New technology trends are advancing the way businesses operate, providing enhanced services for consumers and businesses. In the finance sector, the evolution of open banking and embedded finance is accelerating with the proliferation of externally exposed APIs. An era of integration has emerged, as connected apps offering one-of-a-kind tailored customer experiences proliferate.
In the next year, we expect to see government regulation requiring financial institutions to provide solutions for authorized third-party access to consumer data.
Dodd-Frank Section 1033
Section 1033 of the Dodd-Frank Act, expected to be finalized in 2024, requires financial institutions, card issuers, and other payment facilitation providers to make consumer data – including transaction data – more readily available to consumers and authorized third parties.
Section 1033 also places consumer protection obligations, including privacy protections, on financial entities and the third parties authorized to collect and use the data and provides basic standards for data access.
The key purpose of Section 1033 is to foster innovation in financial services and promote a safe, reliable, and competitive environment for data sharing while offering essential protections to consumers and businesses.
Financial Institutions as Data Providers
Fintechs provide innovative, state-of-the-art services that are enhancing customer experiences in personal financial management, fraud mitigation, loan underwriting, business accounting, and more. Many of these offerings rely on financial information to power their solutions, mandating the market provide reliable bank data connectivity for account data aggregation.
As these solutions come to market, the financial institutions, acting as data providers, must have comprehensive strategies and solutions to bring an API channel to life. There are many points of consideration: data specifications, authentication techniques, reporting tools, aggregator access, embedded connectivity, and servicing models.
One critical component that tends to be overlooked is the strategy and process for enrolling customers.
Customer Enrollment Considerations
There are three main considerations when onboarding customers.
- First and foremost is security. Security is always a leading objective in financial services because financial data is so sensitive. Restricting access through credential assignment, authentication, and product level entitlements ensures a customer’s data remains protected from unauthorized access.
- Second, a financial institution offering data connectivity must maintain a record of each customer for audit purposes – which could include proof of regulatory compliance for the Dodd-Frank 1033 ruling. Keeping a record of a user and their corresponding request activity is a best practice that will ensure a financial institution can successfully research and resolve a fraud case, production problem, or billing dispute.
- Third, the ability to generate reports at a customer level is critical for valuable product insights, usage information, and generating billing files for fee-based integrations.
The Enrollment Process
What onboarding for data sharing looks like varies based on the customer, their needs, and the bank servicing model. Enrolling a retail customer looks very different from enrolling a treasury customer. Specific considerations include product enrollment requirements, access provisioning, regulatory mandates, and technical capabilities.
Retail Bank Enrollment
On the retail side of the bank, a financial institution is serving the needs of many individuals using many different applications. A consumer may want to pull account information into a personal financial management tool or validate a checking account for a person-to-person payment. In this case, having to contact the bank to enroll for data sharing would be highly inefficient and would create friction in the customer’s experience.
The preferred model here is to allow consumers to use their existing online banking credentials so they can connect their financial data immediately and move forward with the action they were taking in the app. When prompting a user for online banking credentials, it is important to authenticate against the financial institution’s or online banking partner’s services and correspondingly pull data directly through a secured channel (versus asking a user to provide credentials for screen scraping data).
The first time a consumer accesses information through an app, that connection should be registered. The registration record will contain an enrollment date, terms and conditions acceptance, consented accounts, and the name/ID of the application that the request came from. This is referred to as dynamic registration.
Business Enrollment
A second enrollment model, facilitated registration, meets the unique considerations involved with business customers. As a business grows, it will likely adapt a more complex operational structure which results in a broader banking relationship with more accounts. Certain repeating business tasks, such as reconciling bank transactions with general ledger entries, become cumbersome and time consuming. This drives the need for automation.
Automatic import of financial data into an ERP for streamlined reconciliation and enhanced information reporting is a great example of driving value through secure financial data sharing.
Onboarding a business requires additional steps. When a financial institution provides a service for data integration, they will likely recoup the cost through a fee-based service and charge the client. Therefore, a business needs to enroll in the service and accept the contractual agreements established by the financial institution. This requires a more sophisticated onboarding process with a few back-office tasks to identify the business and gain proper authorization for use of the service.
The person who authorized the service may be the CFO, but the employees processing accounts payable and bringing in bank account information may be a level down from the CFO. These factors, in addition to the financial institution’s security policies, require a more comprehensive and controlled process. Additionally, a financial institution may decide to establish a unique user ID and password for data sharing that differs from the credentials used for online banking to mitigate risk.
Choose Secure, Reliable Data Aggregation
Onboarding is a key component in embedded finance and open banking strategies. Ninth Wave’s comprehensive offering for secure, reliable data aggregation and sharing supports multiple onboarding models to meet the unique needs of our financial institution clients.
Ninth Wave is the leading enabler of secure data connectivity between financial institutions and third-party applications, including aggregators, fintechs, accounting solutions, tax preparation software, and other consumer and business solutions. Seven of the ten leading banks in the United States and eight of the top 10 U.S. wealth managers rely on Ninth Wave’s secure API-based access to integrate their financial data and provide for their customer bases.
Contact Ninth Wave today to learn how to improve your financial institution’s application integration security, reliability, and efficiency.
About Ninth Wave
Ninth Wave delivers secure, seamless, and standardized data connectivity to fintechs and financial institutions of all sizes, through a single point of direct integration to a universal suite of open finance APIs. With configurable controls, visibility, and insights into all data sharing and data acquisition connections between aggregators, third-party apps, and internal applications, Ninth Wave empowers financial institutions and their customers with access and oversight to their connected apps, enabling secure data exchange in a holistic and scalable open finance ecosystem. Offering solutions for retail and commercial banks, wealth managers, credit card issuers, tax providers, and more, Ninth Wave provides unparalleled connectivity and universal compatibility to complex information systems, unlocking innovation, potential, and performance for your data. Contact us to learn more about Ninth Wave’s secure data connectivity features. Empowering open finance. At scale, at last.