Capital One is moving past its differences with data aggregators.
The bank has restored data access to Plaid Technologies and also signed a data-exchange agreement with Finicity.
Capital One restored customer data access to Plaid several weeks ago, a source familiar with the situation said. The move resolved a very public dispute between the aggregator and the bank. Capital One customers will be able to use the third-party apps and services that Plaid offers, the source said. Plaid, which is based in San Francisco, enables financial apps such as Acorns, Venmo and Robinhood.
Neither Capital One nor Plaid wanted to discuss the issue publicly.
While Finicity has been aggregating data from Capital One for several years, it has pushed to develop stronger relationships with banks in the last three years and has been working on this agreement for the past year.
“This is a consumer permission link,” said Nick Thomas, Finicity co-founder and president. “Financial institutions have seen the power of digitization and that it's important to be a player in the ecosystem because it reduces cost for everyone.”
Despite these developments, U.S. banks and fintechs are moving toward collaboration at a glacial pace, one market observer said.
“This is where we are today: An announcement of a deal or a quiet agreement to reopen access is like an achievement,” said Mark Schwanhausser, director of omnichannel financial services at Javelin Strategy & Research. “In many ways it’s a frustrating period for aggregators.”
Other data aggregators said they had experienced access issues with Capital One also. FormFree, which provides mortgage lenders with verification of asset reports that are used as an alternative to borrowers supplying paper or PDF bank statements, had alerted users on July 5 it “suspended data feeds from Capital One in response to a data disruption.” That was later resolved.
In a statement provided by Capital One on Friday, the bank downplayed any suggestion it had been playing hardball with aggregators. The statement said it was following protocol to safeguard its data.
“It is possible that the regular upgrades that we make to improve the safety and security of our systems may impact the ability of some third parties to access customer data, should they rely on methods that don’t meet our reasonable security standards,” the bank said. “While this may cause a temporary inconvenience as impacted third-parties adapt, this was an important upgrade we made to help prevent customer harm.”
Finicity, in Murray, Utah, will connect through Capital One's Customer Transactions application programming interface. With open authorization technology, users will not need to share their banking credentials with third-party apps. Instead of handing over customer data, the tech creates tokenized access, providing direct authorization through Capital One.
Once the connection is in place, customers are expected to migrate in the first quarter of 2019.
“Technology is enabling us to bring waves of new financial tools into the marketplace,” Becky Heironimus, managing vice president of enterprise digital products and data connections at Capital One, said in a press release. “We know many of our customers actively use and rely on third-party services to help them manage and track their finances, and we appreciate the value these services provide. Our agreement with Finicity helps our mutual customers take full advantage of their platform.”
The bank has steadily maintained it is willing to work with aggregators, but its security expectations for secure data sharing had to be met by third parties.
Brandon Dewitt, chief technology officer at MX (another data aggregator that partners with Finicity), said the agreement demonstrated Capital One is willing to work with fintechs along guidelines that provide data access and satisfy security concerns.
“This is an example of an agreement that stands on the governance being outlined with how data should be handled, secured and utilized as outlined by guidance from the [Consumer Financial Protection Bureau] and recent guidance from the Treasury,” Dewitt said. “These agreements are just coming to practical use, but many are being conceived as we speak.”
Capital One’s Heironimus said in the release that “through the API, our mutual customers can securely connect with thousands of leading fintech applications and enable access to accurate account information that gives them control and transparency over how and when they choose to share their Capital One financial data.”
This agreement follows several Finicity has made with other big banks, including USAA, Wells Fargo and JPMorgan Chase. With a variety of relationships with service and application providers, Finicity aggregates data for personal financial management tools, generates verification reports for lenders and supports ACH verification for payment providers, among other services.
Capital One’s other API partners include Abacus, Clarity Money, eMoney Advisors, Expensify, Intuit and Xero.
These agreements are done at the discretion of banks. While the CFPB and the Treasury Department have issued guidance on data sharing, there is no regulation compelling such transfers. By comparison, open banking regulation in the U.K. forces banks to share data with third-party fintechs and retailers.
To address trust and competitive concerns, U.S. fintechs and data advocacy groups have proposed data-sharing frameworks for the industry. The latest was presented in May by Envestnet’s Yodlee, Quovo and Morningstar's ByAllAccounts.