Clearing House sets data-sharing framework, but the devil is in the detail

The Clearing House this month rolled out a data-sharing legal agreement model for banks to use when partnering with third-party technology companies. The draft agreement is intended to streamline the operational implementation of data-sharing arrangements.

The template, which The Clearing House calls the Model Agreement, is intended to decrease “screen scraping,”  or providing third parties with customers’ online banking login information, a method critiqued for its security vulnerabilities. The objective is to save money and time for banks and startups, given that data-sharing agreements can take more than a year to develop and can be a bottleneck to API adoption.

Dave Fortney, senior vice president of product management and strategy at The Clearing House

“Financial institutions are developing APIs that are more secure and robust ways of sharing data,” said Dave Fortney, senior vice president of product management and strategy at The Clearing House. “They are getting into contractual agreements with fintechs that are using those APIs, and that’s taking a lot of time and energy.”

The Model Agreement, which is voluntary, was developed in consultation with member banks as well as fintech companies, according to the Clearing House. The development of the agreement was based on input from banks that currently have data-sharing agreements with third-party companies.

Use cases are varied, but examples include secure connections to customer data by third-party personal finance and payment apps, including Venmo, Mint and Acorns. 

Plaid, a data aggregator which connects thousands of fintech companies with customers’ bank data via APIs, said some principles outlined in the Model Agreement, including customer consent for data sharing, and restrictions on the sale of  customer data, are steps in the right direction. However, it noted that some sections of the text are actually antithetical to data sharing, particularly provisions that allow banks to block third-party apps.

“The model provides banks unrestricted ability to block apps,” said Plaid’s head of business development and strategy Sima Gandhi, in a message to Bank Innovation. “We would have liked to see a more scalable and pragmatic approach to helping financial institutions integrate the security that we all support, and regulators require, while promoting innovation and competition.”

Another contentious subject in the Model Agreement is liability during data breaches. According to the template, fintechs must reimburse lenders for expenses incurred during breaches if such costs were incurred under the startup’s watch. Once a bank has released customer data to a third party, the third-party company is responsible and liable for the safekeeping of the data, Fortney explained.

To Plaid, however, the safety of customer data is a shared responsibility among banks and fintechs.

“The model contract defines liability bluntly, essentially trying to place all responsibility outside the banks,” said Gandhi. “The reality is that building a safe ecosystem is a shared responsibility, and there needs to be clear mechanisms that align liability with each party’s respective responsibility to ensure that consumers are protected.”

Despite the challenges, others argue that the agreement is a framework for discussion. Rodrigo Suarez, principal of INV Fintech, said The Clearing House’s Model Agreement is an important milestone that could reduce pain points in the implementation of bank-fintech cooperation agreements.

“Data-sharing agreements are a crucial component of bank-fintech partnerships, but also a significant hurdle to overcome for players with limited experience in the space,” he said. “The Clearing House’s Model Agreement is a right first step to facilitate and encourage collaborations. It should be considered only a starting point in finding the right way to address needs and concerns from both banks and fintechs in better serving end users.”

Bank Innovation Ignite, which will take place on March 2-3 in Seattle, is a must-attend industry event for professionals overseeing financial technologies, product experiences and services. This is an exclusive, invitation-only event for executives eager to learn about the latest innovations. Request your invitation.