By Pete Schroeder and Anna Irrera
WASHINGTON/NEW YORK (Reuters) – JPMorgan Chase & Co <JPM.N> has told financial technology companies they will be barred from accessing its customer information by July 30 unless they sign data access agreements with the bank and back a plan to stop using customer passwords to gather the data.
The largest U.S. bank by assets set the new deadline in a letter sent to the companies in late January, in which it said they must agree to a “concrete plan” to transition to a new method of collecting customer data, according to two people familiar with the matter.
Otherwise, JPMorgan will block all automated access to the data, including through so-called screenscraping, or the process of collecting data from one application to use it in another, the people said.
A JPMorgan spokesman confirmed the contents of the letter and said the company already had agreements covering more than 95% of data access requests.
The deadline is the latest move in the bank’s effort to transition fintechs and data aggregators to what it has said is a more secure way of accessing customer data.
Fintech startups, such as those that offer budgeting apps or digital wealth management, usually connect to a user’s bank account to gather the necessary data to provide their services. Some gather the data through aggregators such as Yodlee and Plaid, which is in the process of being acquired by Visa Inc <V.N>, while others request that customers provide their password.
Through JPMorgan’s new method, fintechs will not be able to use customers’ passwords to access their entire financial data, but will instead connect to a set of bank programming code known as an API, that grants access only to limited account information authorized by the consumer.
The transition comes as large banks and fintech companies globally tussle over data-sharing. Banks have said their wariness to grant access to third parties stems from a need to protect highly sensitive information, such as transaction history and income.
Fintechs have been skeptical, arguing that it should be up to consumers, not banks, to decide what companies can look at that information.
JPMorgan said earlier this year that it was preparing to crack down on the use of customer passwords for data-sharing purposes, and had been discussing another method to access information since 2016.
However, some startups said they were surprised by the stringent requirements and strict deadline in the letter, according to one fintech source.
“We’ve been working on this with aggregators and fintechs since 2016 because our secure API is the best way to help our customers make smart money decisions more easily and safely,” Paul LaRusso, managing director of digital platforms at Chase, said in a written statement to Reuters.
The bank said companies that have agreed to JPM’s terms would be able to continue accessing customer data using existing tools, provided they have a concrete plan in place to move to the new method and are making progress toward that goal.
“Customers can still use their favorite apps and websites while these companies migrate to our API,” LaRusso said.
JPMorgan’s new policy could drive more fintechs to work with data aggregators that already have agreements with the bank, such as Plaid, said Sam Maule, managing partner for North America at fintech consultancy 11:FS.
“But most consumers won’t really notice any change,” Maule said.
(Reporting by Pete Schroeder and Anna Irrera; Editing by Michelle Price, Daniel Wallis and Tom Brown)