“I agree there has to be some minimum standards across all of those principles to capture it all, and at the same time given how complex our Federal Reserve system is stateside, it needs to be national. We cannot have more and more of the state-specific California Consumer Privacy Act (CCPA) sort of standards hitting us because that just makes things much more complicated,” said Gupta.
Alex Yang, global head of API strategy and enablement, Bank of America Merrill Lynch said “American exceptionalism” might get in the way of creating cohesive data sharing framework.
“Hopefully we’re not going to get to that in the US where ‘this is the Bank of America standard, this is the Wells Fargo standard’ because that’s just hard, and we’re not in the business of making work for ourselves when we should be in the business of making things work for our customers,” he said during the panel.
“They rely upon technology providers to craft their payment systems, their interfaces, their online customer screens, their backend databases. And I think those technology companies are working as hard to make the best use out of any open application programming interfaces (APIs) that are available as the banks are in evaluating which use cases are appropriate, when to go hard on a specific security requirement and when to ease up in the spirit of making sure our customers are well served.”
Current regulatory developments in state-level data standards include the CCPA, which was signed into law in 2018 and recently amended in July of this year. Nevada, Massachusetts, Rhode Island and Maryland also have data privacy laws enacted. While state statutes may be a helpful starting point, they are too complex to be user friendly, panellists argued.
“There needs to be some thinking about how do we get this consumer paradigm shift where consumers are able to understand what is going on, because I think the worst-case scenario is if we’re just creating another CCPA type situation,” said Jeannette Quick, lead counsel for financial services, Gusto and former senior attorney in legislative and regulatory activities at the Office of the Comptroller of the Currency (OCC).
According to Quick, CCPA disclosures are not helpful to the average consumer.
The potential for the OCC’s special purpose national bank (SPNB) charter also looms, with the regulator currently defending it before the Second Circuit.
According to Sam Taussig, head of policy at fintech Kabbage, the possibility of neobanks receiving SPNB charters could lend itself to an even more complex structure of shared service agreements.
“You as the customer may have a relationship with one brand, but in terms of who owns your deposits, responsibility may exist in one or potentially 10 banks across the financial ecosystem. You need to be able to tie that back from both a legal and a technology standard,” he said on the panel.