Lisa Novier, head of governance, risk and compliance at Envestnet Data and Analytics, explains why she has called for supervision of data aggregation platforms in her written recommendations to the CFPB regarding regulatory oversight of Open Banking, and how the US’s market-driven approach has generated strong demand from consumers for data sharing.
1. What does your role at Envestnet Data and Analytics entail?
For the past year, I’ve been over governance, risk and compliance for the data and analytics business here at Envestnet. Prior to joining I came from working at a very large financial institution and my focus there was data governance.
A large focus for me and my team is to work on Open Banking governance, risk and compliance, across all the jurisdictions in which the company operates. That could be anything from making sure we acquire and maintain the appropriate licences that we need in the jurisdiction, to, in the US, where we don’t have rulemaking yet, we negotiate the data access agreements.
I cover a very wide breadth of work in Open Banking – it’s been pretty exciting to be working in such an evolving space.
2. Has uptake of Open Banking in the US been hindered by a lack of rulemaking up until now?
No, not at all. I would say the breadth of the work that’s been done in the US is more like Open Finance, rather than just limited to Open Banking. I think having the industry lead the efforts has really driven very strong adoption.
We have very high consumer demand for sharing their data for a variety of use cases, and the market sees that demand and they’re answering that call from the consumers. I think it’s actually driven greater adoption than you’re seeing in other markets because it’s been market led.
Because we’re driving standards from an industry perspective, there’s this unique collaboration that I see in the US between the financial institutions, or the data providers, the aggregators and the fintechs. And I don’t see that type of collaboration across other jurisdictions where a lot of it is government-led. The use cases go well beyond payment accounts to include investments, loans, insurance – and we’re supporting consumers for the use cases they’re requesting, so I really like the industry-led approach we’re taking.
3. What has the Consumer Financial Protection Bureau (CFPB) proposed when it comes to governing Open Banking?
They’ve proposed to begin with retail payment accounts, which is what we’ve seen in the UK, the EU and Australia – they’re all starting in the same place.
But, as the industry has been responding to that proposal, there’s been a lot of feedback that we would like to see it be broader, because we don’t want to run the risk of losing access to data that consumers are already depending on. We want to make sure that the scope of the regulation covers what is happening today.
What I do like in the proposal is the CFPB is really going to focus on the risk management aspects of consumer-permissioned data access and leave the standards to the industry to continue to develop, which I think will continue to drive a very strong adoption level. And, also, it will provide the agility needed to meet the demand of different use cases as the market changes.
4. Why regulate Open Banking now?
It’s been part of the Dodd-Frank Act and it’s been many years in the making. The CFPB is seeing the adoption in the market, seeing the use of data by the consumers, and Open Banking regulation is being created in all these other jurisdictions. So, it’s time, in the US, for us to have some guidance.
Also, the financial institutions want the guidance for risk management. This is going to create some more trust in the system and define the guard rails for everyone in terms of privacy, security, liability – those risk management functions.
5. In your written recommendations to the CFPB regarding regulatory oversight of Open Banking, you have called for supervision of data aggregation platforms. How will this support the wider ecosystem?
We’re calling for supervision of data aggregators, which I think is fundamentally important. Entities don’t usually ask to be regulated but, in this case, regulating the data aggregators will create a more level playing field, in terms of understanding what are the requirements in order to engage in the marketplace.
It will also provide the financial institutions with a greater sense of trust in being able to share that data with the data aggregators and understand that it’s being managed well.
Today, we engage in a variety of different risk management activities with the banks. Having supervision will make it more standardised and easier for us to demonstrate how strong our practices are, in terms of managing the data.
6. What is the CFPB’s timeline?
We are hoping to see final recommendations on the rulemaking by mid-year 2023, for implementation and final ruling in early 2024.
Here in the US, the industry is highly engaged [in the rulemaking process]. Not only is there clear understanding of what the market wants, there is also, I would say, a lot of alignment that this upcoming rulemaking will be good for consumers, putting into regulation that they have the right to access their data.
The US market is also unique in that we have so many financial institutions. When you have thousands of different data sources, you have to take a different approach to Open Banking than in a place where there are fewer institutions. It would be very difficult to have a government-led standard across all of those institutions, and achieve the type of innovation and competitive marketplace that we want.
We want to make sure that the data for consumers that bank with smaller institutions is available to them, that’s critically important. That variety in the market is important to us and we want to make sure we maintain that variety of availability to the consumers, no matter where they bank.