Standardizing data is often the first step of any automation venture, and the Financial Data Exchange (FDX) is looking to do just that across financial institutions and fintechs of all sizes worldwide. <em>Bank Automation News<\/em> sits down with FDX Managing Director Don Cardinal for this webinar.\r\n\r\nFDX is a nonprofit organization that works to create industry standards for secure data sharing. Its members include big banks like Citi, Chase and Bank of America, and fintechs like Plaid, Blend and PayPal. The mission is to unify the financial industry around common, interoperable and secure standards for consumers and businesses to access their financial data.\r\n\r\nHear how the nonprofit\u2019s recent work is poising the industry for increased automation with faster and more secure data sharing. Cardinal offers an industry snapshot of API-based sharing mechanisms within financial services today and delves into the FDX's projects and priorities for the coming year.

Bianca Chan
Hi, everyone, and thanks for joining us for this pulse of the industry event. I'm Bianca Chan editor at Bank automation news. And I'm proud to present our February Premium Plus webinar. Today I'm joined by Don Cardinal Managing Director of the financial financial data exchange, or fd x, which is a nonprofit that works to create industry standards for secure data sharing. Its members include big banks like Citi Chase, Bank of America, and fintechs, including plaid blend PayPal, fd x launched in 2018. And prior to joining fd x jaw, Don worked at Bank of America for more than 20 years, including his last role as Senior Vice President of global information security, trust and safety. Don, welcome. How are you? doing? Great. Thank you for having me. I appreciate your flexibility, of course. Wonderful. So the topic of today's discussion is understanding the intersection of standardization data and automation. Let's jump right into the questions. Sure. Happy to do so. Sure. So let me tell me if I've got this right, ft X's mission is to unify the financial industry around common, interoperable and secure standards for consumers and businesses to access their financial data. Spot on. Okay, perfect. So let's dig into a little bit about how your standards help the ecosystem automate more financial services? Sure, common standards help everybody because once you can rely on certain elements to be in place at all times, it dramatically lowers the costs and barriers to entry to all players. I'll pick on a my friends at the USP organization, you know, you have everyone agrees that USBC Great. Now you have one device, one set of chargers and all that good stuff. So standards dramatically help that and they help all players get on board, irrespective of their degree of tech savvy. Mm hmm. Awesome. And so tell us about some of the recent work you've been doing in f dx. I know you've had a busy start of the year. Oh, my goodness, yeah, of course, we had our fall receipt released in December with four or five we had user experience guidelines, because how a customer interacts with the data is is very important as well. And we were very careful to focus group tests that I think the group that lead that effort had, like 300 years combined experience, it was amazing. But we had a personal financial management use case and our taxonomy terms. Strangely enough, what you call things really, really matters. And we're able to share that with our friends at the CFPB and other folks under a treasury as well. It was well received. Of course, we're growing, we added three members in January, we're still growing. And of course, we started collaborating the CIO Council in Canada. So there's a lot of irons in the fire. Great, great. And so tell us about the use of there was a December release, is that right? Absolutely. So with the December release, we added additional data fields and data elements, we made some revisions to the security control considerations, as the world changes, you know, spec has ever done. It's like you've never really done renovating your house or your payment. And so as things change as our members go, you know, that's great. But what I like to do is, and so you're add new things to that I think we're over North of over 500 data elements defined and growing.\r\n\r\nDon Cardinal\r\nMore and more to come that our friends in Canada have got several queued up, they want to add in very soon. So that's coming. Oh, good. So the data, the extra data fields that you've added, and the ones that your friends up north are interested in? Are those niche to the different geographies or tell me about not really one of the neat things about having a market driven verse is a government mandated firm, we're not focused just on checking savings or credit card. We use it what's being scraped today. What is the consumer demanding through apps. And so we all have to do follow the customers demand, what they're voting with their mouse clicks what they want. And so we have not just banks in all the accounts that you normally think of not just checking savings, credit cards, but also CDs, IRAs, auto loans, mortgages, he locks he lines, but we've also got investment accounts, retirement accounts, pension accounts, even some property and casualty and other insurance accounts, things that other jurisdictions really haven't thought about yet. Because their focus is different, and that's different. That's fine. But no, realistically, sometimes you just call things differently. For example, some jurisdictions call a checking account, a current account, and it's just a matter of potato potato, making sure that our document will the Fair enough, making sure our documentation references it appropriately. If we reference a state making sure it also means province is fair. And not just zip code, but also postal code can be alphanumeric in a lot of places. That's fine, but it's important to make sure that it's not too tied to any one jurisdiction. That's the beauty of MDX. Remember, driven we have members on four continents. We should be a reflective of a country\r\n\r\nBianca Chan\r\nlocal infrastructure. Mm, cool. And so how might those developments help spur the adoption and use of automation within banking?\r\n\r\nDon Cardinal\r\nA variety of ways. One things we can do is we've expanded account holder information. So the more uniform and hygienic your data is, the more you can rely on it, the more it's easier to wire it into your solutions. So, for example, if you're applying for a new account, mortgage, let's say I just mentioned those right now, or in the traditional model used to either have to scan and email or fax in if you still remember what those are. And then you get an image other machine OCR optical character recognition, or Ricky's it both are prone to error, both are expensive. Wouldn't it be great if you could get machine ingestible data in real time for free? You know, over the wire, boom, done. Better data, Papa John's, right. So the idea is better, faster, cheaper, higher quality data? So what would that do to your approval time, your decision time? Well, faster. And with no reduction in quality, no reduction and no increase in risk? Because that's kind of cool. Of course, UX guidelines are really important. The idea is how do we in a repeatable manner kind of reflect industry's best thinking on? How do you guide a customer in that journey between, I want to share this data, here's what I want to do with it, here's who want permissioning and what for, and then have them go through that in a repeatable scalable way. It's really important to always make sure that we tie everything back to that customer journey, customer experience, and the extent that we can, you know, document, hey, here's our best in class thinker, here's what we all kind of think is best to use. It really helps. Because if you ever been on the other side, where you're designing a product, your first questions, what's everybody else doing? Yeah, by doing those, it really does help. Mm hmm. Yeah. You know, it's funny that since we've been covering automation more, more finely, it's it's interesting. Everything comes down to data and standardized data and digitized data. And that's really the first that's the prerequisite. That's the first step in jumpstarting any sort of automation at scale. So it's interesting to hear, you're doing that on a different level, I guess, between organizations, and between countries and continents as well. Yeah. And the scale is getting big. And we've got 12 million customers who already can convert it away from the old, you know, share your ID and password model to this new tokenized method. And that number is growing. We're going to do a new survey in spring. And hopefully, we'll have some better numbers out there as well. But I think it's really interesting to point out, the reason we've been able to go that far that fast or this fast, is not just banks, brokerages, aggregators, and service companies, but it's also a lot of fintechs, academics, even some key individuals, not for profits, trade associations, it really is 172. Member tent, that's a little bit of everyone.\r\n\r\nUnknown Speaker\r\nThat's a lot of cats to hurt, don't, a lot of consensus. But on the flip side, when you do agree on a taxonomy, what to call a data element, or what to call a process, then you can say, hey, look, the industry, this is an industry term, by definition. And that's actually really, really useful. Mm hmm. Yeah. And so sex is an interesting vantage point. We've kind of hinted at this a little bit. But given your membership model, can you give me an industry snapshot of where we're at with financial institutions adoption of API's, since we've been interested in API's in the sense that they are really a facilitator to automation? Well, the technology to scrape data use your ID and password has been around for over 2025 years, it's old enough to buy liquor in most jurisdictions. And it's incredibly useful. I mean, you, I've seen estimates anywheres, from 70 to 100 million people have given up their ID and password at one time or another to share for filing your taxes for getting a mortgage for you know, investment advice. There's a lot out there. And so I want job security for us. Yeah. But the other thing is, we're moving away from that legacy model to the tokenized. Access. The good news is, the customers experience really doesn't change much. We're not asking customer to do anything different. So that's good. But I think as you reduce the number of IDs and passwords out there, technically, your risk surface for everybody, including the consumer decreases, that's always a good thing. Everyone's realizing what they're rationalizing every piece in the chain. Do I need to hold this? Do I need to hold that? And really getting much I think better data stewards all throughout the chain on for that. So again, we've gone from a shear everything to a right sized model, I think it just shows a maturation of all the players irrespective of size. Hmm, oh, yeah. So would you say f dx is membership is irrespective of size in that you have financial institutions across asset tiers? We do. We have some credit unions that are modest in size, a billion billion five in size, which for credit unions, it's still decent. We do have obviously some trillion dollar f eyes as well, but we have them all throughout the gamut.\r\n\r\nUnknown Speaker\r\nspecialty firms. I like to shout out, you know, military serving institutions like Navy fed USA, came from military banking background. So I love that customer base. They follow instructions and get security.\r\n\r\nUnknown Speaker\r\nSecurity background. I love that. Yeah, for sure. Awesome. So it's interesting how this, this the impact or the benefit that standardization of data can have, especially I guess, in the lens of automation is agnostic of size. It really does. So a modest credit, credit union or a small regional bank that manages their own tech stack, can offer the same capability, if you will, the same API's as a top four universal, because our spec is free to use, there's no, there's no royalties to use it at all. We're not for profit, after all. But the idea is, you shouldn't see with these API's, the same long tail that you did with online banking, rolling out or mobile banking rolling out where you had early adopters, and then you had fast followers, and you know, that mid tier, and then you had the late adopters, you should see that really compressed, because we've worked very, very hard with groups like the independent community Bankers Association, the ccua, in Canada and icba. To try to tell the members about it, get it front and center. So that again, that big hump, you see visually, and it gets really compressed that doesn't work well on audio and sorry.\r\n\r\nUnknown Speaker\r\nAnd so what did the adoption of API's look like? I guess three years ago, so just when FDA was starting out? Sure, I mean, most everything was credential based. Now I'd have to give props to the great granddaddy of all these data specs, oh, FX, online, financial exchange has been around for a very long time, and really laid a lot of the stakes out for all this. But it was mostly credential based.\r\n\r\nUnknown Speaker\r\nAnd it did have limited functionality. But again, just getting checking and savings and some key information about the investment accounts was still huge. And that's great for the time period when it was developed. And I think that was wonderful. And FX is now part of f dx. And we're slowly merging the standard in so we have a successor, but the effects is still in use today. And, you know, much respect for all that they did. Mm hmm. And so now I'm trying to gauge what this timeline will look like, how compressed it is. So what might what might API adoption among financial institutions look like three years from now? So I guess 2024? Wow, oh, Lord, it's hard to say, with COVID came up, it was kind of a black swan event, we're not entirely sure we have this nice linear growth, as we see from 2018. Forward, I, conservatively, you think that line will go forward, I'm hoping it will start marking upward as production pilots come to fruition. And from my experience with large ephi, they do an associate pilot than a limited location pilot than a larger pilot. And each of the chunks gets larger as you go. It's like when you tell your kids to cut the cake and pick up the small piece first mom and dad are watching. And then that's a bigger piece than the bigger piece. So I expect those chunks to get bigger as we go. So I expect that curve to stop being linear and start being a little more exponential as we go forward. But I can't give you any hard numbers. Sorry. No worries, no worries, I'll ask for maybe a different hard number. But as the adoption of API's and secure data sharing ramps up, we've talked about how that kind of mitigates your risk surface level? Are there any sort of like quantifiable metrics you can share in terms of like, how much less risk that might be? Well, let's go back to the numbers. If we have 12 main people who are no longer sharing their IDs or password, those are less credentials that can be lost, like any other piece of data, the fewer people that know a secret, the less likely it is to for whatever reason to leak out there. And the less data leakage we have, the better. And realistically, when we talk, if you go through our control considerations, everyone is really looking at economy of data and rule of least privilege, trying to right size that as the customers do their grant consent, and people are looking at other jurisdictions, whether they're GDPR, ccpa, or even Australian CDR, trying to understand Okay, to right sizes data to manage their risk as a data provider or service provider. How, what do I need? And how long do I need it? And what's the right time to destroy that data? I think it's been a very good maturation for everyone. So yeah, the 12 million certainly. But even of the data they're sharing, I think it's been right sizer is being right size. So I think props to everyone in the tent for realizing that. Mm hmm. And so, thinking about what are the headwinds that might stop that adoption rate from accelerating in the next three years? What are some of those market forces or barriers from keeping all financial institutions from leveraging API's and other secure ways of sharing data? Well,\r\n\r\nUnknown Speaker\r\nI'm trying to think of some of the\r\n\r\nUnknown Speaker\r\nwell obviously competing\r\n\r\nUnknown Speaker\r\npriorities again. And that that's certainly always an issue. And like any technology conversion, if you look at em v rollout away from mag stripe, it took a little while and they're still gas stations and other smaller merchants that don't have that we hope to do much faster than that. I think one of the key groups that's going to be really useful the core processors, a lot of small FiOS and credit unions actually outsource some or all their tech stack to core providers. And you know, if I serves on our board, CSI web on our board as a member, rather. And so we are courting and talk to the other core processors who are interested.\r\n\r\nUnknown Speaker\r\nAnd I think they often the core process of this, I think, will really move and provide these tools to a lot of institutions today that\r\n\r\nUnknown Speaker\r\nrely on those parties for their tech. Totally, totally, it'll unlock a huge part of the market that maybe isn't touching FDA, at this point right now. Fair enough. And then to your first point about the I guess, competing priorities you've you've had, you've had to wear a banker's hat for for decades now. So putting that hat back on, I mean, how do you kind of get get secure data sharing on the top of the list there?\r\n\r\nUnknown Speaker\r\nReally, it's a matter of really looking at what does this buy you short term? tactically, yes, you have these shared credentials. And we know kind of a Moore's Law of data sharing. We know from asking members and a few years back, we did some back of the math envelope math with some of our larger f eyes, and said, what percentage of your customers have given up their ID or password, and the rough number was roughly a third. And it's it's held real didn't matter the size of the institution. It's kind of a rough Moore's Law of data sharing. And so you're reducing your risk service and improving your privacy posture is certainly a big driver. But on the flip side, we're starting to see innovative firms looking at, you know, I can get real time structured, very hygenic data that's from authoritative source directly. You know, now I can I can do more things, we talked about onboarding that mortgage. And one of the stories I like to tell is, can you imagine if you have a client who's in line at a box store, it's going to be springtime? graduates, let's say I'm going to buy a new computer. You don't know I don't have enough cash? I probably should get a credit card. How would you like to be able to have someone apply? Do your KYC? Do your decisioning, do your provisioning, and issue a virtual card by the time they get that cash register?\r\n\r\nUnknown Speaker\r\nWell, with real time data, that's a real realistic possibility. Mm hmm. Yeah, for sure. Yeah. And so explain what FDA is doing with data use cases? Do these limit data, a customer can access? Or is this about data minimization?\r\n\r\nUnknown Speaker\r\nNo data use case, one of the things we found, we've talked to our friends in other jurisdictions who've set up standards, and one of the things you have to do is certify firms against that standard to effectively show that technical chops to also understand, even within a technical spec, sometimes there's some variation, or like, well, you can do it this way or that way. And remember, in today's digital world, you have to code to a one or zero a very finite thing. And so certification is a huge topic around the world in open banking, open finance. So, but great, but one of the things you have to do then do is decide, okay, well, what data are we going to certify on? So you have to then decide, okay, we're going to decide use cases, because for personal financial management, which is known as budgeting or tax prep, or credit, decisioning, or credit management, those are slightly different data sets, in their firms that do different things. We have card only firms, you have some firms that just offer checking and savings. And so some firms are just brokerage. So you have to have data sets that reflect that. One to make sure certifications even possible. Once you have that, certainly, right sizing data, as we talked about making sure you take everything you need to do to serve your client, the end customer, and really nothing more, because customers don't want to over provision data. We see that in guidance from regulators, and we see that in other jurisdictions. So it's really about taking care of that. So use case is a great way of describing the why and what you have to have for that. And certainly parties can say, well, that's really great, but we're gonna throw in these other fields, because for this budget in case you need to know a little bit more, so we just needed a minimum.\r\n\r\nUnknown Speaker\r\nBut that's really what's for certification. Making sure data is right sized, but parties are certainly free to add in anything else they want to agree to again, it's their, their customer. Mm, yeah. And so we're almost out of time here. So just a final question for you, Don, what can we expect to see from x dx in the coming year?\r\n\r\nDon Cardinal\r\nOne of things I think we can see is additional numbers, additional numbers. And one of the things we're going to start seeing it with our next release version four dot six and version four to five is support for some legacy functions that are existed in our friends at o FX, for example, simple bill payments, simple transfers. Again, always chasing whatever that customer is doing today via screenshare. Screen scraping by serving that customer. So I think you'll see that growth as we follow that along. They're the ones in charge. We all work for them after all. Yeah, that's right. Okay, I think that's a perfect place to wrap up. Don, thank you so much again for joining us during this webinar. It was a pleasure as always, and we look forward to following his work, and how it may drive automation within the industry more broadly. I want to thank all of our Premium Plus subscribers for joining us on this episode of a pulse of the industry. With this video, you'll see a full transcript of the conversation. We hope you enjoyed this webinar and let us know how we're doing by emailing us at info at Bank automation news.com or you can reach out to us via one of our social channels on LinkedIn or Twitter. Don, thank you so much again. Thank you