As a former CEO of Intuit, I call J.P. Morgan and Intuit to task for their lack of support for Section 1033 of the Dodd Frank legislation to protect American’s right to access their own financial data.
Members of the administration in Washington announced today they would eliminate many parts of the Dodd-Frank legislation that was put in place to protect consumers and the country from the financial malfeasance that led to the Great Recession of 2008. I implore the administration to retain section 1033.
Section 1033 protects consumers from being denied access to their own financial data:
“SECTION 1033. CONSUMER RIGHTS TO ACCESS INFORMATION
(a) In general, subject to rules prescribed by the Bureau, a covered person [a bank or broker] shall make available to a consumer, upon request, information in the control or possession of the covered person concerning the consumer financial product or service that the consumer obtained from such covered person, including information relating to any transaction, series of transactions, or to the account including costs, charges and usage data. The information shall be made available in an electronic form usable by consumers.”
I can’t imagine any bank or broker trying to prevent their customers from getting access to their own financial data. And yet, that’s what they’re trying to do. Many of the largest financial institutions in the world have been lobbying Washington and strong-arming other firms to achieve this goal for over a year.
Here’s my commentary on an article that appeared in the Wall Street Journal on January 25, 2017. The quotes below are from the article, and you can read the full article here.
The headline reads: “J.P. Morgan, Intuit Give Mint, TurboTax Customers Wider Access to Bank Data.” Baloney. J.P. Morgan (which also owns Chase Bank) is decidedly not giving wider access, they are restricting access.
“J.P. Morgan Chase & Co. and Intuit Inc. have ended a long standoff.” When J.P. Morgan shut off Intuit’s access to their customers’ data a few months ago, they did not shut off the data to Personal Capital or Yodlee, the largest data aggregator. They’re hitting the smaller players like Xero and Intuit first, then using that as momentum and leverage to hit the bigger players who would otherwise have more clout to fight back. It’s amazing how transparent they are about their motivations: “J.P. Morgan Chase and Intuit said they will pursue similar agreements with other companies….The bank then said it would like to use the partnership as a blueprint for dealings with other more widely used sites.”
“H. Tayloe Stansbury, technology chief at Mountain View, Calif.-based Intuit, said the new deal would give customers more real-time access to their data and would enable them to make better financial decisions.” Baloney. Our customers, and those of other aggregating firms, already have real-time access to their data.
Wells Fargo and Intuit announced they too would attempt to limit customer access to their data. As reported by Reuters, “The move follows a similar data-sharing agreement between Intuit and J.P. Morgan Chase & Co last week.” And, of course, Wells Fargo cites the same phony-baloney justifications.
“Many banks said the old arrangement could compromise cybersecurity.” Baloney. I founded three different cybersecurity companies and served on the board of RSA Security, the largest electronic security company in the world. I can tell you with certainty that the cybersecurity of Silicon Valley financial technology companies that use new state-of-the-art technology is far superior to the large banks which use old patched-together-with-chewing-gum technology that dates back four or five decades. Moreover, the best way to insure your accounts are not compromised is to use an aggregation service like Personal Capital to continually monitor activity in all of your accounts of all types in all financial institutions.
“Many banks said the old arrangement could…overload bank websites at busy times.” Baloney. It’s 2017. Google handles over 40,000 requests for information per second. Either this is a red herring, or the banks have technology from the 1970s. Oh, right, they do have technology from the 1970s. Still, the excuse that their servers are overloaded stretches credulity.
“Data will be shared via an application-programming interface, or API, which the companies say is more efficient and secure than the previous method.” Baloney. The largest aggregators already get the data via direct connections using APIs.
(In a different article in yesterday’s Wall Street Journal, this appeared: “‘We know customers love sharing their data, and banks are working hard to make sure they can share their data regardless of whether there’s a law or not,’ said Robert Morgan, vice president for emerging technologies at the American Bankers Association, a banking industry group.” Baloney.)
J.P. Morgan customers will have to “download their bank-account data through a bank-provided token.” Baloney. A bank-provided token puts the banks in control of who gets their own data and who doesn’t. This is what they want, so they can prevent you from comparing services and finding hidden fees – which unfortunately are rampant in our industry.
“More information is taken than the third party needs to do its job.” Baloney. This is a direct indication that they want to limit the breadth of access. What I’ve heard is that they want to limit access to just balances, and eliminate access to transactions, holdings and fees. This would obviously make the data useless and prevent consumers from getting true financial planning. Pretending to do financial planning without a comprehensive view of each family’s financial situation is close to malpractice.
“’While bilateral agreements between two big companies are a good first step, there will ultimately need to be more industrywide standards for data-sharing that include smaller banks and startups,’ says Beth Rockland, a managing director at the Center for Financial Services Innovation, an industry group.” Baloney. Creating an industry standard where all 14,000 financial institutions would be forced to enter bilateral contracts with other institutions would create a legal tangle that could never be untangled in my lifetime or yours. Some banks have even demanded compensation from financial technology companies to permit their customers to get their own data.
“When we all readily click ‘I agree’ online or on our mobile devices, allowing third-party access to our bank accounts and financial information, it is fairly clear that most of us have no idea what we are agreeing to, Jamie (Dimon, CEO of J.P. Morgan) wrote.” Baloney. Wow, is that the pot calling the kettle black. Have you taken a look at the agreements that banks make their customers sign by clicking an “I Agree” button? And by the way, when they click the “I agree” button at Personal Capital, they know exactly what they’re agreeing to, because aggregation is the specific reason they’re clicking.
“J.P. Morgan’s Mr. Dimon wrote in his annual shareholder letter.” Enough baloney to make a sandwich. Why in the world would Jamie Dimon – who runs one of the biggest and most complex financial institutions in the world – even pay attention to this issue? And why would the banks focus their mighty lobbying efforts in Washington to fight against their customers’ right to their own financial data?
In his annual letter to shareholders Jamie says that to allow “outside parties (their own customers) to have access to their bank accounts and their bank account information” is a grave threat to customer privacy and the security of the banking system. This is the final proof that the banks’ real objective is to cripple the new financial technology firms – which they view as competitors who have more agility and do more innovation – and prevent their customers from comparing offers and from getting the data they need to let non-bank financial advisors truly advise.
Please join me in calling on the banks and brokers to keep your data free.