NewTech Friday: Akoya – revolutionizing financial data access

What led to the creation of Akoya?

The number of fintechs has grown considerably since the Covid-19 pandemic began in 2020. Customers increasingly want to share their financial data with fintechs to take advantage of the services those apps provide, such as budgeting, peer-to-peer payments, tax, and investment management.

The need for customer-permissioned financial data to power these apps has fueled the development of Open Finance: the sharing of customer financial data that extends the third-party access principles of Open Banking, which primarily focuses on payments, mortgages, loans, investments, and much more. This growth has piqued the interest of regulators, particularly the Consumer Financial Protection Bureau, who may be proposing rules on financial data access in the near future. 

Much of this regulatory interest stems from the method in which the majority of customer financial data aggregation is performed. This process, called screen scraping, requires customers to give their login credentials (i.e., username and password) to an intermediary known as a data aggregator, who then logs in on their behalf to access the data. This presents several challenges for financial institutions:

1. Financial institutions do not know who is logging into their website or mobile platforms. It is difficult to determine if it is the customer logging in, a data aggregator, or a bad actor, making it harder to detect fraud. 

2. Screen scraping can also put a strain on a financial institution’s infrastructure as data aggregators can scrape a customer’s data many times during the day and during times of heavy traffic.

3. When customers provide their credentials externally, financial institutions can become susceptible to data breaches since many people use the same usernames and passwords across multiple sites beyond financial services. 

4. Once a data aggregator has a customer’s credentials, they have access to all the customer’s data, not just the data needed for a fintech app to perform its function. Data aggregators can copy, store, and potentially resell this data, creating data lakes and further putting customer data and identity at risk.

Akoya was born out of Fidelity Investments as an industry solution to screen scraping. In February 2020, Bank of America, Capital One, Citi, Huntington, JPMorgan Chase, KeyBank, PNC Bank, TD Bank, Truist, U.S. Bank, and Wells Fargo invested in the vision to revolutionize financial data access, joining Fidelity Investments as equal owners of Akoya. 

Could you present Akoya's offer?

Akoya replaces screen scraping with Application Programming Interfaces (APIs). Unlike screen scraping, where data aggregators collect and store login credentials, Akoya enables customers to authenticate, select accounts, and permission data to a fintech app using their financial institution's existing online banking portal. This eliminates the need for login credentials to be held and stored externally and significantly mitigates the privacy and security risks stemming from screen scraping. Additionally, Akoya provides a simple way for customers to grant, modify, or revoke access to their financial data within their online banking portal.

Through a single integration with Akoya, financial institutions can enable API connections with multiple fintechs and data aggregators and avoid continued maintenance and development efforts. Akoya handles all downstream data recipient relationships on their behalf and removes the myriad of internal and external costs required to develop and manage a growing number of third parties. 

Further, Akoya optimizes for security, transparency, and scalability. Our passthrough model does not copy, store, or hold any customer information. All outputs follow the Financial Data Exchange (FDX) API standard, and we require all fintechs and data aggregators using Akoya to pass a rigorous security assessment that is reviewed regularly and available to financial institutions. We also ensure our network meets the highest security standards by successfully completing regular security audits, including the SOC 2 Type 2 attestation.

We offer two service tiers for financial institutions: the no-fee Connect service, and the Managed service (which has an annual subscription fee). Both service models have separate implementation costs based on the complexity of the integration.

The no-fee Connect service is geared towards financial institutions that have already built out an API infrastructure. Akoya offers basic access to the network with minimal integration into existing systems.

The Managed tier is a full-service SaaS offering that delivers all the functionality of the Connect service and provides the following:

• A Management Console to self-manage connections and configure settings.

• A dedicated account manager with 24/7 support.

• An API for use in integrating a permission dashboard into a financial institution’s existing digital properties.

• An account section page during initial customer consent that includes the financial institution’s branding.

• Data recipient security and risk reviews and additional diligence materials.

What's coming next for Akoya?

Currently, fintechs initiate payments and money transfers by accessing and holding bank account and routing numbers, which has many security and fraud risks that need to be addressed. Akoya is working with industry participants to tokenize account numbers to enable financial institutions to swap their customers’ actual account number for a token before being passed through to data recipients.

Additionally, while financial institutions are commonly thought of as data providers, meaning they provide data to fintech apps, they can also be data recipients, receiving data from other banks, brokerages, or fintechs to offer fintech apps and services to their own customers. Akoya enables financial institutions to obtain data reliably with APIs and consistently, as all data outputs are sent in a common format (FDX standard).

To meet the needs of financial institutions that want to receive data, Akoya is developing products that can be combined to help facilitate several use cases, including new account opening, payment enablement, personal financial management, and more. 

Akoya has API coverage for nearly 60 percent of all demand deposit accounts (~350 million), a third of retail brokerage accounts (~31 million), and a quarter of defined contribution accounts (~35 million), as well as nearly half of credit cards issued (~300 million) already in production. Higher coverage and more data sources are coming soon as well.