Stuart Rubinstein is CEO of Akoya, a startup whose mission is to transform the way consumers share their data by providing them with increased security, privacy, and control over their information. Stuart spent over 20 years in the financial services industry as a digital leader, most recently heading up Fidelity’s consumer access API initiative.
1. Tell us about your role at Akoya.
As CEO of Akoya, I’m responsible for overseeing a new way for consumers to grant access to their financial data to third parties. We’ve launched the Akoya Data Access Network and are in the process of onboarding several financial institutions, fintechs, and data aggregators, so establishing and nurturing those relationships is where most of my attention is focused right now.
2. Can you tell us about your journey into this industry?
I’ve spent the last 25 years in various roles at companies across financial services, including Goldman Sachs, TD Ameritrade, and Fidelity Investments. Most recently, I was President of Fidelity Wealth Technologies before Akoya’s spin out from Fidelity in 2020. I’m also proud to be a founding board member of the Financial Data Exchange, a nonprofit organization dedicated to unifying the financial industry around a common API standard for secure financial data access. All of this experience has culminated in my work at Akoya where we’re creating an interoperable, API-based network for consumer-permissioned financial data access that is available to the entire U.S. financial services industry.
3. How do you think technology is changing the financial sector?
Technology is allowing the financial sector to improve its offerings and meet changing consumer needs, but the rise in digital experiences has also heightened data privacy concerns.
Financial institutions have quickly embraced the move to digital banking and online services, and for good reason — according to Capgemini, 57% of consumers now prefer internet banking, up from 49% pre-pandemic.
At the same time a Deloitte report shows 64% of consumers say that privacy is always top of mind whenever they interact with their financial services institution. This doesn’t come as a surprise. According to a VMware Carbon Black report, the COVID-19 pandemic has been connected to a 238% surge in cyberattacks against banks. As consumers demand more online services and ways to connect their bank accounts to fintech apps, the challenge of securing their financial data, along with login credentials such as usernames and passwords, also grows.
The past year demonstrated the positive impact of financial technology in our everyday lives, including contactless payment options, budgeting apps that help consumers make better financial decisions, and online loan applications. To maintain this positive momentum, the industry must now prioritize secure data-sharing practices and build common standards that give consumers more control over their financial data and personally identifiable information.
4. What industry issues were you and your peers experiencing that spurred the mission behind Akoya?
Akoya was born out of Fidelity Investments in 2018 as an industry solution to credential-based data aggregation, commonly known as screen scraping. For the last two decades, screen scraping has been the primary method for accessing consumer financial data by fintech apps that help consumers make peer-to-peer payments, manage their personal finances, pay their bills and complete many other transactions. Screen scraping requires consumers to provide their login credentials directly to the fintech app, or in many cases, to an intermediary known as a data aggregator. The fintech or aggregator then accesses the consumer’s account and “scrapes” the consumer’s data. They then copy and store this information to access the consumer’s accounts on a continuous basis.
This outdated data aggregation method causes a number of problems for all parties in the data sharing ecosystem — data providers, data aggregators and consumers — ranging from data privacy concerns to low reliability and decreased consumer trust. In fact, Most consumers today neither understand the full scope of access they are providing when sharing data nor the parties to whom they are providing data access when they connect their bank accounts with fintech apps.
Akoya aims to make accessing and sharing financial data as easy and safe as possible for all parties. But, most importantly, to transform the way consumers share their data and provide them with increased security, privacy, and control over their information. In February 2020, 11 major North American banks invested in our vision to revolutionize financial data access — joining Fidelity Investments as equal owners in the now independent Akoya.
5. Can you explain what makes Akoya’s API-based network different from other data sharing methods?
Our aim is to secure data aggregation by migrating the industry away from credential-based aggregation methods to application programming interfaces (APIs). Financial institutions and other data providers as well as fintechs, aggregators, and various data recipients can integrate once with Akoya to enable multiple API connections with others on the network. Through this single integration, both sides of the network accelerate consumer-permissioned data access through shared technical, security, and legal standards. Additionally, Akoya eliminates the financial burdens of continued maintenance and development and handles all third-party relationships on behalf of both data providers and recipients.
Most importantly, the Akoya Data Access Network eliminates the need for consumers to share their login credentials with third parties. Using APIs, a consumer can connect a fintech app to their bank account by entering their login credentials directly with the bank. Once their identity is authorized, the data they’ve permissioned for the app to use is passed from their bank through the Akoya Data Access Network to the app. Unlike traditional data aggregation, the consumer’s data is not copied or stored by Akoya. This offers considerable risk mitigation as neither consumer login credentials nor non-permissioned data are copied or stored externally by third parties.
6. JPMorgan Chase recently integrated with the Akoya Data Access Network. What does this milestone represent for Akoya? How does this partnership impact Chase customers?
Our integration with large banks significantly increases the scale of the Akoya Data Access Network. As financial institutions of all sizes join the network, the network becomes more valuable to data recipients. As more data recipients join the network, it becomes more valuable to financial institutions and other data providers. A true network effect.
For customers of participating financial institutions, the integration means full control and visibility into the data they choose to share with an increasing number of fintechs, providing peace of mind for customers to use new fintech services with greatly reduced risk of fraud. The addition of each new participant to the Akoya Data Access Network marks an exciting step forward in setting the foundation for what the future of Open Finance and consumer-permissioned data access will be built on.
7. Akoya also recently submitted a comment to the CFPB. Can you briefly describe your position regarding consumers’ control and access to their financial data?
Given our role in the marketplace and our team’s decades of experience in the financial services and fintech industries, we responded to a number of specific questions in the CFPB’s Advance Notice of Proposed Rulemaking on Section 1033 of the Dodd-Frank Act. Our comment focused on why consumers must be able to instruct and give direct authorization to their financial institutions to permit access to their data and why a financial institution should be able to direct the method for a fintech or aggregator to access authorized consumer data.
Moreover, financial institutions should display to consumers what type of data is being accessed and by whom and should also provide a mechanism for the consumer to easily monitor and revoke the access on an ongoing basis. Likewise, fintechs and data aggregators should obtain explicit and informed consent from consumers in order to access their data, and that consent should clearly define what data are allowed to be further shared and for what purpose. They should also be required to provide consumers a means to revoke their consent at any time.
Lastly, all parties accessing and holding financial data must be held to the same strict security and privacy standards. If any regulations are promulgated they should include standards governing liability. This should be based on the principle that whichever entity causes the harm (such as through data loss, compromise, misuse, or other security-related incident) should bear the liability and be held responsible for the risks their activities introduced into the system. This should include liability for unauthorized transactions.
8. Which book are you reading these days?
I’m a fan of John Grisham and just finished “Camino Winds.” Betsy Eisenberg, our Head of Partner Success, helped us start the Akoya Book Club and our team is reading “Creativity, inc.” by Ed Catmull, President of Pixar and Disney Animation Studios.
9. Can you give us a glance of the applications you use on your phone?
I don’t think it’s all that interesting, but email is of course front and center. I’ve been a subscriber to The Wall Street Journal since junior year of college, so that always has a prominent spot. I’m also a golfer (well more of a hacker than a golfer) and I use an app called The Grint to keep score, link with the handicap system, and keep tabs on my golfing buddies.