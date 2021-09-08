Twenty-two million consumer accounts are using the Financial Data Exchange\u2019s open data API at a rate of 2 billion API calls per month, according to an August survey by the organization.\r\n\r\n<a href="https:\/\/bankautomationnews.com\/?s=FDX">The nonprofit FDX<\/a> is working to create industry standards for secure data sharing. Its members include big banks like <a title="Citi Ventures looks to process discovery and API security in 2021" href="https:\/\/bankautomationnews.com\/allposts\/corp-bank\/citi-ventures-looks-to-process-discovery-and-api-security-in-2021\/" target="_blank" rel="nofollow noopener">Citi<\/a>, <a title="Chase builds out digital and product leadership team, Citi hires new compliance chief" href="https:\/\/bankautomationnews.com\/allposts\/retail\/chase-builds-out-digital-and-product-leadership-team-citi-hires-new-compliance-chief\/" target="_blank" rel="nofollow noopener">Chase<\/a> and <a title="Bank of America uses AI to predict business volatility, acquisitions" href="https:\/\/bankautomationnews.com\/allposts\/corp-bank\/bank-of-america-uses-ai-to-predict-business-volatility-acquisitions\/" target="_blank" rel="nofollow noopener">Bank of America<\/a>, and fintechs like <a title="Plaid CEO Zachary Perret asks Twitterverse how to support cryptocurrencies" href="https:\/\/bankautomationnews.com\/allposts\/infrastructure\/plaid-ceo-zachary-perret-asks-twitterverse-how-to-support-cryptocurrencies\/" target="_blank" rel="nofollow noopener">Plaid<\/a>, <a title="Blend Labs integrates acquisition\u2019s mortgage automation process" href="https:\/\/bankautomationnews.com\/uncategorized\/blend-labs-integrates-acquisitions-mortgage-automation-process\/" target="_blank" rel="nofollow noopener">Blend<\/a> and <a title="PayPal touts QR codes for Venmo monetization strategy" href="https:\/\/bankautomationnews.com\/allposts\/payments\/paypal-touts-qr-codes-for-venmo-monetization-strategy\/" target="_blank" rel="nofollow noopener">PayPal<\/a>. Its mission is to unify the financial industry around common, interoperable and secure standards for consumers and businesses to access their financial data.\r\n\r\n<a title="FDX\u2019s Don Cardinal on how secure, standardized data drives automation" href="https:\/\/bankautomationnews.com\/allposts\/infrastructure\/fdxs-don-cardinal-on-how-secure-standardized-data-drives-automation\/" target="_blank" rel="nofollow noopener">FDX Managing Director Don Cardinal<\/a> sits down with <em>Bank Automation News<\/em> this month to discuss the recent upgrade to its API, now in version 4.6, and what the industry-led standards body has planned for in its upcoming 5.0 release, scheduled for October.\r\n\r\n\u201cWe have, in 5.0, a fraud use case so that [if] a fintech app or a data assets platform, known as an \u2018aggregator,\u2019 may see something suspicious in [an] account, now they have a mechanism for using the same secure rails to talk back upstream and say, \u2018Hey, Chase Bank or Citibank, there's something odd here, you ought to go look at it,\u2019\u201d Cardinal tells <em>BAN<\/em> in this month\u2019s Video Plus. \u201cAnd that's a first. Cardinal also explains how FDX's API will support more automation through its expanded data-sharing capabilities, and how the nonprofit works with core providers and regulators to further the adoption of standard practices.

The following is a transcript generated by AI technology that has been lightly edited but still contains errors. Today I'm joined by Don Cardinal, managing director of the Financial Data Exchange, or FDX, which is a nonprofit that works to create industry standards for secure data sharing. Its members include big banks like Citi Chase, Bank of America and fintechs, including Plaid, Blend and PayPal. FDX launched in 2018. Prior to joining FDX, Don worked at Bank of America for more than 20 years, including his last role as Senior Vice President of global information security, trust and safety. Don, welcome. How are you doing today?<\/div>\r\n<div><\/div>\r\n<div class="transcript-scroll-box">Don Cardinal\r\nDoing well, thanks for having me. Boy, you picked a great day, we're announcing the results of our summer metrics survey. So your timing is always wonderful.<\/div>\r\n<div><\/div>\r\n<div class="transcript-scroll-box">Loraine Lawson\r\nYes, I hear you just hit 22 million consumer accounts now using your API nearly 2 billion API calls per month. That's huge. What do those numbers mean to you as a standards body?<\/div>\r\n<div><\/div>\r\n<div class="transcript-scroll-box">Don Cardinal\r\nWell, I think it's recognition by the market that yes, there is still a driving market need for this. And to that API is we've built a good product. And they say if you build a good mousetrap, the world will beat a path to your door they indeed have and the API call volume, which is growing insanely fast, is you're showing that this isn't theoretical. This is real life in serious internet scale production. So we're really pleased with that the market is spoken with volumes. Yeah.Loraine Lawson\r\nFinancial Data Exchange has announced its spring release of FDX API 4.6. And you said you may have a new release out in October as well. But we know. Can you talk about what was new with the last API upgrade and what maybe we can expect it in October?Don Cardinal\r\nSure. I mean, well, we continue to add new fields and new enums. The current version 4.6 has over 620 data fields, including the most robust US federal tax form library available as a recovering CPA I kind of geek out on that. But we also did support for things like internal transfers, moving money between your own accounts inside of bank, bill payment initiation to further really close the gap with OFX parity as well. OFX is part of FDX. And we're trying to we've closed to the feature and functionality gap with them. We've also made improvements in our security off stack as well. Part of 5.0 I believe will be the ratification of Open ID Connect and FAPI 1.0 advanced in CIBA 1.0. So you'll see a harmonization of really believes industry best or global best in practice securing off stack as well. So a lot of things in play. There'll be some neat new things, we have a 5.0 , a fraud use case. So that FinTech app or a data assets platform, known as an aggregator, may see something suspicious in Loraine's account. Now they have a mechanism for using the same secure rails to talk back upstream and say, Hey, Chase Bank or Citibank, there's something odd here, you ought to go look at it. And that's a first. We're not aware of anybody else on the planet doing this, but our members have wanted to, for a long time. And that's the neat thing about a member driven solution is we're following what the members want us to do and their customers want us to do. And if you look at our principles, control and security are here two of the five principles. And so the ability just in ecosystem to look out for one another speaks volumes, a wide felt community of 200 organizations worksLoraine Lawson\r\nwell, I did not realize you to two hundred organizations, that's huge.\r\n\r\nDon Cardinal\r\nA lot of cats to herd.\r\n\r\nLoraine Lawson\r\nHow are market led standards like FDX accomplishing open baking and open finance specially with that many people on the on the page?\r\n\r\nDon Cardinal\r\nWell, the neat thing is when you have many eyes, developing an open standard, it's free for anyone to use. You get really, really strict QA, quality assurance review, and no one has a monopoly on best ideas. And we have a best idea wins, leave-your-market-cap-at-the-door policy in our working groups, any firm. Two ladies in a work in a garage, coming up with a net new thing can propose a request for change. And if it's persuasive, boom, there it is. That, you know again, I'm gonna go a little Biblical on you just as steel sharpens steel, one person sharpens another, that many eyes sharpens the spec. And that's why we have such robust data spec with over 600 data elements. Why we're seeing such a wide adoption, why so many members are present. It's Yeah, it's hard hurdles to get over. It's a lot of people to coordinate we move, do by everything by consensus, but that forces us to always focus on what is the customer want, what does the market need, and it really winnows us down from well, that's nice to have but not urgent. So it's a really great way of focusing really tiny resources on what we're doing.\r\n\r\nLoraine Lawson\r\nSo last time you were here, we did talk about automation. So from a bank perspective, what's happened since we last spoke?\r\n\r\nDon Cardinal\r\nWell, there's a lot of things going on with respect to automation, really, we're talking about is taking slow manual processes and trying to improve them all throughout the place so we can get people signed up connected and have the data flowing. So one, our registry itself is in beta we'll have a basically a giant yellow pages or white pages, for firms in the data sharing ecosystem to let themselves be discovered and be discoverable. And we're going to talk about what services they offer, how to contact them, how to engage with them, and eventually, what capabilities they offer an SI the fdx workplace or ecosystem. Hope to have a little more for you outside our October summit, so please stay tuned. But in addition to that, um, realistically, you look at these data sharing agreements, we're seeing them now coming faster and faster. We have a leading core processor, Jack Henry, enabling FDX for all of its clients and credit unions. But if you'll notice, and you're also seeing FIs and fintechs, and JHA, stand up developer portals as well. And so the more they do, the faster they get, you know, it's like muscle memory. So they're sourcing teams, they're negotiating teams, they're onboarding teams, get used to doing this thing. It's not new anymore. And that's, I think, really useful. Plus, as there's more ubiquity out in the space, you see a sort of, I don't know a need for competitive parity, if the firm you're competing with all the firms are competing with all have dev (developer) portals that have the FDX API in it, you got to keep up with the Joneses. Similarly, data sharing agreements -- got to keep up with the Joneses. And I think that's really, really useful in the space. But we also see common utilities outside of FDX popping up. And an important one, I want to call out, IHS market andTruesight have stood up third party data risk assessment tools. Again, again, you see new things showing up. But I think they're useful to call out as the industry matures. And common needs arise, you'll see people raise their hand go, Hey, why don't we try to solve this or that. So there's just a lot going on and I'm highly caffeinated today. So if you have any questions, please follow up.\r\n\r\nLoraine Lawson\r\nWell, you mentioned Jack Henry, are there any other cores that are working with FDX?\r\n\r\nDon Cardinal\r\nOh, sure, Fiserv was a founder of FDX and they're still very involved. And we're in talks with the other cores as well. I can't disclose which ones but you do the math, you know who they are. And all of them have a copy of the spec and are deeply engaged.\r\n\r\nLoraine Lawson\r\nAnd that will, of course, bring bring FDX into smaller banks, as well, right?\r\n\r\nDon Cardinal\r\nIt will on regulators almost from day one wanted to know, what are we going to do to make sure community banks and credit unions and other FIs are not left behind, you know, having seen and I've got a few gray hairs, seeing what happened with online banking, and then mobile banking, where you had the large firms, a lot of resources adopt early. And then you saw smaller firms kind of lagging behind because they didn't have the expertise or the resources to necessarily do that. And they didn't want any, anyone trailing. We really wanted to try to do that. And so we've been very mindful of courting the core processors and making things available publicly. So that you have the large firms with dedicated teams, you have of course on the other end, and then the folks in the middle, the mid majors, who manage some or all their own tech stack can be fast followers. I will tell you that back of the envelope math me to look at if you remember, way back in the early 2000s, the online banking adoption curve and even the mobile adoption curve in the mid 2000s. -- where we were on that adoption rate and capability rate versus where we are FDX, we're way ahead of that curve. No one remembers that everyone wants to Oh, just thinks Okay, yeah, it's tomorrow. But we're getting there.\r\n\r\nLoraine Lawson\r\nOkay. Industry-led standards are succeeding, what roles do regulatory bodies and policymakers have to play an open banking, particularly with standards like yours?\r\n\r\nDon Cardinal\r\nSure, and I'll wharf it just a bit. We really talk about open finance. I mean, open banking is just a subset open finance really is any financial data, including pensions, investments, property and casualty insurance and, and other things. But your regulatory clarity is is hugely important. You know, in a digital world, I have to code to a one or a zero, okay, and maybe just doesn't work in that. So since we can always have clarity that helps. Now, with respect to regulators, there's really two domains ,really, of needs. One is in the what's -- that is what policy outcomes, you know, that are desired and then the hows of, gee whiz what tech do we need to get there in a cost effective, cost effective, secure, and sustainable way. And the uniform regulators we talked to, have really been uniformly consistent in their their thought, and really their maturity level of saying, you know what industry is really best positioned come up with the technology, because it's going to morph over time, you can move faster, quite honestly, the security and risk threats evolve faster than typically the regulatory calendar can. They're, they're bound by a different set of rules. But on the flip side, you know, they set the what's the what's of policy and their best position for that. And we're barred policy from, you know, barred by our charter for talking about policy and regs. So it's a really great Texas Two Step, if you will. They do what they do best, we do what we do best, and we talk often. So I think that's really handy. Now, in the U.S., if you look, there's been a lot of stuff happening in the last year, the CFPB had their advanced notice of proposed rulemaking in the spring, the recent FFIC checklist came out at a whole section devoted to data sharing. Yes, on that bigger a reg geek, there's recent exact order about a month and a half ago about moving forward with the ANPR and even the FFIEC, Fed and OCC put out joint guidance on data sharing. There's a lot of attention in this space. So the more questions they can resolve around what's considered appropriate for risk evaluation, for controls, privacy, the easier it is for our tech teams to then put that into production. So that's kind of the dance we do, and it works. And I think the more that stuff gets settled, I mean, we're talking about out what 13,000 FIs and 1500 fintechs, just in North America, you do that math, and that Rubik's Cube gets in the millions of combinations. So the more certainty we have, the faster we can go.\r\n\r\nLoraine Lawson\r\nOK well, you know, it's it's easy to talk about it with finance and open banking API's as a technology play. In fact, I'm very curious about how big your how many lines of code is in your API, but\r\n\r\nDon Cardinal\r\nit's too big email.\r\n\r\nLoraine Lawson\r\nI just think it's fascinating. Some of them are so small, and they do so much but but their means of data delivery. But increasingly, it's clear that this is how business is done. So what are some of the business value that maybe banks haven't considered in open banking API's,\r\n\r\nDon Cardinal\r\nI don't really haven't considered. But again, they are considering and deploying, and I'll give you an example. Right now, if you wanted to do a mortgage, a lot of firms will think that's really great. Now, go ahead and send me your bank statements. And there's a lot of firms out there still saying, great, you can fax it to me, or you can scan it and email it to me. Now we learn in 2008, 2009, that sometimes people kind of fudge those numbers before they send to the bank. It's called chain of custody issues. Wouldn't it be great if as a lender, I could get the data directly from a source of record with no chain of custody issues? What if I could get it in machine ingestible format, so I wouldn't have to OCR it, I wouldn't have to rekey it. Those are both prone to error, cost money and take time. So if I can get better data, faster for free from authoritative source, what does that do to my through put, I can process more mortgages with the same staff and the same tech stack. So again, more revenue, that's pretty cool. Less errors, because I have better data. And that those are improvements we see. So we see that a new account opening. One of the other stories I like to talk about is let's say you're in line to buy your son or daughter a new laptop for school, right? Colleges are just kicking off. And you're, you know what, I don't know if I got enough cash right now to do that. But I have an ad here for a new credit card from XYZ bank. How would you like to be able to take an app, provision it or take a app, do your e-KYC, do your credit decisioning, do your provisioning into the digital wallet, issue it and have it available for purchase by the time they walk up at the cashier line. With these open APIs, you can do that and do it that meets all your regulatory guidance and all your rules and all your policy objectives already. It's simply secure rails for moving authoritative data. And that's the beauty of it. And one other piece I'll pick on is you're really helping out underbanked and unbanked population, there's a lot of press about bank on accounts and other items as well. But the end of the day, you still have to make some decisions about granting credit. And there's a lot of folks who are new to the credit space and they're either thin file or no file. But they have a tremendous history of paying utility bills, paying rent and other really solid and disciplined financial data. They may be recently divorced, they be new immigrants, they may be military. And right now they have the ability then share that data with a credit granting organization. Again, authoritative source, secure rails permission data, but get credit for could be years of good behavior and really seeing that now you see that with Experian boost, but you see other places as well. So you see these same rails helping the unbanked and underbanked. So those are three really cool stories. And I will point out APIs are the next new channel, just like online banking was another new channel, then mobile was another new channel, APIs and quote me on this one, will be the next new channel. Promise you.\r\n\r\nLoraine Lawson\r\nWell, I guess they support embedded finance too is that true fair to say?\r\n\r\nDon Cardinal\r\nAbsolutely. These secure rails go back go both ways. And it's extensible. So yeah, absolutely.\r\n\r\nLoraine Lawson\r\nSo recently Canada released its roadmap to an open baking regime what can you tell us about how that relates to industry-led standards like FDX. Can you tell us a little bit about that?\r\n\r\nDon Cardinal\r\nSure. The recent report by the department offense aligns very well with a concept of industry built technical spec, but serving the regulatory goals that they spelled out. The principles they, in fact, mentioned match up really quite well with the five principles we have of our data sharing, control, access, transparency, traceability, and of course, security. You know, they're going to be naming a new lead fairly soon once their election has passed. And we have a new Canadian director as well on the ground. And we tend to work very closely with him to make sure our spec which we believe is already fit for purpose, but becomes even more fit for purpose, federally and provincially, to serve a Canadian market.\r\n\r\nLoraine Lawson\r\nNow you have quite a quite a few customers in Canada, correct or\r\n\r\nDon Cardinal\r\nYeah, a third of our membership are Canadian. We do have all six of the Big six. But we also have some challenger banks and some smaller FIs as well. We have the credit union trade associations as CCUA and LCUC up there as well. And they're kind of keeping an eye on things for their members as part of their their remit. And we're glad to have them. They're very active in our space. So again, we want to make sure this spec is fit for purpose. We've already made changes to the FDX spec in Part of 4.6, and even in 5.0 is changes from the Canadian technical Task Force about, hey, that's really great. But you know, what, zip codes be postal code. It should be alphanumeric, for example, cuz it's not all numeric like we have in the States. And oh, by the way, we have this product called an RISP. Not a 401k. That's unique to the US. So we're seeing things like that getting called out in added to the spec. Those were just two easy ones. So they got those on day one.\r\n\r\nLoraine Lawson\r\nWell, I think that's a perfect place to wrap up. That was a lot of information, Don thank you so much for joining us during this webinar. It was a pleasure as always, and we look forward to following your work at FDX. I want to thank all of our Premium Plus subscribers for joining us on this episode of a pulse of the industry event. With this video, you'll see a full transcript of the conversation. We hope you enjoyed this webinar and let us know how we're doing by emailing us at info@Bank automationnews. com or you can reach out to us via one of our social channels on LinkedIn or Twitter. Have a lovely day.\r\n\r\nDon Cardinal\r\nThanks, guys.\r\n\r\n<\/div>