The UK pioneered open-banking regulations (and popularized the term), but Finicity CEO Steve Smith contends that the US has long been the engine of innovation driving the space forward.
In an interview with Insider Intelligence, Smith unpacks why open banking is a valuable tool for consumers, fintechs, and incumbents alike—and where it’s headed next. He breaks down the regulatory landscape and identifies where regulators can take the baton from the industry to keep consumers safe. He also gives his take on why consumers have a hard time trusting fintechs with their financial data and the role that open banking and APIs more generally will play in web3.
The following has been edited for clarity and brevity.
Insider Intelligence (II): Can you tell us a little bit about yourself, your professional history, and founding Finicity?
Steve Smith (SS): It's been really interesting to have a seat at the table for 35 years, watching the tech transition to the tools that are now in our hands, and with the advent of open banking, being able to unlock data and use it in meaningful ways.
That’s how long I've been in the tech industry here in Utah. I spent the first decade in mobile communications. And after computing moved into a truly mobile world, the next trend and opportunity I saw was the democratization of data—unlocking data and making it very powerful for individuals and companies.
I was already interested in the financial space, and that led me down the path to an early fintech solution. That's what launched Finicity. The need to unlock data for consumers and small and medium-sized businesses (SMBs) drove us to develop an open-banking platform. Then we built out that platform, and when fintech took off in the early aughts, we recognized that a platform for accessing data from banks and credit card companies could launch and power all kinds of fintech applications.
II: What do you mean when you say we need to unlock data for consumers?
SS: Think about how we all used to get data: Traditionally, an account statement would arrive every month in the mail. And then early in 2001 or 2002, online banking started trending. When we launched our open banking platform in 2002, I think we connected to about 1,200 banks. At that time, something like 17% of adults used online banking.
An account statement is an analog solution: I get something in the mail. I can read it, but I can't really lift the data off that page and put it into an application. If I want to use the data, I have to key it in.
Then, online banking comes out. Now people can look at data online, but how can you use it meaningfully? And then open banking comes along and lets you extract the data that we used to get in a printed statement because it’s now in a digital format. You can create standards around that data, and then you can use it to start doing analytics and creating meaningful insights and powering all kinds of automated tools, payments, and management solutions.
II: Where has open banking been really successful? Where has it not worked well? And where do you think open banking is headed?
SS: The term “open banking” came from the UK's regulated approach to opening access to bank data. We didn't call it open banking in the US—we called it data aggregation, and we took a laissez-faire, straight-driven approach. This technology really came to life in '99 and grew from there. But the notion is the same: It's a consumer or an SMB that gives a third party permission to access their data and distribute it to another third party.
That initially spurred all kinds of applications for financial management, like Mint, and then moved into powering alternative credit data, like Experian Boost, and automating functions that used to be all manual and rote, like applying for a mortgage—eliminating a large component in the underwriting process. Recent data suggests that 70% to 80% of people are connecting accounts in one way or another to facilitate some level of automation in their financial lives.
The US has really led as an innovation engine—but I think we've lacked some guardrails that would be helpful.
There’s natural friction between the banks that hold the data and the fintechs that want to access the data. And I think the only way industries trying to innovate can address that is to bring in regulators. They create some guardrails, some definitions, and some requirements. That includes ensuring that the financial system still meets safety and soundness standards and consumers stay protected.
In the UK, regulators came out and said, “This is the regulated system.” That slowed adoption. When the pace of regulation is substantially slower than the industry’s innovation, you run into this situation where people are afraid to innovate. Then a new round of regulation comes in, and it either fixes what they got wrong in the first go or it addresses new issues.
That's what’s happening in Europe. We're finally starting to see some pretty good adoption in the UK—and it's spreading pan-Europe—but there's still work to do there. The question is whether the UK is going to accelerate ahead of the US as we wait for the CFPB to lean in and regulate under Dodd-Frank’s section 1033, or can we get that done in a timely way? I don't know. It's been interesting to watch.
II: Does the US need to copy and paste the regulatory regimes from the UK and Europe? Or are there things we should do differently in the US to keep that innovative edge?
SS: One thing that we've done here is create the Financial Data Exchange (FDX). We brought in the banks and the fintechs, and we created standards for authentication, permissioning data access, and for consumers to control their data. Industry has already solved a lot—it’s honestly better at solving some problems than regulators. The US has an opportunity to do a better job of putting together a framework to address what industry alone can't: Ensuring open competition and the safety and soundness of our financial system.
But we don't want to dampen the innovation that's driving real value and benefiting consumers and SMBs. The industry-led innovation engine has helped the US look at what's working and where some of the problems are. We've also been able to look at how Europe and the UK used a bit of a heavy hand and see how we can create a better framework.
II: Some people in the industry have cautioned that maybe there are processes that should have some friction, like taking money out of a 401(k). Are there use cases that you think open banking solutions should avoid or where maybe removing friction has gone too far?
SS: The base definition for open banking is about authenticating a bank, authenticating a customer, and then that customer providing permission for the bank to share data with a known third party. I wouldn't change that up in any way. The industry is creating standards to manage that process transparently, like displaying where permissions have been granted and then allowing consumers to control that—that’s absolutely right on, and it's where it needs to be.
But I wouldn't do an auto-permissioned stack—that's super dangerous. I would always want to be able to say, “I'm connecting this third party or this payment process to this account for this purpose.” And I’d want to be able to change it if I needed to.
I don't think that we have permissioning quite right yet. We can make it more user friendly. There's still too much friction in that process. Nobody wants to spend a lot of time doing that. They just want to be informed, and to be able to make changes or cancel something. And they want to know exactly where to do it. I think that's where we'll see continued progress.
The other issue is that consumer data protection regulations are a state-by-state patchwork. There's an opportunity to come together with national consumer data protection regulations that would be helpful in the financial data market.
II: Shifting gears just a little bit. Mastercard's Rise of Open Banking report talked about consumers’ trust in fintechs. Only 26% of respondents in North America said they strongly trust fintechs—and fintechs were less trusted than Big Tech companies with financial data. What were your thoughts on that? And how do fintechs address that?
SS: I'm not surprised by the numbers. And I'm not surprised to see social media companies in a strongly distrusted light.
There’s a big, big gap between fintechs and tech companies on one hand and banks, payment networks, and credit card companies that have really been built around a brand of trust on the other. When you think about Mastercard, the keys are empowerment and trust. Fintech companies are new. Brand building takes time, and it requires consistent messaging: “You can trust me because I do what I say.” Fintech companies haven't had a chance to spend into that and create that same degree of brand awareness.
That’s the major differentiator there. But if you look at info security at leading fintechs and at the mature way they handle financial data and meet regulatory frameworks and compare them with established technology companies, I don't think you're going to see a major difference. The exception might be very new, very small fintechs.
My view is that fintechs are going to look more like banks and banks are going to have to become more like fintechs. Over the next decade, the two will continue to blur. And so I think fintechs have an opportunity to really change that trust perception—the leading ones, anyway.
II: We keep an eye on non-financial companies like tech and social media firms doing fintech things and getting involved with finance, whether it's payments or something like crypto. Do you think that there's a concern that too many companies are trying to get a hand in consumers' finances through tools like open banking?
SS: I'm sure there's a concern in a lot of different circles, especially with the CFPB looking at what happens when these companies get involved and how we protect consumers. The notion that we're going to take data that's typically managed and controlled under Gramm-Leach-Bliley in banks, and we're going to put that in the hands of social media companies that haven't always been the best at safeguarding consumer data? That creates some concern in some circles, for sure.
Every company that interfaces with a consumer and has a financial component—whether it's selling goods and services or becoming more integrated into economic management—will have to become more like a fintech over time. I think those companies will partner to accomplish that. To me, the model social media company would partner closely with leading fintechs that have already built out and created that trust.
II: The founder of Signal recently wrote a blog post about his take on web3, and one thing he found was that a lot of these blockchain-based services rely on APIs for the consumer to really interact with them—it’s not taking place on the blockchain. Is that on the radar for Finicity? Do you have any plans to get involved with blockchain tech, whether that's stablecoins or Bitcoin or NFTs?
SS: Light, enterprise microservices that use APIs are what let us move quickly and maximize innovation. It's breathtaking how quickly you can stand up solutions with APIs versus how we traditionally had to create solutions. The amount of code that you have to write is substantially reduced.
Now, how does open banking interact with blockchain technology? Open banking, again, is all about permissioning access to data. All of these new technologies for commerce and the exchange of value will rely on open banking and bringing together the old guard with the new. You can't assume that the new is suddenly going to displace current forms of fiat.
An open financial data network will allow for the successful implementation and execution of the web3 digital currency world that we're moving into. And so from the perspective of Finicity/Mastercard, it’s on our radar, and we’re looking at the ways those things are coming together. Mastercard has announced a number of different digital currency initiatives and brought them together with current payment networks and open banking and our work. Building out the open financial data network will also be very strongly connected to that.