As The New York Times detailed last week, major banks like JPMorgan Chase and Wells Fargo are demanding new terms from tech companies that want to be able to pull data for their banking customers.

Many fintechs rely on their users providing access to the data from their bank accounts, and use third-party intermediaries like Envestnet Yodlee and Intuit to access that data. Those third-parties have direct relationships with some banks and use scraping technologies to access data from others when users provide the credentials to their accounts.

To date, there have been few rules and standards as to how the data pulled is used and big banks want to change that. According to Jason Kratovil, a VP at bank lobbying organization Financial Services Roundtable, “When you think about millions of customers handing over their bank-account credentials to third parties, who currently have no real oversight or examination of their security controls, you start to understand why our members get pretty nervous.”

But many fintech execs believe the concerns over security are an excuse to thwart companies banks see as a threat. Personal Capital CEO William Harris told The New York Times, “It’s pretty clear the real intent of the banks is to limit this data because it puts their business model at risk.”

Personal Capital, which was founded in 2009, is an upstart wealth manager. It offers free analytics tools that it says more than 1.3m users take advantage of to track their personal finances. If those users were unable to give Personal Capital access to their bank accounts, it wouldn’t be able to pull in the data it needs to provide such tools.

Banks get aggressive

According to The New York Times, big banks are getting increasingly aggressive in their dealings with the third-party platforms that many companies use to access bank account data. In January, JPMorgan Chase and Wells Fargo struck a deal with Intuit “that will give Intuit more streamlined access to data from the banks, in exchange for new rules about how Intuit uses the data.”

Wells Fargo also demanded compensation “to help the bank cover the additional infrastructure costs involved in providing real-time access to data.”

Envestnet Yodlee, which competes with Intuit, has reportedly not yet come to an agreement with the banks and The New York Times says that the company is trying to push back on the banks’ demands. As Steve Boms, Envestnet Yodlee’s VP of government affairs sees it, “with data limitations, you are hindering the ability of millions of consumers to save more and optimize their finances.” 

But it’s not clear just how much push back is possible. Several banks have warned Envestnet Yodlee that if it doesn’t agree to their terms, it could lose access to some of the data it is currently able to retrieve from them. 

Ambiguous regulation and an uncertain regulatory environment

Unfortunately, the negotiations are high stakes in large part because it’s not clear what banks are required to do or what consumers are entitled to.

As The New York Times notes, in Europe regulators have basically decided that consumers, not banks, own the data from their accounts. In the US, Section 1033 of Dodd-Frank states that covered financial institutions, including banks, “shall make available to a consumer, upon request, information in the control or possession of the covered person concerning the consumer financial product or service that the consumer obtained from such covered person, including information relating to any transaction, series of transactions, or to the account including costs, charges and usage data. The information shall be made available in an electronic form usable by consumers.”

But the “electronic form usable by consumers” is ambiguous, and the Consumer Financial Protection Bureau (CFPB) that Dodd-Frank created, despite its push for greater openness on the part of banks, hasn’t issued a mandate regarding this.

What’s more, new US president Donald Trump has directed his Treasury secretary to review Dodd–Frank, and spoke of repealing it during his campaign.

Is the more aggressive negotiating stance that big banks are taking a result of the perceived favor they have with the new administration? If it is, fintechs should expect big banks to get even more aggressive if and when Dodd-Frank is dismantled and/or repealed.