In my last blog, I suggested that your bank question your core vendor about its position on APIs. An API is an Application Program (or Programming) Interface. It allows a third party product or service to receive account information directly from your core processing system in real time. API is a fancy term for interface. Your loan origination system is interfaced to your core processing system through an API. The API is the portal through which information passes. Traditionally, many have been a one-way exchange of data. However with the advent of fintech, I can certainly see requirements for bi-directional flow of data.
APIs are very much in the conversation these days when discussing fintech. For example, what if software was developed to analyze my spending habits and this software automatically siphons off excess funds in my checking account to a savings account? Actually, that process does exist today and is available from Digit. Unfortunately, that savings account does not remain within your bank. This is not a promotion or endorsement of Digit, but an example of one way in which an API would be needed in order for a fintech offering to function most efficiently.
Digit is a member of the Consumer Financial Data Rights (CFDR) consortium formed to lobby for greater access to account data (via API). Many of the members of this group offer personal finance management tools to individuals and without direct access to account data, their services are somewhat restricted. The Consumer Financial Protection Bureau (CFPB) has warned banks not to limit customer access to account data. Therefore, this is becoming a big deal.
To get around not having direct access, third party solutions request that their customers share their online banking logins and passwords. When your customer uses their service, that service logs onto your internet banking site to inquire into balance and history data using the stored login and password. That service then determines, by location in the data stream from the host, the data needed. This process has been termed ‘screen scraping’. Screen scraping has been around for several years and I have never been a fan, primarily because it can easily be broken. If there is an update to your internet banking service, the display of account information could be reformatted. Instead of scraping off the current balance something else could be retrieved which could be very dangerous. There is no control over the data being shared. Whatever is on the screen is available, which may be significantly more than what is needed, and this is a security concern. There is the very obvious security aspect of placing logins and passwords in a third party system. How else are these systems able to operate without real-time access to account data?
JP Morgan Chase just announced an API initiative with Intuit. This development is why APIs are now being discussed. Your core vendor needs to articulate its position on APIs. Find out how much it will cost because there will be a charge. And, there should be a charge.
Certainly this portal into account data must be extremely secure and managed by your vendor. They would also be responsible for communicating any system changes as it affects data to the third parties that are using the API. However, It should not be cost prohibitive.
There very likely will be a contractual restriction to using APIs. Not all third party services will be allowed based on the service under contract. In nearly every contract I have reviewed, there is a clause on exclusivity. Look for that in your contract. It will prevent your bank from signing up with a third party, for example, to offer an alternative cash management service to the service you already have under contract. If someone invents a better mousetrap than the one your bank is currently using, your bank cannot offer both. Termination of the existing service must occur first. Terminating a contract can get very expensive.
This is why you need to fully understand what APIs can provide and know your vendor’s response to them. Several current articles provide greater insight on APIs (links below). If you have specific questions, please contact me (firstname.lastname@example.org or 219-241-7058). I would be happy to discuss APIs with you.
A Siri for Your Finances? Digit says Trust MeFintech Companies Form Lobbying Group Focused on Data SharingCordray Reignites Bank-Fintech Fight After Comments on Data SharingJP Morgan Chase Just Took a Major Step to Revolutionize BankingWill 2017 Be a Breakthrough Year for Data Portability?‘Data Wants to be Free’: Why Banks Should Open APIs to Others7 Examples Showing the Power of Banking APIsAPIs Blurring the Competitive Advantage Between Banking and FintechBankThink One-Off Data-Sharing Deals Aren’t EnoughThe Data Access Debate is About to Get a Lot More Interesting