consumer request, empowering people to break up with banks that provide bad service, and unleashing more market competition.â
Imagine if your phone number and data were permanently tied to one carrier: if you ever wanted to switch from T-Mobile to Verizon, youâd have to get a new number and start your address book with all of your friends from scratch. That is similar to a banking ecosystem without open banking: your data becomes trapped with one provider, so that you canât leverage it to shop the financial services marketplace for better products.
The intent of Chopraâs announcement is crystal clear: The United States is moving toward regulatory expectations that will give consumers more leverage when dealing with financial institutions and make the entire financial services market more competitive.
How are they going to do it?
By activating a to-date âdormant authority,âSection 1033 of the Dodd-Frank Consumer Financial Protection Act, which gives consumers the power to transfer their financial data.
Assume youâve been banking with Chase Bank and are planning to switch to Wells Fargo. Now, upon your request, Chase should have the capability to transfer all your account and financial data to Wells Fargo, or better yet furnish you with something you can take with you. The concept is not far off from some of the data interoperability standards already being implemented in the UK and other parts of Europe.
Portabl and open banking identity apps like it were built to, among other things, facilitate this very transaction â working to make financial identity and all your data that is part of it âŚwell, portable!
Portablâs approach to packaging data as secure, verifiable credentials, allows FIs to issue a DF1033-ready set of data to their users that they can re-disclose to other relying parties for origination and verification. Imagine the idea of passports and stamps, but applied to controlling and sharing your data. âStampedâ data moves with the user on Portablâs rails, banks can offload worrying about normalizing, storing, and transferring consumer data in a secure manner.
The CFPB announcement was important for the entire data portability industry â traditional financial institutions looking to meet these new standards will need to move quickly, and luckily for them, the crop of open banking tools that have been built over the past few years make it easy to do so.
Portabl: The Section 1033 Dodd-Frank Compliance Tool
The Dodd-Frank Act was passed by the Obama administration in 2010 to regulate systems after the 2007-2008 financial crisis. Among many other institutions, it set up the Consumer Financial Protection Bureau (CFPB) to protect users from predatory financial entities.
However, the guidelines around many of the Dodd-Frank Actâs provisions (including Section 1033) havenât been very clear to date, and implementation has been slow as a result. Thanks to the latest announcement by Director Chopra, we now understand where Section 1033 could be headed and at what pace (implementation is now expected by 2024).
According to Chopra, any institution that deals with âdeposit accounts, credit cards, digital wallets, prepaid cards, and other transaction accountsâ will have to set up âsecure methods, like APIs, for data sharing.â
If a law similar to the European Unionâs payment services directive (known as âPSD2â) gets implemented in the US, banks will be forced to have reliable technology that facilitates secure data transfer. Most banks likely wonât know where to start, and the stakes are high: weâre talking about sensitive financial information here, so there is no room for error.
Creating practices and procedures for issuing DF1033-friendly data could be a time-consuming and expensive process for financial services providers. Itâs one thing to produce the customer record in a reliable, and well-governed way. Itâs another thing entirely to provide assurances that the record is interoperableâthat a consumer can actually succeed bringing data from point A to point B.
Oh right â Point B also needs to be able to verify the consumerâs ownership of that data and its provenance without necessarily relying on a specific OS, device, or carrier
The ideal product in that case looks like a ready-made solution to make financial identities portable across institutions, plus app to app, defi to cefi, and the many permutations in between.
Applying the best of Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) will not just transform how banks can be compliant, but will unlock key top-line perks such as two click-onboarding, which can save banks and fintechs both significant money by reducing onboarding attrition.
Security of Data
Chopra stated that the CFPB is looking at âexploring ways to ensure that when consumers share their data for a specific use, that is the only use it will be used for. âStressing financial privacy, Chopra stated that the CFPB is looking for alternatives to the standard ânotice-and-opt out regime.â
This is both a practical security concern to guard against misuse, as well as a firm assertion about the principle of data minimization: the practice of limiting the collection of personal information to that which is directly relevant and necessary.
In a narrow case, it means that requests for information disclosure can be very atomicâsharing is not all or nothing. More broadly,this helps you verify as a customer that if you apply to a bank for a mortgage, the bank doesnât then use your information to pre-qualify you for personal loans or credit cards, or sell it on to third parties.
Portablâs identity tool leans into certain types of zero-knowledge methods, such as selective disclosure, in order to solve for data minimization and privacy preservation. Just because you own 10 data points does not mean you have to share them in an all-or-nothing exchange. Share the data you need to; protect everything else.
Itâs worth mentioning that these same data-minimizing techniques can be applied to trickier use cases such as KYC step-up and incremental onboarding. (More on that at another time.)
Decentralization
Chopra also said that âa decentralized, open ecosystem will yield the most benefits for creators and consumers alikeâ to prevent âexcessive control or monopolization.â On many occasions, he made it clear that there is a need for âintermediaries to emergeâ that can facilitate decentralization.
This was validation from the CFPB that the financial services industry should move towards KYC data âwalletsâ and identity sovereignty (being able to own your financial identity).
Historically, building a trusted network has been hard to accomplish despite the best efforts of consortia. Visa began as a consortium before centralizing as a public company. EWS - the owner of Zelle - has had a mixed record with consortium-led product development, as has open-banking solution Akoya. Many FIs think that consortia need a revamp. Decentralization enables trust to travel with the user without a clunky middleman. However, without making consumer identity and account data portable, this isn't doable.
Portabl implements standards like DIDs and VCs to bring a better, simpler way to solve for secure data interoperability in a market on the cusp of its own open banking revolution.
Consumer adoption of self-sovereignâor self-owned/self-managed/etc.â identity (SSI) mechanisms can both help consumers enjoy the perks of decentralization, while allowing them to transact with all types of financial services across the board with greater safety and efficiency. For clarityâs sake, SSI is not exclusively a crypto tool, though itâs commonly referenced in those communities as part of larger privacy and decentralization conversations. However, under the hood, SSI is a broader set of cryptographic tools that allow businesses and consumers to prove ownership, enhance data protection, and transmit data and messages more securely than traditional methods. For the crypto skeptics: SSI has huge potential without reliance on blockchains and tokenâcryptography without the crypto. While the list of self-sovereignâor self-owned/self-managed/etc.âidentity methods continues to grow to fit the nascent space, it is worth noting that verifiable credentials, for example, are already becoming normalized in other international markets and are under evaluation by NIST, or the National Institute of Standards and Technology.
NIST is an agency in the Department of Commerce thatâs responsible for a slew of information standards including proposed digital identity standards. It will take some time for public discussion around applying these standards in the US to mature; still, early adopters and implementers are showing promise with the underlying fundamentals that already exist.
As the line between cryptography born in web3 and consumer-permissioned data in web2 continues to blur, the most significant piece of the puzzle that SSID companies can solve for is building out easy-to-use must-haves that escape the fiddliness of todaysâ web3 onboarding and data sharing experiences. Itâs 2023, and itâs time we moved towards a financial ecosystem where consumers own their own identities, which should âjust work.â
Consumers are the real winners (as they should be)
In 2019, the reputation of banks declined to their lowest point since the financial crisis. Yet, despite those low marks, only 4% of people switched banks the previous year. Why are people sticking with financial institutions they arenât satisfied with?
âCustomer satisfaction and convenience have improved, but far too many customers have not re-established the trust and developed the deeper levels of connection required to improve the industryâs reputation,â said Paul McAdam, Senior Director, Banking Intelligence at J.D. Power.
âLooking 10 years into the future, when digital banking will be the norm for nearly all customers, retail banks will be required to be unique by scale or unique by strategy. Personalization of important customer journeysâtransactional, advisory and solving problemsâwill emerge as the ways to elevate customer trust.â
As McAdam predicted, having personal ownership over your data and financial journey is critical to establishing trust. But oftentimes, there is a hidden incentive NOT to switch banks, even when they are doing a poor job.
For many consumers, switching often means abandoning their transaction history (and hard-earned credibility) to start everything from scratch with a new bank. Not to mention that switching (applying, onboarding, re-entering personal informationâŚ) is a pain.
The new entity would treat them like someone with no track recordâpoof goes the trust. Reputation doesnât travel. Switching banks also requires effort to re-establish services, such as having to reset all of your recurring payments for various bills.
In Chopraâs own words: âAmericans often use their deposit account history as a life ledger â it is a written record that keeps track of payments and deposits, which can be helpful for taxes, for disputes with merchants, or insurers, and for other purposes.â
Once Section 1033 gets implemented, consumers will be able to reap the benefits of transferring this âledger,â along with a lifetime-worth of established financial credibility, wherever they go. Their credibility will no longer be limited to just the data stored in one particular bank.
Consumers will be empowered to easily cut ties with financial entities that arenât servicing them well, switching to those that offer better services while still maintaining their credibility to apply for new loans, credit, and other services.
They will be able to leverage that portability to command premium services from the new financial institutions they partner with. For example:
â They could comparison shop for the best mortgage rates without having to go through the entire underwriting process again.
â They could more easily switch between various High-Yield Savings Accounts, quickly onboarding with the one that offers them the best interest on their hard-earned savings.
The Bottom Line: This will revolutionize Financial Services
Currently, many of the big banks dominate the list of worst banks in the country. And there are many practices in the financial industry that are in dire need of an update:
- Insecure screen-scraping and programmatic data harvesting, which is normally brittle and breaks frequently.
- Consortia-led data aggregation that is prone to data staleness, governance and accuracy issues.
- Remediation, through which banks refresh large parts of their customer base by putting them through KYC again (or outsource data collection). Remediation is born from the fact that it's difficult to keep the entire customer base's data up to date â many FIs spend 80% of their time focusing on the <20% of highest risk cases and profiles. The rest of the customer data set lags, becomes stale, and filled with latent risk and regulatory hazard.
The new rules announced by Chopra demand better technology that supports data management, verification, transfer, and reputation preservation in a transparent, safe manner.
As it becomes easier for consumers to cut ties with underperforming entities, the entire market will become more competitiveânot only in terms of more suitable products, but the infrastructure and practices that can rise up to support the most complex needs. As Chopra puts it, âFor example, consumers who want to link their accounts with an app that helps them budget, make payments, or find a route to affordable credit would be able to do so without having to provide login credentials to third parties.â
The ability to transfer data would mean consumers get to carry on their trustworthiness, helping banks treat new customers as they would long-term customers with trusted track records. Using the consumersâ authorized data, they can give personalized services and even give access to premium offers depending on historical credibility.
The Bottom Line
By 2024, financial institutions will have to comply with Section 1033.
Thatâs right around the corner, but thankfully we already have the necessary tools to make a wide variety of financial institutions and services ready for compliance.
If you're interested in making your fintech compliant with DF 1033, having more robust KYC solutions, or setting up your own universal financial identity, see how you can get started with Portabl today.
Comments ()