Financial Data Exchange (“FDX”) is an industry standards body comprised of financial institutions, data access platforms, fintech companies, consumer organizations, and other interested parties organized to address the need for an industry-wide standard for the secure exchange of consumer-permissioned financial information among financial services companies. The availability of such a royalty-free standard promises to unleash innovation in the provision of financial services to consumers, bringing new competitors seeking to assist consumers in achieving their financial needs, better managing their finances, and improving their financial health. FDX’s mission is one that can only be achieved efficiently through collaboration among industry participants, and the group approached its work from the outset with sensitivity to the requirements of the antitrust laws, delivering an unmistakably procompetitive outcome for consumers.
By Brad Jacobsen & David Kully1
On a cold day in March 2017, in the skiing village of Park City, Utah, a group of financial industry participants gathered to discuss how to better improve the permissioned sharing of financial data. The group referred to itself as “Initiative X” and would later become the “Financial Data Exchange” (“FDX”) when it launched on October 18, 2018. FDX addressed a critical need for the development of a standard to allow the secure exchange of consumer financial information among financial institutions, fintech companies, and other participants in the financial services industry. Data access platforms (often referred to in the past as “data aggregators”) and other industry participants at that time offered innovative services to consumers, but acquired information with the permission of customers without the benefit of a common and accepted approach that satisfied all the parties involved in the data exchange,2 as well as ensuring the highest standards of reliability and security for consumers. The creation and adoption of a uniform interoperability standard promised to unleash innovation in financial service offerings for consumers and competition for their attention.
FDX was founded by a group of the most innovative companies and engaged individuals operating in the financial services ecosystem and involved in consumer permissioned financial data access. FDX’s founding members represented over $2 trillion in market capitalization at the time of launch and included major financial institutions, data access platforms and fintech companies, as well as organizations specifically representing the interests of consumers. These founding members brought deep experience in consumer permissioned data-sharing issues, including involvement in industry efforts to promote market solutions and in providing input and education to regulators and law makers.3
The work of this group, which included competitors in various sectors of the financial services industry, helped advance the adoption and promotion of an industry standard for the permissioned sharing of consumer financial information. FDX acted with sensitivity to potential antitrust concerns from the outset and achieved an important and procompetitive solution for the industry and consumers.
A. FDX Solved a Problem That Denied Consumers the Full Benefits of Competition Among Financial Services Companies
FDX was organized with the consumer in mind to ensure that financial institutions, permissioned application providers/developers, financial data access platforms, and other fintech companies can more readily and securely assist consumers in achieving their financial needs, better managing their finances and improving their financial health.
Consumers are increasingly using online financial management, payments, credit decisioning, and related services that are provided by companies that are often not affiliated with their primary financial institution (where consumer financial information has been located traditionally). To take advantage of the innovative services offered by these entities, consumers need the ability to authorize their financial institutions to provide access to their data in a convenient, secure, and reliable manner.
In order to provide access to their financial records, consumers have historically shared their login credentials with financial applications or data access platforms. In most cases, financial apps do not store the keys, but instead pass these credentials via an application programming interface (“API”) to the data access platforms, which can then access the financial institution’s website and retrieve the consumers’ data (through a process known as screen scraping). While this process occurred only with consumers’ explicit authorization, experts believed that the ease, reliability, and security of the process could be improved through the use of APIs and token-based mechanisms. Individual companies, however, were reluctant to invest in the development of improved approaches, or in businesses that depended on those mechanisms, without some assurance that the industry might coalesce around their chosen solution. FDX was established to address this problem, a solution to which was necessary before consumers could receive the full benefits of the services that industry participants and new innovators were poised to offer.
Although others had previously sought to tackle the challenges that FDX confronted, FDX involved the most comprehensive industry effort to address this need. FDX’s founding members believed that an industry-led initiative offered the shortest path to realizing the benefits of secure, consumer-permissioned data sharing.
FDX sought, through the development and promotion of a common standard, to facilitate the secure exchange of information and accelerate innovation while giving consumers greater control of their data and better awareness of how it is used. The availability of the standard will mean more opportunities for innovative financial services companies to compete to provide improved financial services to consumers.
B. FDX’s Origins, Mission, and Structure
FDX had its origins in early 2017 as a grassroots effort of financial institutions, fintech companies, and data access platforms seeking to find common ground for a secure, consumer-focused data sharing framework. Recognizing the significant progress already made by FS-ISAC’s Aggregation Working Group in the 2015-2017 time period with its Durable Data Application Programming Interface (“DDA”) standard, FDX aligned with FS-ISAC and became a wholly owned, independent subsidiary of FS-ISAC in 2018. FS-ISAC assigned the DDA (now known as the FDX API) standard to FDX in October 2018 in connection with FDX’s launch in October 2018. FDX implements and oversees this interoperability standard and operating framework, continuing the development, improvement, and promotion of the FDX API. The FDX API has been improved and modified from the DDA since FDX’s launch from the original FDX API 3.0 to the most recent iteration, FDX API 4.6, currently under member review.
The mission of FDX is to unify the financial industry around a common, interoperable, royalty-free standard for secure and convenient consumer and business access to their financial data. Doing so will empower consumers to make information-based decisions about their personal finances and help increase financial literacy. FDX will accomplish its mission through execution of the following specific objectives:
- Define Use Case Profiles: FDX will define use case profiles describing consumer-permissioned scenarios within the financial data ecosystem. FDX will adopt and promote principles for data sharing across all use case profiles. Members will be able to qualify their solutions for one or more profiles.
- Adopt, Promote and Improve Data-Sharing Standards: FDX will develop and promote the FDX API standard and brand to help ensure financial data is timely, consistent, and accurate. Membership in FDX will allow use of and/or contribution to the specifications.
- Adopt, Promote and Improve Secure Authentication Standards: Consumers should not have to reveal their account login credentials to third parties to share financial data in the applications they choose. FDX will adopt modern standards in the FDX API specification in accordance with industry best practices with regard to authentication, authorization, data privacy and security in order to eventually do away with sharing login credentials with third parties to reduce risk to consumers.
- Develop a Certification Program: FDX will create a qualification and certification program to ensure common implementation and interoperability. Products (i.e., programs and apps for consumer- permissioned financial data sharing) will be approved by FDX through the certification program, to test the technical compatibility/interoperability, prior to being marketed as a compliant product, or getting access to certain intellectual property rights.
- Develop User Experience and Consent Guidelines Best Practices: FDX will document the steps and show examples of recommended user experiences across the end-to-end data sharing workflow to permit users to establish their financial data sharing connections with ease and full transparency and control. These steps will span across the lifecycle of creating a connection, managing a connection, and revoking a connection, including the steps of disclosure, authentication and authorization.
- Seek Broad Adoption of the FDX API Standard: FDX will seek universal adoption of the FDX API standard. Significant adoption by financial industry participants will be required to realize the full benefit of establishing a unifying standard.
- Future Applications: Achieving FDX’s mission and objectives through its operating principles and broad adoption of the FDX API standard may further support the development of a liability framework by the appropriate parties as encouraged by the U.S. Department of Treasury.
FDX is comprised of committees, working groups, and task forces focused on promoting the adoption of the FDX API standard and ensuring interoperability. In addition to financial institutions, data access platforms, and other fintech companies, membership in FDX is also open broadly to individuals, non-profits, and consumer groups with an interest in furthering FDX’s mission and objectives. FDX encourages all members to join working groups and participate at FDX events so that the voices of all interested members can be heard, with a “best idea wins” mentality, so that all members can contribute to the successful and broad adoption of the FDX API standard. Members are encouraged (but not required) to adopt and promote the standards released by FDX. FDX anticipates that, once its certification programs and procedures are established, widespread adoption of the FDX API will benefit consumers through consistent standards across platforms related to control, access, transparency, traceability and security of their financial data.
FDX will promote royalty-free technology specifications – ensuring greater adoption – and intends to provide a certification program for parties wishing to mark their financial products and programs as compliant to applicable FDX API certification standards.
Other industries have successfully created similar groups to address industry challenges. The Bluetooth Special Interest Group, the FIDO Alliance, and the Mortgage Industry Standards and Maintenance Organization (“MISMO”) are good examples of interested parties coming together to create a common standard. Although FDX was preceded by similar efforts in other industries, its mission and approach are unique to any financial industry forum. It is the first industry group with a broad range of support and active membership by companies across the financial services industry, as well as important participation by consumer groups. This level of participation will maximize the likelihood that FDX will succeed in achieving its mission, with consumers as the ultimate beneficiaries.
II. FINANCIAL DATA EXCHANGE IS A PROCOMPETITIVE COLLABORATION
As with any organization involving companies that might compete with one another, FDX must be and has been sensitive to antitrust concerns and has been careful from the outset to ensure that, in any activities relating to the work of FDX, participants avoid the exchange of any competitively sensitive information concerning the activities of their own businesses. But when it comes to the development, enhancement, and adoption of the FDX API, FDX members collaborate in pursuit of the organization’s procompetitive goal of establishing and promoting an interoperability standard for the secure access to user permissioned financial data.
The collaboration through FDX of a wide array of financial-industry participants allowed the group to accomplish together an objective that no single member could have achieved on its own. While individual organizations could have written their own specifications that, as a technical matter, could have (if adopted) permitted the exchange of financial data, the joint work in an open and unbiased environment invited participants to supply their best ideas and critical thinking in pursuit of a solution in which all participants could have trust and confidence.
Procompetitive collaborations of this nature, which provide solutions likely unavailable without competitors working together, avoid flat condemnation under the antitrust laws and are often found to be perfectly permissible.4 The activity in which FDX was engaged – establishing an interoperability standard for the permissioned exchange of consumer financial information – is just that kind of a procompetitive collaboration.5 But FDX recognized that similar organizations with procompetitive purposes had still confronted antitrust issues in the past, and it was careful to conduct its operations in a way that invited broad participation and excluded no one, did not limit the activities of any members outside of the their involvement in FDX, and ensured that its standards-development activities were not subject to anticompetitive misuse by any competitor. FDX approached its activities committed to developing and promoting the FDX API and ensuring prompt adoption. The growth of FDX’s membership base to 180 entities and significant progress in the adoption of the FDX API demonstrate that the group’s approach and collective efforts succeeded in supplying a solution to what had been an unresolved problem. The beneficiaries will be consumers, who will find themselves able to take advantage of innovations in the delivery of financial services across multiple platforms.
A. FDX Opened Its Doors to All Individuals and Entitites Interested in Contributing to Its Efforts
FDX from the outset was interested in ensuring that it considered all viewpoints as it evaluated how best to tackle the challenges before it. Its founding members notably included not only representatives from every segment of the financial services industry, but also consumer advocacy organizations that provided critical perspective and input into privacy and user experience issues implicated by the group’s work. When FDX was launched formally, its membership policies permitted the involvement of all entities, individuals, and groups interested in contributing to its mission. FDX has excluded no one (other than parties not permitted under applicable law, such as OFAC sanctioned parties), and all members not only have the opportunity, but are also encouraged, to contribute to FDX’s standards work.
B. FDX Membership is Non-Exclusive
Although it is FDX’s desire and intention to develop a standard for the secure exchange of consumer financial data that receives widespread adoption and unleashes competition and innovation across the financial services ecosystem, FDX’s founding members recognized that others might be pursuing similar activities and that the goal of an industrywide standard would be accomplished even if FDX’s approach ultimately failed to become the de facto standard around which the financial services industry coalesced. Other than restrictions on the disclosure outside of FDX of confidential information concerning the organization’s activities, FDX placed no limitations on members’ involvement with other organizations.
C. FDX Adopted a Royalty-Free Licensing Approach to Encourage Widespread Adoption of Its Standard
One impediment to adoption of industry standards can be the assertion of intellectual property rights and unreasonable licensing demands by entities whose rights would be infringed by the use of a standard. To avoid the potential for “hold up,” FDX’s founders decided to follow the lead of the Bluetooth Special Interest Group and require that FDX members commit to licensing intellectual property rights that would be infringed by the practice of the standard on a royalty-free basis.6 All of the founding organizations, representing a cross-section of financial services entities, agreed that this obligation would facilitate widespread adoption of the FDX standard, the goal all set out to achieve.
D. FDX Adopted Procedural Protections to Ensure Its Standards Development Cannot Be Hijacked and Deployed for Anticompetitive Purposes
Standards organizations have faced antitrust challenges in instances in which incumbent competitors have succeeding in misusing the standards development processes to exclude new technologies or competitors.7 FDX has established procedures to avoid efforts to establish biased standards that exclude competitors. In addition to encouraging broad participation by entities across the financial services industry, which itself reduces the risk of any one group dominating its processes, FDX’s committees and working groups must be co-chaired by one financial institution (“FI”) representative and one non-bank/FI representative. Further, items that are included in the FDX API require two-thirds support in FDX’s working groups, as well as the affirmative votes of two-thirds of FDX’s board. No individual entity, interest, or group can wield power to force the adoption of standards not widely supported by others and in the overall interest of FDX and consistent with its mission.
FDX remains committed to the development and promotion of a standard for the secure exchange of consumer financial information, but also equally committed to proceeding in way that ensures that it continues to promote competition among providers of financial services to consumers. Interested parties are invested to learn more by visiting www.financialdataexchange.org.
1 Brad Jacobsen is General Counsel of Financial Data Exchange. David Kully is an antitrust partner with the Washington, D.C. office of Holland & Knight LLP and serves as outside antitrust counsel for Financial Data Exchange.
2 These parties are generally the data recipients, such as fintechs, financial apps and other service providers, and data providers, such as banks and other financial institutions.
3 FDX is a technical standards body and does not lobby for policy positions, however, FDX does provide information and education to regulators, law makers and the market to ensure that interested parties understand the issues, risks and technical language involved in the consumer permissioned data-sharing ecosystem.
4 See Fed. Trade Comm’n and U.S. Dep’t of Justice, Antitrust Guidelines for Collaborations Among Competitors (April 2000) at 1 (“In order to compete in modern markets, competitors sometimes need to collaborate. . . . Such collaborations often are not only benign but procompetitive.”); see also Broad. Music, Inc. v. CBS, Inc., 441 U.S. 1, 21-23 (1979) (finding that a collaboration among competing songwriters to offer a blanket license to their works created a “new product” with unique characteristics, where the “whole is truly greater than the sum of its parts” and the agreement between them was “necessary to market the product at all”).
5 See Allied Tube & Conduit Corp. v. Indian Head, Inc., 486 U.S. 492, 501 (1988) (“When . . . private associations promulgate . . . standards based on the merits of objective expert judgments and through procedures that prevent the standard-setting process from being biased by members with economic interests in stifling product competition, . . . those private standards can have significant procompetitive advantages.” (citation omitted)).
6 See Bluetooth Patent/Copyright License Agreement, available at https://www.bluetooth.com/wp-content/uploads/2019/03/PCLA-ESign-Version-Version-11.pdf.
7 See Am. Soc’y of Mech. Eng’rs v. Hydrolevel Corp., 456 U.S. 556, 570 (1982) (finding standards organization liable for member’s use of its position within the organization to “manipulat[e] [its] codes” and harm competitors); Allied Tube, 486 U.S. 492, 496-97 (1988) (upholding liability for incumbent competitor that packed standards body with its supporters and blocked expansion of standard to include new entrants’ products).