apidays New York 2022 - Discussing the significance of API standardization, Dinesh Katyal, Avast

The Industry Standard for Consumer
Access to Financial Records
The Significance of
API Standardization
Dinesh Katyal,
Director Product,
Open Banking and Payments
Avast

2022 SERIES OF EVENTS
New York
JULY
(HYBRID)
Australia
SEPTEMBER
(HYBRID)
Singapore
APRIL
(VIRTUAL)
Helsinki & North
MARCH
(VIRTUAL)
Paris
DECEMBER
(HYBRID)
London
OCTOBER
(HYBRID)
Hong Kong
AUGUST
(VIRTUAL)
JUNE (VIRTUAL)
India
MAY
(VIRTUAL)
APRIL (VIRTUAL)
Dubai & Middle East
JUNE
(VIRTUAL)
Check out our API Conferences
www.a pida ys .globa l
Want to talk at one of our conferences?
apidays.typeform.com/to/ILJeAaV8

About Avast & the Speaker
World leader in consumer cybersecurity, privacy, digital identity & trust-based services with 435M+ users
worldwide.
Member of Financial Data Exchange*
Co-chair of the FDX Canadian Technical and Money Movement Taskforces
Champion of open standards leading W3C working groups for Decentralized Identifiers and Verifiable Credentials
Steering member of Trust over IP
Speaker – Dinesh Katyal, Director Product for Open Banking and Payments, Avast
• Founding member of Financial Data Exchange
• Director Product for Financial Data Exchange
• Co-chair on money movement taskforce
*A non-profit industry standards body operating in the US and
Canada that is dedicated to unifying the financial services
ecosystem around a common, interoperable and royalty-free
technical standard for user-permissioned financial data sharing

The Need for API Standards
• Example: Consumer financial data sharing in North America:
• 14,000 FIs x 11,000 Fintechs => several 100 MM b2b data
connections
• Standardization allows a firm to build once without re-inventing
the wheel and re-use many times
• It ensures the resulting solutions are secure, performant,
consistent and meet the defined user experience goals
-
200
400
600
800
1,000
1,200
1,400
1,600
>$165B <$165B <$10B <$1B < $500M < $250M < $100M
Number of Banks by Asset Size
Standardization is critical in multi-party ecosystems to creating user experiences
that are secure, transparent, traceable, provide universal access and ensure
informed user control.

Industry Led Standardization is Powerful
2004
2010
2016 2019
1999
• Universal
• Rapid increases
in performance
• Lower costs for all
parties
x 27000 increase in speed

Dimensions of API Standardization
5
Technology Regulation
Standardized
Payload
Connectivity
Security
& Auth
User Experience
Industry (the How) Government (the What)

Dimensions of API Standardization
6
Non-Functional
Attributes
User Experience Security
API
Technical Specifications
Registry
Reference
Implementation
Technology Governance
Taxonomy Certification

Illustration:
Financial Data Exchange
A Successful Market Led Approach to API
Standardization

The Industry Standard for Consumer Access to Financial Records
Financial Data Exchange (FDX)
(an independent subsidiary of FS-ISAC)
8
FDX is the international, nonprofit
technical standards body dedicated
to unifying the financial industry
around a common, interoperable,
royalty-free standard for the secure
access of permissioned consumer
and business financial data, the
FDX API.
© FDX, all rights reserved FDX does not comment on policy or engage in lobbying.

9
FDX Confidential. All rights reserved.

The Problem Statement
10
FDX is not a policy or lobbying group.
• We estimate that in North America alone there are ~100
million credential pairs being used to scrape data.
• Typically, 30%-35% of a given financial institution’s online
user base has shared their credentials.
• Typically, 25%-40% of a given financial institution’s online
logins are scraping sessions.1,2
© FDX, all rights reserved

The Approach

Customer-Centric Data Sharing Ecosystem Taxonomy
12

13
Principles for Consumer-Permissioned Data Sharing

Consent Grant View and Revoke
Consent
Grant Notification
UX Standardization: Grant Consent Journey - Visuals

15
Data Standardization – over 620 data elements
Checking
Savings, CD, IRA
Credit Card
Auto Loans / Leases
Home Loans
Investments & Pensions
Property & Casualty
Student Loans
College Saving Plans
Tax Forms
Small Business Accounts
Statements & Check Images
Crypto Assets
Use Cases
Personal Finance Management
Lending
Account Linking for Payments
Account Owner Verification
Bill Pay
Tax
…

Not All Parts of Standard Were Developed From
Scratch
16
UK (OBIE)
Australia CDR
OIDC & FAPI

17
DCRP CIBA
Security Standardization
FIDO
UAF
App Level Encryption Security Profiles

18
The Complete Suite of Standards
API and Data Structures
1. Accounts and Transactions
2. Tax
3. Money Movement
4. Consent
5. Customers
6. Capability and Metrics
User Experience
1. Consent Grant
2. Consent Viewing
3. Consent Revocation
4. Consent Notifications
5. Taxonomy
Security
1. Secure AuthN & AuthZ
2. Security for Sensitive Data
3. Secure App Onboarding
Certification
1. Provider Requirements
2. Recipient Requirements
3. Certification Use Cases
4. Certification Model
Taxonomy
Governance
Community Development Process

The Need to Inform and Educate
19
2022
May 24 CFPB announces a “Future rulemaking . . . will give consumers access to their own data.”
July 11
CFPB says “The CFPB is also accelerating its work to implement a required rulemaking on personal
financial data rights, which we hope will spur competition and switching by giving consumers more
control of their data.”
2021
February 4 CFPB Advance Notice of Proposed Rulemaking on Dodd-Frank Section 1033
July 9 White House Executive Order on Competitiveness
July 13 Interagency Third-Party Guidance from Fed, OCC, FDIC
August 12 FFIEC Cybersecurity Guidelines, Section 9: Open Banking
September 21 House Task Force on Financial Technology
October 27 CFPB Director Rohit Chopra gives testimony before House Financial Services Committee
December 12 CFPB publishes Spring Rulemaking Calendar for Dodd-Frank 1033
FDX is not a policy or lobbying group.

The Proof

UX Standardization: End User Transparency

Known Dev Portals
© FDX, all rights reserved.
Wells Fargo: https://developer.wellsfargo.com/
Citi: https://developer.citi.com
US Bank: https://developer.usbank.com/
Capital One: https://developer.capitalone.com/products/customer-transactions
Amex: https://developer.americanexpress.com/open-banking openbanking@devmail.americanexpress.com
Truist: https://developer.bbt.com/admin/app/home
PNC: https://developer.pnc.com/
Schwab: developer.schwab.com
Discover: Dev Center
Intuit: https://developer.intuit.com/app/developer/homepage
BofA: (invite only) http://dataservicesapi.bankofamerica.com/ds/ BofA: aggregator.support@bankofamerica.com
Chase: (invite only) https://developer.chase.com/
Jack Henry (Banno): https://jackhenry.dev/
FIS: Code Connect: API Marketplace | FIS
FiServ: https://developer.fiserv.com/product/AllDataAggregation
Bank of Montreal (BMO) API Developer Portal bienvenue | API Developer Portal
Royal Bank of Canada (RBC): https://developer.rbc.com/
FDX: https://developer.financialdataexchange.org/

Publicly Announced Data Sharing Agreements
24
• RBC and Plaid announce agreement to bolster client security and increase connection to financial services apps – Jun 14, 2022
• RBC and Envestnet Data and Analytics announce agreement to provide clients with greater control over their financial data – Jun 14, 2022
• Fiserv and MX Enable Secure Consumer Financial Data Access to Accelerate Future of Open Finance – Mar 21, 2022
• Envestnet | Yodlee Collaborates with Intuit QuickBooks to Provide Financial Data Connections to Millions of Small Businesses – Oct 13, 2021
• PNC-launches-Akoya-solution-to-increase-the-security-of-connections-for-consumers-to-safely-transact-with-financial-apps – Sept 30, 2021
• TD Bank joins the Akoya Data Access Network to accelerate Open Finance – Sept 13, 2021
• Pentadata Announces Open Finance Integration with Akoya – July 29, 2021
• FINICITY AND GREEN DOT ANNOUNCE SECURE DATA ACCESS AGREEMENT TO DELIVER MORE ACCESSIBLE, SEAMLESS AND SECURE MONEY MANAGEMENT TO CUSTOMERS – July 21, 2021
• Wells Fargo joins the Akoya Data Access Network to advance API-based financial data aggregation – June 22, 2021
• Capital One and Plaid Announce New Data Sharing Agreement – June 8, 2021
• Putting you in control of your personal data with a new API – May 21, 2021
• Plaid and U.S. Bank collaborate to deliver a secure open finance experience – May 13, 2021
• Jack Henry and Akoya Offer 4.8 Million Financial Institution Customers API-Based Access to Their Financial Data - May 10, 2021
• Jack Henry-Finicity partner to empower community financial institutions with open banking capabilities - May 5, 2021
• Akoya adds JPMorgan Chase to its Data Access Network – February 17, 2021
• Finicity Announces Secure Data Access Agreement with Brex - December 18, 2020
• Citi builds fintech marketplace – December 18, 2020
• Akoya and U.S. Bank team up to accelerate safe, secure, and transparent consumer-permissioned financial data access - November 16, 2020
• Finicity and BMO Harris Bank Finalize Secure Data Access Agreement - November 12, 2020
• Wells Fargo and Envestnet | Yodlee Sign Data Exchange Agreement - September 24, 2020
• FINICITY FINALIZES SECURE DIRECT DATA AGREEMENT WITH CHARLES SCHWAB - September 18, 2020
• TD enters into North American data-access agreement with Finicity – August 7, 2020
• TD enters into North American data-access agreement with Intuit – September 2, 2020
• Financial Institutions Can Empower Consumers to Securely Share Their Data with New Aggregation Solution from Fiserv - September 3, 2020
• U.S. Bank and Fiserv sign agreement to simplify data exchange between customers and applications – March 9, 2020
• Envestnet | Yodlee and JPMorgan Chase Sign Data Agreement to Enhance Consumer Data Protections, Bolster Overall Data Connectivity and Reliability – December 5, 2019
• U.S. Bank signs agreements with top data aggregators and fintechs, bolstering API efforts – September 23, 2019
• Wells Fargo and Plaid Sign Data Exchange Agreement – September 19, 2019
• Envestnet | Yodlee and Charles Schwab Enter Financial Data Access Agreement – April 16, 2020
• Charles Schwab Reinforces Its Commitment to Customer Data Protection – April 16, 2020
• Wells Fargo Surpasses One Billion API Calls – February 11, 2020
• JPMorgan Chase, Envestnet l Yodlee Sign Agreement to Increase Customers’ Control of Their Data – December 5, 2019
• Plaid Signs Data Agreement with JPMorgan Chase – October 22, 2018
• FINICITY AND FIDELITY INVESTMENTS JOIN FORCES ON CUSTOMER DATA SECURITY – September 27, 2018
• USAA Providing Safer, More Efficient Approach to Data-Sharing – July 2018
• Finicity Signs Data Agreement with JPMorgan Chase – July 10, 2017
• Bank of America preps data sharing service – May 26, 2017
• Finicity and Wells Fargo Ink Data Exchange Deal – April 4, 2017

25
Summary
Global, Industry-led standards have a successful track record: Bluetooth, USB, FDX
They are successful by being both inclusive and highly standardized.
You are not alone in navigating this space!
For additional information or questions:
Lori Pierelli
Director of Marketing,
Development & Operations
Don Cardinal,
Managing
Director
Dinesh Katyal
Director Product
Open Finance

apidays New York 2022 - Discussing the significance of API standardization, Dinesh Katyal, Avast

Recommended

Recommended

More Related Content

Similar to apidays New York 2022 - Discussing the significance of API standardization, Dinesh Katyal, Avast

Similar to apidays New York 2022 - Discussing the significance of API standardization, Dinesh Katyal, Avast (20)

More from apidays

More from apidays (20)

Recently uploaded

Recently uploaded (20)

apidays New York 2022 - Discussing the significance of API standardization, Dinesh Katyal, Avast