Opening up their APIs gives both powerhouses the ability to share data while also making it more secure -- it also puts them back in the driver's seat in choosing who gets it.

May 29, 2020 — 4:45 AM by By Lisa Shidler

Brooke's Note: In retrospect it's a wonder it took so long for Fidelity, Schwab and other big financial firms that hold virtual goldmines of client data to try to reap more value from them. In fact, it appears, it has often been just the opposite -- having all that data proved to be a liability as customers, aggregators and competitors "scraped" the data through investor portals. All that non-business server activity is a data security threat that needs to be managed. Nobody we interviewed pretended to know exactly where this is all headed and just how proprietary big firms will become with their data -- and who the winners and losers will be.  All the reasons -- secure, transparent and more reliable network for the entire financial services industry -- that Schwab and Fidelity give for why they are doing this seem like they might have applied decades ago -- yet they are publicizing these plans almost simultaneously in 2020.  What seems clear is that replacing reluctantly supplied "screen-scraped" data with mainlined, permitted, high-quality data is a boost to the overall industry as it moves toward a more digital, friction-free destiny. But that also confers a data-quality advantage that to some extent Fidelity and Schwab enjoyed alone to their competitors. But we know that firms that embrace open architecture tend to win in the longer term -- giving away small advantages to gain much larger ones down the road. Watch for those advantages to bear fruit as we all get hooked on this better flow of data that is still more theirs than ours.


Charles Schwab & Co. and Fidelity Investments have finally taken action against "screen scrapers" largely by piping them better data that obviates the need to siphon it intrusively.

For the first time, the San Francisco and Boston RIA custodians and retail brokerage giants will openly share data with aggregators -- and competitors  like Envestnet-owned Yodlee--as well as each other.

To do so, both firms have signed partnerships with a several large collectors of investor data, giving them direct access through specially created software doors -- so-called application programming interfaces (API).

The initiatives are arguably a larger victory for data recipients but Schwab and Fidelity win, too.

Because aggregators and investors will no longer have the incentive to hack data through the password-protected consumer portal, potential security holes get filled and a virtuous circle of data standardization in access and use advances.

But the firms' decision to share data is also a concession to data pirates, albeit ones that the custodians can choose to work with.

After decades of lifting data through screen-scraping, aggregators are getting what they always wanted -- data in a direct feed.

"Most financial institutions have resisted the adoption of data sharing APIs ... [because] with uncertain upside and return on investment ... many felt it was not financially viable" says Bill Winterberg, founder of, via email.

"[Today, however] the industry is moving to reduce, and eventually, block screen scraping activity, and instead direct all that customer data access through the institution's API."

Data detente

The APIs solve another potential security breach -- screen scrapers who download data in unencrypted form.  APIs that use end-to-end encryption.

Bill Winterberg
Bill Winterberg: Most financial institutions have resisted the adoption of data sharing APIs.

Not only are the two giants both willing to make their data available for held-away viewing, but it results in a more direct data detente among themselves.

Fidelity owns financial planning software vendor eMoney Advisor, which depends on data collection, and now eMoney is one of three data aggregators partnering with Schwab, Yodlee and Intuit.  See: Jeff Mello is latest to join eMoney's talent exodus.

It's the beginning of a process to wrest back control from aggregators, says Schwab spokesman, Peter Greenley, via email.

"Our API will ... be made available to multiple types of platforms ... [and]  this enhances Charles Schwab’s ability to ... provide an alternative to the process of 'screen scraping,' by which third-parties access valuable client data using the clients’ own log-in credentials."

It's a necessary step, says Fidelity CEO, Abby Johnson in a release.

"[We] are now joining with several financial institutions to accelerate the availability of a secure, transparent and more reliable network for the entire financial services industry."

Play for control

Schwab's and Fidelity's decision to lower their data drawbridges puts them in the same league as Morgan Stanley, which has a long-standing API-based data-sharing deal with Yodlee and JP Morgan, which has deals with Yodlee, Finicity, Plaid and Intuit. See: Envestnet cautions about Yodlee subscription 'headwinds'.

Joel Bruckenstein
Joel Bruckenstein: Both firms are trying to provide greater client control.

The process -- altruistic on one level -- is underpinned by a calculated play for control data control longer term and choose the de facto winners

They can share what data they want to share, control the process and shut out anyone who doesn't accept their terms.

In theory, aggregators that don't get all the data they ask for could revert to scraping, but the big custodians could then threaten to withhold the API data feeds to discourage it.

Indeed, in May 2018, aggregators, including ByAllAccounts tried to pre-empt such an eventuality by banding together to form a data gathering code of conduct, SODA.

On May 19 this year, Plaid announced its intention to become the builder of data aggregation APIs for banks. See: Envestnet quietly deals rivals to placate big banks and their latent threat of 'oblivion' in response to 'screen scraping'

Two approaches

By choosing which firms they directly share data with, Fidelity and Schwab also benefit from restricting access to client passwords. 

Stuart Rubinstein
Stuart Rubinstein: [Data sharing] must be done in a safe and transparent manner.

"Using APIs brings a more secure, client-controlled authentication process to our clients," says Greenley.

"APIs are a best practice in the industry and take a token-based approach, which enables clients to authorize third parties to download requested account information on their behalf in an encrypted form, without storing their usernames and passwords."

Although Fidelity and Schwab are opening up troves of client data, their approach differs.

On Apr. 15 -- the day it announced earnings -- Schwab revealed it would share data directly through its API network with selected aggregators. See: Charles Schwab spends an extra $27 million on staff amid Covid-19, $37 million spent to keep three M&A deals chugging ahead.

In contrast, Fidelity has chosen to use a spun-off subsidiary, Akoya, to provide its data to aggregators. Fidelity founded Akoya in 2019, and revealed its decision to spin off the firm on Feb. 20.

As part of the move to make Akoya independent, Fidelity sold stakes in the firm to 11 of its major users, including Bank of America; Capital One; Citi; JP Morgan; TD Bank, Trust, U.S. Bank, and Wells Fargo & Company.

Inching closer

Both Schwab and Fidelity could even end up working together in the future, since neither firm has ruled out partnering through Akoya.

Eric Clarke
Eric Clarke: It’s great to see Schwab and Fidelity pioneering the way.

"They are another central platform in the data aggregation space that could be another consumer of the Schwab API. But as of today, we have signed agreements with the announced firms [only]," Greenley explains.

When asked about a potential partnership with Schwab, Stuart Rubinstein, CEO of Akoya, also said his firm would be open to working with Schwab. See: Fidelity Investments takes another leap into the future.

"Several firms have entered into similar agreements and we applaud and support those efforts. Akoya stands as an industry network to assist those firms to implement their connections," he explains, via email.

"We are also working with many others to enter into data access agreements and facilitate the movement of the data in a safe, secure, and transparent manner."

Greenley insists Schwab's April decision to share its data was in no way a reaction to Fidelity's similar move in February.

"Our announcement... about the agreements with these three financial technology companies was not made in response to other peers in our industry. We made these agreements to further ensure our clients' valuable financial data is protected," he says.

Huge challenges

The core issue with screen scraping is the need for individual login credentials to rip data directly from a bank or brokerage account. Screen-scraping also relies on maintaining databases of millions of remotely stored passwords.

Legislators don't like it because customers have to share their passwords, increasing the risk of fraud.

Banks don't like it because it's a security risk and it gives firms -- for free -- more data than they want to share.

Aggregators hate it for the poor quality data it provides.

It's hugely problematic, says Johnson. "Consumers’ personal financial data should only be accessed with their explicit consent, and they should have the ability to monitor and revoke that access."

Schwab and Fidelity are on the right track, says Joel Bruckenstein, who runs the T3 conference. "I think both firms are trying to provide greater client control, transparency, and improved cybersecurity."

"This is a good trend," agrees Eric Clarke, founder and CEO of Omaha, Neb.-based Orion Advisor Services, via email.

"It’s great to see Schwab and Fidelity pioneering the way. Whatever these companies can do to provide more security across the data and verify it's being shared with trusted sources is wonderful."

Nevertheless, the two firms' steps still represent tiny fish in a giant sea, counters Winterberg.

"This is a huge challenge in the industry, given that there are roughly 20,000 financial institutions of all kinds ... that customers collectively use in the United States, and many customers [do not] want ... to log into a dozen different websites to view their own financial data."

Brave new world

Data is a big business in the RIA arena, a fact evinced by Visa's recent foray into the wealth management business.

In January, Visa agreed to buy the data aggregation vendor, Plaid, for $5.3 billion as part of a bet that the market is set to grow like gangbusters. The deal is expected to close in late Summer. See: Visa gambles $5.3 billion that Plaid will pay Big Data dividends while big-footing Envestnet-Yodlee and beating back fintech banking competitors.

Other notables in the data game include Yodlee, Finicity, and Morningstar-owned ByAllAccounts. Another is Quovo, which Plaid acquired in Jan. 2019. See: Plaid, valued at $2.65 billion, makes $200-million snack of Quovo -- albeit defensively -- and creates Yodlee super-foe.

Moreover, many firms such as, Personal Capital and Tiller gained prominence on the back of third-party aggregation. These firms rely on collected and sorted financial data to present clients with insights about their personal finances. See: JPMorgan's reported balk on Personal Capital bid is latest Covid-19 M&A infection as Yodlee, Brinker, Orion sale claims also fade from the radar.

This kind of data-sharing is especially important for advisors who are fiduciaries, says Clarke.

"The bigger story, to me, is if you are a fiduciary, you must absolutely and fundamentally have the full picture of the clients' network situation.

"In order for advisors to be able to have that information at their fingertips', they have to use technologies like [aggregation]."

But even this brave new world of aggregators gaining access to custodian data comes with potentially new complications, says Winterberg.

"With thousands of institutions all facing the challenge of building APIs, the industry could also theoretically end up with thousands of API protocols, further increasing friction in the industry, as few banks and institutions would use the same syntax and software code structures," he explains.

"It's a big step forward from screen scraping, [but] it's up to the custodians and aggregation providers to work together to agree on embracing universal naming conventions and labeling standards."

Correction: A previous version of this article had a quotation that stated that changes in JPMorgan's aggregation policy would likely have a negative impact on Morningstar's ByAllAccounts, Tamarac and Orion by restricting their access to JPMorgan data. This information was provided by a senior executive at a data aggregation firm, speaking anonymously, via email.

Since publication, however, Orion has tweeted that it will be unaffected, as it has a direct feed with JPMorgan. Morningstar has also stated that the source's analysis was "absolutely incorrect". The commentary has therefore been removed. Tamarac says it gets its JPMorgan data fed through sister firm, Yodlee, and that that feed to Yodlee was "enhanced" late in 2019.

No people referenced

Related Moves

Envestnet nabs Dani Fava to cross-pollinate semi-autonomous units and reap 'financial wellness' as the end product

The Chicago outsourcer has a massive, partially disconnected arsenal of products that CEO Bill Crager is rationalizing into 'wellness' with yet another new unit.

July 23, 2020 — 1:42 AM

A last lion of the Ned Johnson era, Gerry McGraw, vacates the Fidelity CFO spot for Maggie Serravalli, and makes evident Abby Johnson's 'phenomenal' women strategy

McGraw was credited with steely leadership during the 2008-2009 financial crisis but also bridged the management revamp toward a big bet on what women can do better in the next decade.

June 12, 2020 — 3:52 AM

Behind the scenes, Envestnet's board of directors had much to tussle over before finally subtracting the 'interim' from Bill Crager's CEO title

With Jud Bergman gone at a chairman, a power struggle ensued to fill that spot, and the process dragged when taking the company private came under review

April 2, 2020 — 2:34 AM

Mark Tibergien sets up Ben Harrison to challenge Schwabitrade with a $150 million cut to Pershing's minimum and millions more to develop Veo-busting technology

The CEO suite hand-off in Jersey City pulls a trigger on a plan to bypass Fidelity's and eventually Schwab's custody units by luring disaffected RIAs.

March 11, 2020 — 7:58 AM

See more related moves

Share your thoughts and opinions with the author or other readers.


Stephen Chen said:

May 29, 2020 — 10:26 PM

Thanks - one note Plaid was bought for $5.3 Billion (not million)

brooke southall said:

May 29, 2020 — 10:35 PM

Stephen, Good catch, thank you. (Head of the class.) -Brooke

Stephen Chen said:

May 29, 2020 — 10:45 PM

We are in the midst of leveraging Plaid so this is super relevant. There will definitely be tension around data: Stage 1: aggregators leverage data and fin tech firms innovate around it Stage 2: custodians try to control data and use it as leverage (this article) Stage 3: customers who's data it is - may get control and decide where they want to use it, since clearly they are getting value from aggregation otherwise these 3rd party solutions riding on top of the data wouldn't exist. (we'll see if this happens)

James Moock said:

May 29, 2020 — 11:40 PM

It should be noted that Orion does in fact have a direct feed into JPMorgan so its clients will not be affected by this change. So that anonymous senior exec at the mystery data aggregation firm, would in fact, be wrong.

Frank Trotter said:

May 29, 2020 — 11:44 PM

There are parts of these announcements that at least sound great. Better security, cleaner data, more complete picture. But there are a couple of that make me worry that the custodians are more likely attempting obstrufication. Under this approach they will have the ability to cut off access for any aggregator who they feel allows outside analysis to paint a different picture of holdings than they themselves are selling. I know there will be a few howls but this is the client's data and as such the client should be able to direct who has access with proper disclosure. The term "data pirates" stands out - these are not data pirates but firms or applications hired by a client to provide analysis or make their life easier. Any blockage outside of a genuine desire for better security is against the client's best interests.

Brooke Southall said:

May 29, 2020 — 11:55 PM

Frank, Thank you for your comment and for teaching me a new word. At first I thought obstrufication was like obfuscation's strategery. But then I looked it up and found out you were -- as usual -- a step ahead. -Brooke

Mark Woollen said:

May 30, 2020 — 11:52 AM

Actually... Your intuition about "strategery" was not off base. When you read the posted article you'll realize that the author admits the word is made up... And realize that they meant obfuscation.

Submit your comments: