Benjamin Alden, Betterment general counsel.
Benjamin Alden, Betterment general counsel. (courtesy photo)

Benjamin Alden, general counsel of personal finance startup Betterment, is caught up in a classic tale of industry disruption: His company allows users to manage their finances by linking their various financial accounts—including bank accounts and credit card info—into one dashboard. But financial institutions such as J.P. Morgan Chase & Co., Wells Fargo & Co. and Bank of America Corp. are making some new demands on who can access financial data belonging to their customers and how it can be accessed, according to The New York Times.

The banks, the report said, are sometimes refusing to share information about their fees and interest rates, and are claiming that the restrictions are meant to increase user data privacy and provide oversight. Many startups see it differently, however.

One early example of such a request, Alden said, came in November 2015, when J.P. Morgan required bank account holders to verify their identity if they wanted to access bank information through a third-party financial management software program. According to a report from The Wall Street Journal at the time, Chase Bank account holders received a notice about the increased verification procedures that cited “privacy and security” as a reason for the measures. A separate Wall Street Journal report claimed banks were worried about repeated requests from third-party companies overloading internal data servers and making online services slower for bank customers.

Alden recently spoke with The Recorder about how his company has responded to such restrictions, what type of government oversight his startup complies with, and what he wants large banks to understand. The following interview has been edited for clarity and length.

Q: What was the initial reaction from the personal finance startup community to these data restrictions?

A: Frustration. Our clients grant us access to that data to help provide better, unavailable financial services to them. It helps us help them plan for retirement, organize their financial life and get great clarity into their entire picture.

Q: When did you first see these restrictions being made?

A: Around 2015 was the first time we heard about this in material form. Wells Fargo added additional layers of security and Bank of America cut off some finance sites from its data. There may have been some things before that, but that’s when it started to feel a lot more like a real risk that this would be a trend.

Q: Will these restrictions increase user data privacy and security, as alleged by large banks?

A: No. Users are asking us to use this data. We don’t pull anything automatically. They have to tell us they want this in order for us to provide services to them. This is bank-driven, not consumer-driven. If the consumer doesn’t want to use it, they just won’t.

Q: And there is a claim that companies like yours have no oversight.

A: That is not true. The Gramm-Leach-Bliley Act Safeguards Rule says entities that access nonpublic personally identifiable financial information need to design, implement and maintain standards to protect that. Any institution that is regulated by the Office of the Comptroller of [the] Currency, the OCC, are separately supervised and examined.

Q: Has Betterment received these types of requests and how have you responded?

A: We use a third-party aggregator, a service called Quovo. To the extent that they receive these types of interference, they work very hard with the banks to try and figure it out. The real gist here though is that there are thousands of banks, so they’re trying to figure it out one at a time and there’s not much coordination.

The good news is that there are industry groups that we’re a part of. The Consumer Financial Data Rights group is trying to help push for a more unified approach so that these things don’t have to be addressed on a bank-to-bank level. The truth is the banks are perfectly capable of coordinating. They’ve done so around a payment service called Zelle to try and compete with the Venmos and PayPals of the world. We think that hopefully they’d be perfectly capable of coordinating around common standards that protect customer interest, that also make it easy for customers to access their own data.

Q: How have these restrictions affected your job as general counsel?

A: One of the things that we’re always trying to do is engage with the industry. I think there’s sometimes the perception that startup lawyers, and startups in general, like to move fast and break things. I’d like to say in fintech we move fast and [are] really careful. We try and talk with all the right people at the right time. We have no interest in breaking things and exposing our customers or harassing banks … We believe there’s a common zone of agreement here. We want our customers’ data to be safe, and customers want their data. And we want to help them get access to services that they couldn’t have without that. There’s a great area of common interest and through groups like the CFDR and through outreach, we really hope to push things in the right direction for the American investor.

Q: It sounds like a lot of how your job is affected is in meeting with similar financial tech startups to discuss and coordinate a strategy on handling these data restrictions, but you haven’t rewritten any policies or reviewed terms and conditions or similar measures?

A: Not from our end. We obviously want to be transparent with our customers about their relationship with third-party aggregators, and we also work with third-parties separately, but very importantly, cybersecurity is a huge focus at our company and hopefully at other companies like us as well. So, while in direct response, it is critically important that we are focused on that for the safety of our customers’ data.

Q: What leverage do you have in negotiating with large banks?

A: No. 1 is, we try and be very reasonable. No one’s asking for crazy things. We don’t want banks to open their vault doors. We’re all interested in security. And if there’s any confusion about that we try and dispel it. I’d say the second is Dodd-Frank [Act] section 1030 requires that financial institutions provide consumers with access to their data. Now the CFPB [Consumer Financial Protection Bureau] hasn’t gone further to define that, but, as a whole, that is a right and just [a] provision which serves a great purpose of forcing us all to at least come to the table. So that’s good. And also ultimately, consumers want this. We want this only because we want to provide services that our consumers want. To help them understand their financial lives better. If no one wanted these types of services this really wouldn’t be a question. If consumers were really content getting paper statements at random intervals from a wide variety of financial institutions that they interact with, this wouldn’t be a thing. But this really is a market-driven development.

Contact the reporter at DRuiz@alm.com.

Copyright The Recorder. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Benjamin Alden, general counsel of personal finance startup Betterment, is caught up in a classic tale of industry disruption: His company allows users to manage their finances by linking their various financial accounts—including bank accounts and credit card info—into one dashboard. But financial institutions such as J.P. Morgan Chase & Co. , Wells Fargo & Co. and Bank of America Corp. are making some new demands on who can access financial data belonging to their customers and how it can be accessed, according to The New York Times .

The banks, the report said, are sometimes refusing to share information about their fees and interest rates, and are claiming that the restrictions are meant to increase user data privacy and provide oversight. Many startups see it differently, however.

One early example of such a request, Alden said, came in November 2015, when J.P. Morgan required bank account holders to verify their identity if they wanted to access bank information through a third-party financial management software program. According to a report from The Wall Street Journal at the time, Chase Bank account holders received a notice about the increased verification procedures that cited “privacy and security” as a reason for the measures. A separate Wall Street Journal report claimed banks were worried about repeated requests from third-party companies overloading internal data servers and making online services slower for bank customers.

Alden recently spoke with The Recorder about how his company has responded to such restrictions, what type of government oversight his startup complies with, and what he wants large banks to understand. The following interview has been edited for clarity and length.

Q: What was the initial reaction from the personal finance startup community to these data restrictions?

A: Frustration. Our clients grant us access to that data to help provide better, unavailable financial services to them. It helps us help them plan for retirement, organize their financial life and get great clarity into their entire picture.

Q: When did you first see these restrictions being made?

A: Around 2015 was the first time we heard about this in material form. Wells Fargo added additional layers of security and Bank of America cut off some finance sites from its data. There may have been some things before that, but that’s when it started to feel a lot more like a real risk that this would be a trend.

Q: Will these restrictions increase user data privacy and security, as alleged by large banks?

A: No. Users are asking us to use this data. We don’t pull anything automatically. They have to tell us they want this in order for us to provide services to them. This is bank-driven, not consumer-driven. If the consumer doesn’t want to use it, they just won’t.

Q: And there is a claim that companies like yours have no oversight.

A: That is not true. The Gramm-Leach-Bliley Act Safeguards Rule says entities that access nonpublic personally identifiable financial information need to design, implement and maintain standards to protect that. Any institution that is regulated by the Office of the Comptroller of [the] Currency, the OCC, are separately supervised and examined.

Q: Has Betterment received these types of requests and how have you responded?

A: We use a third-party aggregator, a service called Quovo. To the extent that they receive these types of interference, they work very hard with the banks to try and figure it out. The real gist here though is that there are thousands of banks, so they’re trying to figure it out one at a time and there’s not much coordination.

The good news is that there are industry groups that we’re a part of. The Consumer Financial Data Rights group is trying to help push for a more unified approach so that these things don’t have to be addressed on a bank-to-bank level. The truth is the banks are perfectly capable of coordinating. They’ve done so around a payment service called Zelle to try and compete with the Venmos and PayPals of the world. We think that hopefully they’d be perfectly capable of coordinating around common standards that protect customer interest, that also make it easy for customers to access their own data.

Q: How have these restrictions affected your job as general counsel?

A: One of the things that we’re always trying to do is engage with the industry. I think there’s sometimes the perception that startup lawyers, and startups in general, like to move fast and break things. I’d like to say in fintech we move fast and [are] really careful. We try and talk with all the right people at the right time. We have no interest in breaking things and exposing our customers or harassing banks … We believe there’s a common zone of agreement here. We want our customers’ data to be safe, and customers want their data. And we want to help them get access to services that they couldn’t have without that. There’s a great area of common interest and through groups like the CFDR and through outreach, we really hope to push things in the right direction for the American investor.

Q: It sounds like a lot of how your job is affected is in meeting with similar financial tech startups to discuss and coordinate a strategy on handling these data restrictions, but you haven’t rewritten any policies or reviewed terms and conditions or similar measures?

A: Not from our end. We obviously want to be transparent with our customers about their relationship with third-party aggregators, and we also work with third-parties separately, but very importantly, cybersecurity is a huge focus at our company and hopefully at other companies like us as well. So, while in direct response, it is critically important that we are focused on that for the safety of our customers’ data.

Q: What leverage do you have in negotiating with large banks?

A: No. 1 is, we try and be very reasonable. No one’s asking for crazy things. We don’t want banks to open their vault doors. We’re all interested in security. And if there’s any confusion about that we try and dispel it. I’d say the second is Dodd-Frank [Act] section 1030 requires that financial institutions provide consumers with access to their data. Now the CFPB [Consumer Financial Protection Bureau] hasn’t gone further to define that, but, as a whole, that is a right and just [a] provision which serves a great purpose of forcing us all to at least come to the table. So that’s good. And also ultimately, consumers want this. We want this only because we want to provide services that our consumers want. To help them understand their financial lives better. If no one wanted these types of services this really wouldn’t be a question. If consumers were really content getting paper statements at random intervals from a wide variety of financial institutions that they interact with, this wouldn’t be a thing. But this really is a market-driven development.

Contact the reporter at DRuiz@alm.com.

Copyright The Recorder. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.