Building a financial life ledger: Portabl and the promise of Dodd Frank 1033

Building a financial life ledger: Portabl and the promise of Dodd Frank 1033
A guest column from our friends at Portabl. (Image source)

Hi Fintech Friends 👋

Today, we have something special for readers - our first ever sponsored guest column, written in collaboration with our friends at Portabl.

Portabl powers reusable, consumer-permissioned data based on data ownership.The team is on a mission to the simplest path for users to be trusted anywhere in their financial life, no passwords required. The vision: universal financial identity for all.

💡 Sponsored guest columns are how we collaborate with thought leaders in fintech to bring relevant, topical content to you on the key issues in fintech today.

In today’s sponsored guest column, Portabl founder Nate Soffio and I dive in on the topic of open banking:

  • Why is it so important to the US fintech ecosystem?
  • What does ownership of your personal financial information unlock for you?
  • What did the CFPB’s announcement at Money2020 really mean?
  • And where do we go from here?

Interested in sponsoring a guest column? Let us know at news@thisweekinfintech.com.

Enjoy!

Nik & Nate


Last October, Money 20/20 – the largest fintech conference for payments and financial innovation – featured a landmark event for those who hope for a much more open and decentralized financial system.

Rohit Chopra, the director of the U.S. Consumer Financial Protection Bureau (CFPB) took the stage to make a huge announcement: a push for regulation that will allow users to have greater control over their data.

Having control over how your financial data is used is important for almost every consumer fintech app you can think of. Whether you’re connecting your bank account to Venmo, switching your direct deposits to Chime, or populating your payments history in TrueBill, being in control of your financial information lets you leverage that data to access more, better services.

Platforms like this….

Enable products like this.

As Director Chopra said in his keynote, “While not explicitly an open banking or open finance rule, the rule will move us closer to it, by obligating financial institutions to share consumer data upon consumer request, empowering people to break up with banks that provide bad service, and unleashing more market competition.”

Imagine if your phone number and data were permanently tied to one carrier: if you ever wanted to switch from T-Mobile to Verizon, you’d have to get a new number and start your address book with all of your friends from scratch. That is similar to a banking ecosystem without open banking: your data becomes trapped with one provider, so that you can’t leverage it to shop the financial services marketplace for better products.

The intent of Chopra’s announcement is crystal clear: The United States is moving toward regulatory expectations that will give consumers more leverage when dealing with financial institutions and make the entire financial services market more competitive.

How are they going to do it?

By activating a to-date “dormant authority,”Section 1033 of the Dodd-Frank Consumer Financial Protection Act, which gives consumers the power to transfer their financial data.

Assume you’ve been banking with Chase Bank and are planning to switch to Wells Fargo. Now, upon your request, Chase should have the capability to transfer all your account and financial data to Wells Fargo, or better yet furnish you with something you can take with you. The concept is not far off from some of the data interoperability standards already being implemented in the UK and other parts of Europe.

Portabl and open banking identity apps like it were built to, among other things, facilitate this very transaction — working to make financial identity and all your data that is part of it …well, portable!

Portabl’s approach to packaging data as secure, verifiable credentials, allows FIs to issue a DF1033-ready set of data to their users that they can re-disclose to other relying parties for origination and verification. Imagine the idea of passports and stamps, but applied to controlling and sharing your data. “Stamped” data moves with the user on Portabl’s rails, banks can offload worrying about normalizing, storing, and transferring consumer data in a secure manner.

The CFPB announcement was important for the entire data portability industry — traditional financial institutions looking to meet these new standards will need to move quickly, and luckily for them, the crop of open banking tools that have been built over the past few years make it easy to do so.

Portabl: The Section 1033 Dodd-Frank Compliance Tool

The Dodd-Frank Act was passed by the Obama administration in 2010 to regulate systems after the 2007-2008 financial crisis. Among many other institutions, it set up the Consumer Financial Protection Bureau (CFPB) to protect users from predatory financial entities.

However, the guidelines around many of the Dodd-Frank Act’s provisions (including Section 1033) haven’t been very clear to date, and implementation has been slow as a result. Thanks to the latest announcement by Director Chopra, we now understand where Section 1033 could be headed and at what pace (implementation is now expected by 2024).

According to Chopra, any institution that deals with “deposit accounts, credit cards, digital wallets, prepaid cards, and other transaction accounts” will have to set up “secure methods, like APIs, for data sharing.”

If a law similar to the European Union’s payment services directive (known as “PSD2”)  gets implemented in the US, banks will be forced to have reliable technology that facilitates secure data transfer. Most banks likely won’t know where to start, and the stakes are high: we’re talking about sensitive financial information here, so there is no room for error.

Creating practices and procedures for issuing DF1033-friendly data could be a time-consuming and expensive process for financial services providers. It’s one thing to produce the customer record in a reliable, and well-governed way. It’s another thing entirely to provide assurances that the record is interoperable—that a consumer can actually succeed bringing data from point A to point B.

Oh right — Point B also needs to be able to verify the consumer’s ownership of that data and its provenance without necessarily relying on a specific OS, device, or carrier

The ideal product in that case looks like a ready-made solution to make financial identities portable across institutions, plus app to app, defi to cefi, and the many permutations in between.

Applying the best of Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) will not just transform how banks can be compliant, but will unlock key top-line perks such as two click-onboarding, which can save banks and fintechs both significant money by reducing onboarding attrition.

Security of Data

Chopra stated that the CFPB is looking at  “exploring ways to ensure that when consumers share their data for a specific use, that is the only use it will be used for. ”Stressing financial privacy, Chopra stated that the CFPB is looking for alternatives to the standard “notice-and-opt out regime.”

This is both a practical security concern to guard against misuse, as well as a firm assertion about the principle of data minimization:  the practice of limiting the collection of personal information to that which is directly relevant and necessary.

In a narrow case, it means that requests for information disclosure can be very atomic—sharing is not all or nothing. More broadly,this helps you verify as a customer that if you apply to a bank for a mortgage, the bank doesn’t then use your information to pre-qualify you for personal loans or credit cards, or sell it on to third parties.

Portabl’s identity tool leans into certain types of zero-knowledge methods, such as selective disclosure, in order to solve for data minimization and privacy preservation. Just because you own 10 data points does not mean you have to share them in an all-or-nothing exchange. Share the data you need to; protect everything else.

It’s worth mentioning that these same data-minimizing techniques can be applied to trickier use cases such as KYC step-up and incremental onboarding. (More on that at another time.)

Decentralization

Chopra also said that “a decentralized, open ecosystem will yield the most benefits for creators and consumers alike” to prevent “excessive control or monopolization.” On many occasions, he made it clear that there is a need for “intermediaries to emerge” that can facilitate decentralization.

This was validation from the CFPB that the financial services industry should move towards KYC data “wallets” and identity sovereignty (being able to own your financial identity).

Historically, building a trusted network has been hard to accomplish despite the best efforts of consortia. Visa began as a consortium before centralizing as a public company. EWS - the owner of Zelle - has had a mixed record with consortium-led product development, as has open-banking solution Akoya. Many FIs think that consortia need a revamp. Decentralization enables trust to travel with the user without a clunky middleman.  However, without making consumer identity and account data portable, this isn't doable.

Portabl implements standards like DIDs and VCs to bring a better, simpler way to solve for secure data interoperability in a market on the cusp of its own open banking revolution.

Consumer adoption of self-sovereign—or self-owned/self-managed/etc.— identity (SSI) mechanisms can both help consumers enjoy the perks of decentralization, while allowing them to transact with all types of financial services across the board with greater safety and efficiency. For clarity’s sake, SSI is not exclusively a crypto tool, though it’s commonly referenced in those communities as part of larger privacy and decentralization conversations. However, under the hood, SSI is a broader set of cryptographic tools that allow businesses and consumers to prove ownership, enhance data protection, and transmit data and messages more securely than traditional methods. For the crypto skeptics: SSI has huge potential without reliance on blockchains and token—cryptography without the crypto. While the list of self-sovereign—or self-owned/self-managed/etc.—identity methods continues to grow to fit the nascent space, it is worth noting that verifiable credentials, for example, are already becoming normalized in other international markets and are under evaluation by NIST, or the National Institute of Standards and Technology.

NIST is an agency in the Department of Commerce that’s responsible for a slew of information standards including proposed digital identity standards. It will take some time for public discussion around applying these standards in the US to mature; still, early adopters and implementers are showing promise with the underlying fundamentals that already exist.

As the line between cryptography born in web3 and consumer-permissioned data in web2 continues to blur, the most significant piece of the puzzle that SSID companies can solve for is building out easy-to-use must-haves that escape the fiddliness of todays’ web3 onboarding and data sharing experiences. It’s 2023, and it’s time we moved towards a financial ecosystem where consumers own their own  identities, which should ‘just work.’

Consumers are the real winners (as they should be)

In 2019, the reputation of banks declined to their lowest point since the financial crisis. Yet, despite those low marks, only 4% of people switched banks the previous year. Why are people sticking with financial institutions they aren’t satisfied with?

“Customer satisfaction and convenience have improved, but far too many customers have not re-established the trust and developed the deeper levels of connection required to improve the industry’s reputation,” said Paul McAdam, Senior Director, Banking Intelligence at J.D. Power.

“Looking 10 years into the future, when digital banking will be the norm for nearly all customers, retail banks will be required to be unique by scale or unique by strategy. Personalization of important customer journeys—transactional, advisory and solving problems—will emerge as the ways to elevate customer trust.”

As McAdam predicted, having personal ownership over your data and financial journey is critical to establishing trust. But oftentimes, there is a hidden incentive NOT to switch banks, even when they are doing a poor job.

For many consumers, switching often means abandoning their transaction history (and hard-earned credibility) to start everything from scratch with a new bank. Not to mention that switching (applying, onboarding, re-entering personal information…) is a pain.

The new entity would treat them like someone with no track record—poof goes the trust. Reputation doesn’t travel. Switching banks also requires effort to re-establish services, such as having to reset all of your recurring payments for various bills.

In Chopra’s own words: “Americans often use their deposit account history as a life ledger — it is a written record that keeps track of payments and deposits, which can be helpful for taxes, for disputes with merchants, or insurers, and for other purposes.”

Once Section 1033 gets implemented, consumers will be able to reap the benefits of transferring this “ledger,” along with a lifetime-worth of established financial credibility, wherever they go. Their credibility will no longer be limited to just the data stored in one particular bank.

Consumers will be empowered to easily cut ties with financial entities that aren’t servicing them well, switching to those that offer better services while still maintaining their credibility to apply for new loans, credit, and other services.

They will be able to leverage that portability to command premium services from the new financial institutions they partner with. For example:

●      They could comparison shop for the best mortgage rates without having to go through the entire underwriting process again.

●      They could more easily switch between various High-Yield Savings Accounts, quickly onboarding with the one that offers them the best interest on their hard-earned savings.

The Bottom Line: This will revolutionize Financial Services

Currently, many of the big banks dominate the list of worst banks in the country. And there are many practices in the financial industry that are in dire need of an update:

  • Insecure screen-scraping and programmatic data harvesting, which is normally brittle and breaks frequently.
  • Consortia-led data aggregation that is prone to data staleness, governance and accuracy issues.
  • Remediation, through which banks refresh large parts of their customer base by putting them through KYC again (or outsource data collection). Remediation is born from the fact that it's difficult to keep the entire customer base's data up to date – many FIs spend 80% of their time focusing on the <20% of highest risk cases and profiles. The rest of the customer data set lags, becomes stale, and filled with latent risk and regulatory hazard.

The new rules announced by Chopra demand better technology that supports data management, verification, transfer, and reputation preservation in a transparent, safe manner.

As it becomes easier for consumers to cut ties with underperforming entities, the entire market will become more competitive—not only in terms of more suitable products, but the infrastructure and practices that can rise up to support the most complex needs. As Chopra puts it, “For example, consumers who want to link their accounts with an app that helps them budget, make payments, or find a route to affordable credit would be able to do so without having to provide login credentials to third parties.”

The ability to transfer data would mean consumers get to carry on their trustworthiness, helping banks treat new customers as they would long-term customers with trusted track records. Using the consumers’ authorized data, they can give personalized services and even give access to premium offers depending on historical credibility.


The Bottom Line

By 2024, financial institutions will have to comply with Section 1033.

That’s right around the corner, but thankfully we already have the necessary tools to make a wide variety of financial institutions and services ready for compliance.

If you're interested in making your fintech compliant with DF 1033, having more robust KYC solutions, or setting up your own universal financial identity, see how you can get started with Portabl today.