Streamlining the Due Diligence Process with Ben Isaacson

Voiceover: If I Ran the Bank is a podcast hosted by Clayton Weir, co- founder and head of product and strategy at FISPAN, a fintech that is enabling banks to provide contextualized consumer life experiences to their business clients. Clayton is a thought leader in financial innovation and hits on the hottest topics in banking, finance, and the future of payments. And he wants to know if you ran the bank, what's the one thing you'd go all in on. Please tune into Spotify, Apple Podcasts, Google Play, or wherever you get your podcasts. And now here's your host, Clayton Weir.

Clayton Weir: Hey, everyone. Welcome to If I Ran the Bank Podcast. I'm your host, Clayton Weir. We're real excited for another episode. Today's episode is one of those things where we all see the news feed in our inbox, the daily roundup news blasts about this company getting bought, or that company raising$ 100 million and all the flashy headlines. And every once in a while, there's a more subdued headline in there that maybe is the actual news. And I saw one of those the other day where The Clearing House and some of their owner banks and a couple of their technology partners announce this really interesting new initiative on how they were going to manage data access and screen- scraping or direct access or whatever you want to call it amongst their accounts and amongst various fintechs. And it just struck me as the real news, even if it was maybe unflashy on the surface. So luckily the pilot program is run by a connection of mine, Ben Isaacson, who today is the leader in the connected banking program at The Clearing House, but has been a lifelong financial services product person at big banks, at really entrepreneurial neobanks, and on the infrastructure side, I think both at MasterCard and now at The Clearing House. And so I invited him on and want to unpack that what I think is deeply maybe unsexy on the surface, but I think ultimately foundational and challenging or industry- changing announcement you guys made a couple weeks ago. Thanks for coming on the show, Ben.

Ben Isaacson: Yeah, absolutely. Thanks for having me, Clayton.

Clayton Weir: Is there any blanks you want to fill in on your background?

Ben Isaacson: Sure. So, you did a pretty good job, so I lead connected banking at The Clearing House. For those of you who don't know what The Clearing House is, we're a consortium owned by 24 of the largest banks in the country providing market infrastructure and other services. We primarily on the payment side. So we move about$ 2 trillion a day through our wire services, our ACH services, and increasingly our real- time payments. We're also a place where these banks come together to solve and address industry issues that are larger than any one bank. And what we call connected banking is one of those. Does it make sense, Clayton, for me to describe connected banking and what that is?

Clayton Weir: Yeah, that'd be great. Connected banking being a slightly different version of some terms that we may be all using here. I'd love to hear your definition of that.

Ben Isaacson: Sure. So connected banking is really what we look at is a slightly similar version to what many in the industry would call open banking. So like open banking, what it's focusing on is data sharing between banks and financial apps, but why we focus on calling it connected is our belief is that in order for it to be effective and ultimately scale to its potential, it requires technical, legal, and risk collaboration between the parties. Whereas when you call something open banking, it implies a free- for- all where anyone can get access to bank data and use it for any purpose they want. And that's my responsibility in the area that I lead at The Clearing House.

Clayton Weir: And this seems like an interesting evolution of I've heard the term and I think it's uniquely American of market- based open banking. And it's really, I guess that's the idea that in most markets in the world it's been this regulatory regime, but in the United States, there's all these competitive pressures and reasons that banks and fintechs and others involved in this ecosystem have forced the market towards more openness or in this sense, more aspects of connectedness without there being this guiding hand of the government enforcing a model on it.

Ben Isaacson: Yeah. I think that's exactly right. I think in many areas, the US has been more private sector- driven in this area, but a lot of it to me starts from screen- scraping has almost been a uniquely US creation, where you could argue that the US had open banking starting 20 years ago when companies like Yodlee figured out how to do screen- scraping and get data from bank accounts without having to go to the banks. And essentially what they were doing was they partner with your favorite app. And when you signed onto the app, they'd ask the consumer, "Hey, in order for this app to work, you need to give us your bank username and password." And the consumers would do it. And Yodlee would take the bank username and password, and basically log into the site and take the data they needed. So, again, the innovation of the apps and the services that other markets have tried to drive by different regulatory regimes were actually happening through the private sector for the last 20 years. So, that's one of the reasons why this is a little bit different and a lot of the work is as we see it as looking to how do you take the best of the services that have been enabled, the thousands of apps that users use every day and make that into a model that is ultimately safe and sound and scalable for everybody.

Clayton Weir: I think that's a really good point. And I guess your macro point being that the United States has had some version of open banking for 20 years, this very scrappy version. But when we think about that, why open banking and what happens once you have it, we already have that case, to your point in the United States. So if you think of the accumulative enterprise value of Venmo and Plaid and Wealthfront and Cel- Fi and all these businesses that maybe aren't even possible without the screen- scraping direct access- based version of open banking, none of that has happened. None of those things that have made people's lives better or financial life more healthy, they were all driven on this duct tape version of open banking. We saw that when you get access to that stuff, you can build very compelling and creative applications for people.

Ben Isaacson: Yeah. That's exactly right. And on the innovation side, we've certainly seen that. But on the flip side, when you look at the safety and soundness side, what you now have are, and this is public, so you look at Plaid. Plaid said they have access credentials and data for over 25% of the bank accounts in the country. So this is an unregulated institution with more bank data than the two largest banks in the country combined. So it's gotten to a place where, from a safety and soundness perspective, you'd really be hoping for a better model.

Clayton Weir: Yeah. They're almost systemically important in a data breach sense. I'm just going to play it like what I think is the for dummies version of the quick history of the recent history of screen- scraping. And then I think I would lead into maybe just a two minutes to actually expand on what you guys are doing with this TCH true site oversight pilot program that you launched. So from my perspective, so you described it, we've had this for 20 years, we've done this screen- scraping thing where for people that aren't technical, effectively, what happens is you log in with your username and your password for online banking and the vendor stores that effectively in plain text, probably, in their own database. And at 2: 00 in the morning, they log into chase. com on your behalf. They know what line in the HTML code, the balances for your different accounts sit at. They pull those numbers out. They see that you do have a checking account that is still open, those kinds of things. They store it. And then they charge a dollar for every developer that needs that for their app to say," Hey, this is actually Ben. He has that account." That's how they get it. And so again, to go, the mid part of that journey was as those things became more popular in the post- financial crash, like fintech revolution and just the number of logins goes up, it started to cause a bunch of hassle for banks, I think on the server side where they have to, 2:00 in the morning, there's all of a sudden a million robots showing up to Chase.com to check balances and it creates production incidents and all this kind of stuff. And then, so I think the more recent chapters then, the first thing the banks do is they just cancel it. They block the IP addresses. They say, "Hey, no more robots." Whatever. Then they take a million calls to their call center that say mint. com doesn't work. Cel- Fi doesn't work. Zelle doesn't work anymore because this connection has been broken on the authentication side. And then based on angry customers, they started working with the aggregators to give them a structured, reliable data access. So now probably with most of your Clearing House banks, or the larger of your owner banks, they probably tend to have these real non- screen- scraping data sharing connections with some combination of the big market players. And you could challenge me on any version of this narrative, but I think that's what brings us to what you guys are doing is now, well, how do we ensure everybody's doing what they're supposed to be doing in that construct?

Ben Isaacson: Yeah. So I say that the definition of screen- scraping is spot on. And I think that's definitely been the issue. I would say, while there have been API-based data sharing agreements, as you mentioned, typically between the largest banks and the largest data aggregators, it's still really uneven and behind the scenes, just because you've seen an announcement that there's a data sharing agreement doesn't mean that's all encompassing, so it might not cover every use case, every piece of data. And while you've seen some of the stuff in the public, there are very few banks that have really done this at scale. And even among the largest banks, it's still pretty uneven. So, I would argue that the industry is making progress on those agreements. And then the final thing of course is just because you've done the agreement doesn't mean that it's been implemented yet. So a lot of those agreements that have been created are still in various stages of implementation. Those tend to take a while. So, this is an area that while we're seeing promise for sure, we would like to see it accelerated. And part of that is, how do you put the conditions in place to actually make it go faster?

Clayton Weir: So do you want to maybe expand on that a little bit? So how are you guys doing that? Because I think that's what you're carrying that burden or the flag for that at the moment is trying to make that work better.

Ben Isaacson: Yeah, no, no, absolutely. So, to us, making it work faster and it's funny because the one thing I'll say about this is it's really a different type of condition that I've seen in any other area of banking or payments in my career, because it violates every stereotype you think about the industry. So, on one hand, you have these" fast- moving," nimble fintechs, the ones getting billion dollars in DC funding and all of those types of things, but they're the ones locked into a 20- year- old Legacy technology, which is challenging to move away from because it requires them to change many aspects of their business. And that's what they always accuse banks of being. But in this case, it's the fintechs who have the Legacy technology, which is screen- scraping. Then you have the, you don't see my air quotes, but old stodgy banks. And they're the ones who are actually actively trying to migrate to more modern technology. And finally on the transparency side, you have the consumer groups who typically aren't always the best friends of banks. They're saying that the common screen- scraping model isn't transparent to consumers and these, again, air quotes, underdog fintechs, who talk a lot about how they're helping consumers, are actually being deceptive in some of these practices. So it's really a very interesting ecosystem that we're trying to evolve from. And so what we're doing at The Clearing House, so under this program called connected banking, we're really looking at how do we unlock all the bottlenecks or barriers to adoption at scale of API- based data sharing. So some of that is things like technology standards. So we're a founding member of Financial Data Exchange, which it's an API standards body for data sharing. And that includes many of the largest banks, data aggregators, users of financial data, all working together to create a standard. Because what we know is that with 10, 000 banks and thousands of fintechs, if you don't have a common API standard, then every new implementation becomes a new build. And we just don't think that's ever going to scale. So, that's one key area that we've been actively involved with. We're on the board of FDX and we're seeing a lot of great progress there. The second is looking at how do we accelerate the technology side of this. So similar to how The Clearing House runs other payments networks, we were an investor and facilitator in other investors investing in Akoya, which we look at as a data sharing network, because what we believe is that the best way for the industry to scale is rather than having thousands of banks trying to individually connect with thousands of fintechs, you have a common place where with one connection, you can have access to everyone. So if one bank connects into Akoya, then any fintech or data aggregator that's connected can get access to that bank's data. If that data aggregator or fintech connects into Akoya, they can have access to every bank's data. So rather than having to make thousands of connections, you only have to make one. So again, we were an early investor and facilitator in Akoya along with 11 of our owner banks and Fidelity Investments and we spun out Akoya to be that data sharing network. And then the final piece, which you had alluded to at the beginning in the beginning of this discussion, was really looking at how do we get through all the significant bank risk requirements that come up around third parties. So it's a regulatory requirement that banks do due diligence on any party that they partner with. And with good reason. This is very important as part of any data sharing agreement. So when you think about it, banks are sharing their customer data, a lot of which is personally identifiable or PII with potentially thousands of different parties. So, these would be considered high risk partners. So what we looked at is, how do we do that in a scalable way? Because this process, this due diligence, the banks are requiring these partners to answer hundreds of questions, prepare documents for review, participating in multiple day onsite visits. It's a tremendous amount of work. So if you look at how this scales and play this out, you have hundreds of banks all trying to do their own risk reviews on fintechs and data aggregators. It's just not feasible for either the fintech or data aggregator or the bank. So what we have been working with and what we announced in collaboration with TruSight and KY3P is a service where fintechs can go through a common risk review. And once they've gone through that review, it can be shared with any bank they're trying to do business with. Now, from a regulatory perspective, each bank is still required to make their own risk decision. But what they'll have through this report is all the information they need to make that decision. So all of a sudden, something that has historically taken six months at a time can be done in a week. And it doesn't require significant work from the party being evaluated to complete it. So those are the things we're working on, all very different. I like that you use the word unsexy because some of this is deeply unsexy, but it's really the hard work you need to do to get an infrastructure ready to do all the much sexier parts of the thing that happened when people talk about open banking or connected banking.

Clayton Weir: I agree completely and I find so much interesting. It's obviously no secret that my day job is we're a young services, like a fintech vendor to banks, so we sell enterprise software to banks. So I've personally filled these 400- page questionnaires out and it just always struck me as bizarre in the sense both that just the deadweight loss to both the bank and us each time, and just generally the disincentive to innovation or taking on the marginal partner because of rightfully how big the burden is of proof on this stuff. You obviously need to know who you're working on and this has gotten materially more onerous, I think, since the last financial crash and it's right. But these ways to make it more efficient and more nimble, just strike me as really important. I think ultimately it throttles or enables the ability of a bank to be innovative. So if you asked me if I ran the bank, one of the things I do is I'd show up in the procurement and risk departments and try and find what I could do there to create agility. I think that's where a lot of good and bad emerges in terms of our actual operating businesses and our product portfolio as banks.

Ben Isaacson: Absolutely. Yeah. I would say, one of the key things, so when I think about what a bank has to do to get ready for connected banking, part of it is the technical side of it and getting the APIs ready, getting all your data organized in one place so the APIs actually can connect to it, and that's significant work. And I do not want to underestimate how much work that is, but the other piece of it is just what you said. It's that philosophical change around how do you do risk management at scale, how do you do legal contracting at scale? How do you do it if rather than partnering to offer a service was the exception, it became the rule? And I do believe banks would have fundamentally different approaches. And, to us, one of the things we see through this effort is the benefit of a consortium like The Clearing House in leading a bunch of these, because a lot of the benefit is the collaborative environment we have across these banks, where the risk partners from each of the major banks were in a room together, figuring this stuff out. And it's hard for folks to drive change alone sometimes. And it's comforting to have your peers in a place where you can all collaborate and all build off each other to get to the place that ultimately you need to be.

Clayton Weir: So that begs a bunch of other, I think, interesting comments and questions, but the one thing I wanted to do here, I think you mentioned to me offline, I'm guessing it's your opinion that this model you're piloting in some ways is better and safer and more robust than the European model. And maybe I'll just preface that with a best analogy I could think of on- the- fly. But I think the best way to explain open banking to somebody is it's fundamentally the idea that in the vault at the bank, it's not really gold bars or coins anymore. It's data. And to extend that analogy further, the idea of open banking is really almost the equivalent of ATM machines in the sense that there's ATM machines all over. They are places that I want to be. Some of them are offered by my bank and some of them are offered by other banks and some of them are offered by other non- banks. And so I go to the ATM machine and I have to absolutely prove I'm me. I have to have my card and I have to have the key to get the money out. And I know I'm getting inaudible so I authenticate it. And that's how open banking works. I'm making the decision to share data if I'm in the UK and I say I authorize that app the way I would authorize an ATM to take money out of my bank. But I think in this model versus the UK, you don't really, you know that you've authorized it. And you know that fintech and that the aggregator did some amount of work to be allowed to connect to the open banking regime. But you really don't know at any moment in time how adherent to anything they said they're going to do or what their best practices are. And in some ways, this is what you're solving for is this robust continuous view of all these people in this data value chain and whether they're doing what they said they were going to do.

Ben Isaacson: Yeah. I think that's exactly right. And it's actually, it's a regulatory requirement of the banks that, that get done. And so, this is something that we'd want to do anyway, because it's good practice, but also, banks face a lot of the financial reputational and regulatory burden if it doesn't work that way but that's exactly right. Getting to a place where you have that transparency, but you also have some of those rules in place around... Sorry, I keep using the word transparency, but you have the rules in place as a consumer to ultimately know how it's working and where their recourse is and making sure that recourse is done in a fair way, is all really where I think the industry needs to grow to scale, because a lot of the places where there's been friction between banks and data aggregators or banks and fintechs, the reason for that friction is largely either regulatory- driven or that the model in place does fundamentally puts consumers in positions where they don't understand what's happening.

Clayton Weir: Totally agree. And so I think the by- product of you guys doing this, and we talked a little bit offline and it was another one of these, a Wednesday afternoon at 4: 00 press releases that no one maybe read or noticed how important it was, but the CFPB put out this principles on data sharing. And they really outlined, I don't know if there was seven or eight or six or whatever it was, but they really outlined, I think how dire this situation was at the time and what needed to change and how while it added a lot of value on the competitiveness and the service levels to clients, that nobody really understood what the risk cocktail was that they were consuming. And I think this answers it. So it really does seem interesting. FDX I know really positions themselves as enabling a market- based effort. I think this initiative layers over top really well as does Akoya but realistically it seems almost like the Legacy side of the industry, the bank side is trying to bring about a smart version of how they think open banking could and should work for them. And maybe if everybody does a really good job, maybe it tamps down the need for a government- led regulatory- led version of open banking in the United States, which does obviously seem not likely to happen tomorrow or any time in the foreseeable future and quite possibly likely to be less wide- ranging in scope as it was in Europe or the UK, I would guess.

Ben Isaacson: Yeah. I think that's exactly right. Where this started is we very much believed that number one, we were big proponents of the CFPB principles that you mentioned that came out. We thought that they got at the principal level, they really got it right. And these were all things that we believed in and we agreed with and we needed to strive to push it forward. What we've found in the market is, and our belief was that historically, regulations, even ones with great intentions and great principles behind them, the details suffer, because a lot of the folks creating the regulations, they don't do this every day. And so implementing some of the regulations can sometimes have a lot of unintended consequences that our belief was the faster we moved as an industry in alignment with those principles that the CFPB outlined, the less ultimate regulatory work would have to be done. Now, we've seen, so, a few months ago, the CFPB came out with an advanced notice public rule- making. And we responded to that as did many other players in the industry. So, we do think that there's a better than average chance that there will be some regulation, but I think your point that the more we can do on the private sector side, the more limited that regulation can be. And it doesn't have to be all- encompassing like the UK's open banking or PSD2 because the industries have addressed a number of the underlying issue.

Clayton Weir: Let's just maybe transition for a second. And maybe this is an unfair question. Maybe you have thought this through or not, but in some ways, and we just had a couple episodes ago, I talked to Mike Sigal from ISO 20022 Labs. And really talked about like in B2B, how important the modern, effectively the TCH's clearing system more so as an information sharing system, how powerful it's going to be, especially as we get all these. It strikes me if you inaudible and whether you want to agree with that or not, it doesn't matter because I agree that the real- time payments rail that you guys have built as an organization, I think is almost not as much about the movement of money or value as it is about information. I think it's just going to manifest in weird ways and people are going to bring it. But I believe that what you're doing here is almost a precursor to what I can see that in 10 years, where there will be all kinds of people accessing the information rails of the real- time. There'll be all kinds of third parties accessing it and wanting to exchange data on that network. I'm thinking specifically in B2B context, but it seems like you almost are anticipating some of that. The Clearing House is actually a much more obvious player at the center of an open or connected banking regime than it would maybe seem on the surface.

Ben Isaacson: Yeah. I think a lot of what we've done on the payment side prepares us for that. Being a consortium, being a payment network, again, I talked about it earlier around Akoya. There's a lot of similarities between a data network and a payment network, both in terms of how you can create a central hub, the way you manage and architect for scale, the importance of a good common rule set. All those things are very, very similar. I do agree with everything you just said on real- time payments. And I think things like request for payment that are getting built out and the ability to move information similar to like an invoice, within the real- time payment system, are all going to be incredible improvements. I think this from a data perspective can be even more powerful because you look at all the consumer data that's sitting in a bank account and all the things that it can be used for. So right now today we have thousands of fintech apps, but there are new companies, new use cases being created every day. And I look at the future of that. And from a bank perspective, I think it becomes mission critical just to become very good at dealing with the realities of this new ecosystem, where you have to be comfortable with other parties providing financial services to your customers because even if I can look at the 4, 000 apps out there and 3, 950 of them are terrible and will all go out of business in two years, 50 of them are going to stay. And your customers are going to use some of them. And so banks have to be prepared for that world. And I think there's tremendous opportunity if banks really embrace being providers of data. What does that mean? If banks looked at some of those apps and said," Well, why don't I pull them into my suite because if my customer is using my services and using their services, why don't I offer them, why don't we become a distribution channel for some of these apps?" I know in a prior life, when I was working in a bank, whenever we talked to a fintech, that was always their number one question, was," Hey, can you sell my app to your customers?" Banks that don't have a good mechanism of doing that today, I think there's a lot they can do there either directly into their suite or into call it an app store type of model. But there's a lot of ways that banks can. They can provide data services, they can become distribution engines for other parties that provide services that they don't, or really use it to enhance their own products by integrating them. I think there's a lot of opportunity there once the ecosystem is set up right.

Clayton Weir: I couldn't agree more. And I actually think maybe that's the right place to wrap the conversation because I think you've nailed it right across all those dimensions. There's amazing opportunities for banks to create value for their users in a way that doesn't diminish their own value or the importance of their brand or their relationship with their customers. And I think that does get lost at times in these conversations. So I appreciate that. Maybe just before we wrap completely, just on a lighter note, often ask this, what's the dumbest thing you've ever done that maybe later turned out to be a good idea?

Ben Isaacson: So I was working in a prior life, I was working on a project that I was leading when the financial crisis hit. And I realized that the project just didn't make any sense anymore. And it was still fully funded. There was a lot of momentum behind it, but I went to the project sponsor and I shut it down. I said," This makes zero sense to do anymore. I know it's funded. I know I'm violating every rule of a product manager, but I think we should shut this down because no one's going to buy it for the next three years." And I got my wish, I shut it down and it turned out it actually ended up making my job a lot smaller and less meaningful. And I actually annoyed a whole lot of people who thought this was a good idea. And ultimately what it did is it opened opportunity at a new company where I got to do the exact type of work I wanted to do and fundamentally reshaped my career in a way that works. So I guess that's the best way I can answer that question at least from a career perspective.

Clayton Weir: No, I think that's a great story. And I think one of the lessons I take away from that is I feel especially as product managers, but I think inaudible we actually don't say no to things often enough. We don't see the value to just, we don't end things. We don't end features or products or initiatives fast enough often. And quite often it might be painful in the short- term, but often leads us to the right thing later. So no, I appreciate that. Well, inaudible So, thanks so much, Ben. I really appreciate you coming on the show, really appreciate the conversation. I just think the work you guys are doing over there is really fascinating. And I think is maybe even one of these things that might not be fully appreciated, the Bill Gates quote, that we always overestimate innovations of the next two years and underestimate what's going to happen on the decade timescale. But I totally think that this is the foundational stuff that a decade from now becomes really important and what gets built on top of it might be quite interesting.

Ben Isaacson: No, I really appreciate that. And I'm really glad you recognize that because we've actually been really pleasantly surprised with the results. We thought this was going to be a wonky press release that nobody really thought about or cared about, and we've actually been getting some great feedback, so really appreciate those comments.

Clayton Weir: Awesome. Well, thanks again for your time. I really appreciate it. Thanks everybody for listening. As always, please subscribe on Apple, Spotify, Amazon Podcasts, wherever you get your podcasts and never hesitate to share this with a friend. And if you want to learn more, you can always check out fispan. com, F- I- S- P- A-N. com. And questions, comments, concerns, always happy to hear more from you. Thanks.