Home  »  About  »  FAQ US

Frequently Asked Questions about FDX US

 

What is the Financial Data Exchange (FDX)?
Who is on the board of FDX?
Who can become a member of FDX?
What data standard does FDX support?
What about OFX and other standards used to access financial data? How will they migrate over time?
Will FDX address or propose a liability framework for the financial data ecosystem?
How will FDX impact privacy and transparency of financial data?
What are the Five (5) Core Principles of Data Sharing?
How will FDX impact user permissioning or user control of their data?
When will the FDX API standard be available?
How will FDX interact and comply with General Data Protection Regulation (GDPR) and other privacy laws and regulations?
Is FDX a global organization and how will it interact with other global data standard consortia?
Does FDX certify companies that apply the FDX API standard?
What federal or state regulations impact the FDX API standard?
How will FDX address conflicts that have existed in the past between financial institutions, data aggregators and permissioned parties related to the access of financial data?
How will smaller regional and community financial institutions benefit from FDX?
How did FDX become a subsidiary of FS-ISAC?

 


What is the Financial Data Exchange (FDX)?

The Financial Data Exchange (FDX) is a nonprofit dedicated to unifying the financial industry around a common, interoperable, royalty-free standard for secure and convenient consumer and business access to their financial data. FDX is governed by a diverse board of directors from financial services and financial technology companies involved in account aggregation services. All tiers of membership are given the opportunity to participate in the development, growth and industry acceptance of the developed standard and other objectives through FDX working groups.

FDX exists as an independent subsidiary under the umbrella of the Financial Services Information Sharing and Analysis Center (FS-ISAC), whose mission is to ensure resilience and continuity of the global financial services infrastructure.


Who is on the board of FDX? The FDX board of directors is comprised of financial institutions, data aggregators, permissioned parties and industry groups all within the financial data ecosystem. Each such segment maintains a consistent number of voting seats on the board. The FDX board will oversee and direct all aspects of the development and deployment of the financial data standard and will set other objectives as needed.

Who can become a member of FDX?
Tiered membership opportunities are available to any interested parties within the financial data ecosystem. Most FDX members are stakeholders in the financial services arena and include financial institutions, data aggregators, permissioned parties, financial technology (fintech) companies and non-profit financial industry groups. Specific information about membership tiers, pricing and enrollment can be found on the registration page.


What data standard does FDX support?
FDX supports the FDX API (formerly Durable Data API, or DDA) standard.

The DDA began under the stewardship of the FS-ISAC and offers secure authentication with a restful API for data access to accommodate existing protocols. Upon the public launch of FDX in October 2018, FS-ISAC assigned the DDA to FDX and renamed the FDX API. Some of the largest financial institutions in the U.S. have implemented the DDA/FDX API standard in the last several years. Please also refer to our introduction to Application Programming Interfaces (APIs), the ABC’s of APIs, which is available here.


What about OFX and other standards used to access financial data? How will they migrate over time?
FDX supports broad migration of the industry to a common standard to provide consumers and business a convenient, safe and reliable method to access their financial records. As of July 2019, the Open Financial Exchange (OFX) has joined FDX as an independent working group, with the goal of aligning all users to a single interoperable standard built on the most cutting-edge data specification, security and authentication protocols. All existing implementations of OFX will continue to be supported, and users of OFX will have assistance to migrate to the FDX API standard at an appropriate juncture, such as during a technology refresh. FDX understands that this migration will take time and that other records access methods will continue to be used during the migration.


Will FDX address or propose a liability framework for the financial data ecosystem?
FDX is focused on moving the industry to the FDX API standard that supports interoperability. FDX’s mission and objectives, which are reflected in its operating principles, and the broad adoption of the FDX API standard may further support the development of a liability framework by the appropriate parties.


How will FDX impact privacy and transparency of financial data?
The FDX API standard is fully predicated on consumer and business permissioned access to their financial records. In other words, no financial records will be accessed through the FDX API standard without a consumer’s full permission and control. In addition, FDX has recently laid out the Five (5) Core Principles of Data Sharing in a new white paper, which serve both as operating principles for FDX, as well as guidelines for the financial industry on the essential elements of a secure, transparent consumer-first approach to the sharing of financial data. The Five (5) Core Principles of Data Sharing – Control, Access, Transparency, Traceability, and Security – are derived from and influenced by a diverse group of thought leaders in the financial industry as well as regulatory entities and worldwide standards bodies.


What are the Five (5) Core Principles of Data Sharing?


The Five (5) Core Principles of Data Sharing serve both as operating principles for FDX, as well as guidelines for the financial services industry on the essential elements of a secure, transparent consumer-first approach to the sharing of financial data. 

The Five (5) Core Principles of Data Sharing are derived from and influenced by thought leaders in the financial industry as well as regulatory entities and worldwide standards bodies. They are:

Control: Consumers should be able to effortlessly grant, modify and revoke access to their financial data for applications or services they desire to use.

Access: Account owners should have access to their data and the ability to determine who will have access to their data. 

Transparency: Individuals using financial services should know how, when, and for what purpose their data is used and know who they have permissioned.

Traceability: All data transfers should be traceable. Consumers should have a complete view of all parties that are involved in the data-sharing flow.

Security: Service providers need to ensure the safety and privacy of data during access and transport and when that data is at rest.


How will FDX impact user permissioning or user control of their data?


User control and permissioning of data will be strengthened by the FDX API standard because the financial data ecosystem will finally be unified around a common interoperable data standard rather than a patchwork of data access tools that are often plagued by inconsistent data connectivity, quality and governance. In addition, FDX’s User Experience Working Group is further strengthening control and permissioning mechanisms by developing and providing focus group-tested user experience guidelines, which will make granting, modifying and revoking data access an intuitive, seamless experience.

Akin to the world before the Bluetooth Core Specification allowed wireless devices to seamlessly connect to one another, data standardization will ensure an inclusive and secure environment that empowers consumers to better access data across financial accounts, and use that data to better manage their finances and improve their financial health


When will the FDX API standard be available?


It is available now. You can access the FDX API standard once you become a member. If you are a member, login to your account and navigate to the FDX API.

If your company is not ready to become a member, but you would like to review the FDX API, you can access a copy free of charge (subject to certain terms and conditions). Please visit this page and select “I just want access to the FDX API spec.”


How will FDX interact and comply with General Data Protection Regulation (GDPR) and other privacy laws and regulations?


The FDX API standard provides the tools for secure and reliable financial records access and thus supports best practices for privacy. It is the responsibility of each organization to comply with all government regulations related to privacy. FDX makes no representations that it is GDPR-compliant.


Is FDX a global organization and how will it interact with other global data standard consortia?


FDX is initially focusing on the United States and Canada, but many FDX members are global organizations. Therefore, FDX fully expects to engage with other standards bodies to collaborate on innovation and implementation of best practices.


Does FDX certify companies that apply the FDX API standard?


At this time, FDX does not offer a certification program for the FDX API standard. However, to ensure common technical implementation and interoperability, FDX plans to create a formal qualification and certification program in the future. Prior to being marketed as compliant, or getting access to certain intellectual property rights, products (i.e., programs and apps for consumer-permissioned financial data sharing) will need to be approved by FDX through this program. FDX has established a formal Qualification and Certification Working Group to explore the matter further.


What federal or state regulations impact the FDX API standard?


FDX reflects the commitment of its members to provide secure and reliable access to financial records. The FDX organization is proposing and advocating best practices for consumer transparency and consent in financial data access, which we have laid out in the Five (5) Core Principles of Data Sharing (See above). In short, FDX reflects the industry unifying to adopt consumer protection principals that have been advocated by regulators and government agencies including the July 31, 2018 report on Nonbank Financials, Fintech and Innovation issued by the U.S. Treasury Department.


How will FDX address conflicts that have existed in the past between financial institutions, data aggregators and permissioned parties related to the access of financial data?


FDX is the result of years of work among all parties in the financial records ecosystem.  All the members of FDX are deeply committed to providing value to the businesses and consumers that interact with all the members of FDX. The FDX board believes this unified commitment will serve to resolve previous conflicts that have existed.


How will smaller regional and community financial institutions benefit from FDX?


Financial institutions of all sizes will benefit from the creation of FDX. First, a common interoperable standard will inform the product offerings of technology service providers and offer economies of scale so that even the smallest financial institutions will be able to experience and offer their customers the same data aggregation powered services, tools and protections that are available to larger financial institutions at a fraction of the cost. Secondly, FDX’s open membership structure will allow all financial institutions, regardless of size, to benefit and contribute to the FDX API via FDX working groups where every member’s vote is equal.


How did FDX become a subsidiary of FS-ISAC?


FDX had its origins in early 2017 as a grassroots effort led by financial institutions, financial technology companies and data aggregators that were seeking to find common ground for a secure, consumer-focused data sharing framework. Recognizing the significant progress already made by FS-ISAC’s Aggregation Working Group in the 2015-2017 time period with its Durable Data Application Programming Interface (DDA) standard, FDX became a wholly-owned, independent subsidiary of FS-ISAC in 2018. FS-ISAC assigned all versions of the DDA (now known as the FDX API) to FDX in October 2018 in connection with FDX’s launch.
As a non-profit organization, FDX will implement and oversee this interoperable standard and operating framework, continuing the development, improvement and adoption of the FDX framework. FDX is a logical extension in continuing the efforts began by FS-ISAC, providing the opportunity to designate dedicated resources for ongoing growth, industry adoption and maintenance of the FDX API standard.