JPMorgan says fintech middlemen like Plaid are ‘massively taxing’ its systems

JPMorgan Chase says fintech middlemen — the companies that have helped a new generation of financial apps connect with traditional checking accounts — are flooding the bank’s systems with unnecessary data requests.

“Aggregators are accessing customer data multiple times daily, even when the customer is not actively using the app,” a JPMorgan systems employee wrote last week in an internal memo to retail payments head Melissa Feldsher. “These access requests are massively taxing our systems.”

Of 1.89 billion data requests from middlemen hitting JPMorgan’s systems in June, only 13% were initiated by a customer for transactions, according to the memo, which was seen by CNBC.

The majority of data pulls, known as API calls, were for purposes ranging from helping fintech companies improve their products or prevent fraud to other efforts including harvesting data for sale, said a person with knowledge of the memo who declined to be identified amid talks between JPMorgan and the fintechs.

JPMorgan, the biggest U.S. bank by assets, is preparing to charge the middlemen new fees for access to systems that it says are increasingly costly to maintain. Negotiations between JPMorgan and the fintech middlemen are ongoing, but the new fees could start as soon as October, said people with knowledge of the matter.

The bank’s move could lead to upheaval in the fintech ecosystem, which flourished as aggregators including Plaid and MX connected traditional banks with newer arrivals. The API access had been free for years, which enabled the fintech upstarts to offer accounts with no-fee checking or trading services.

The situation changed in May after the Consumer Financial Protection Bureau filed a motion in support of a banking industry lawsuit seeking to end the so-called “open banking” rule.

That rule, finalized by the Biden-era CFPB in the waning months of that administration, mandated that banks had to provide data to authorized parties for free. A week after the rule’s passage, JPMorgan CEO Jamie Dimon called on bankers to “fight back” against what he said were unfair regulations.

News this month that JPMorgan was planning to charge for customer data, first reported by Bloomberg, led to accusations from venture capital investors and fintech and crypto executives that JPMorgan was engaging in “anti-competitive, rent-seeking behavior” by putting up paywalls to customer data.

But JPMorgan says it bears the rising costs from maintaining the infrastructure needed for the surge in volumes, as well as elevated fraud claims linked to payments made in the fintech ecosystem.

The total volume of API calls received by JPMorgan has more than doubled in the past two years, according to the memo.

Transactions involving money sent over electronic ACH transactions were 69% more likely to result in fraud claims if they involved data middlemen, according to the memo.

JPMorgan saw about $50 million in fraud claims from ACH transactions initiated through aggregators, a figure the bank expects to triple within 5 years.

Among the 13 fintech companies tracked in the bank’s memo, more than half of all June activity, with 1.08 billion API requests, came from a single company. Though the firms aren’t named, CNBC has learned that the largest player represented in the data is Plaid.

JPMorgan’s data show that just 6% of Plaid’s API calls were initiated by customers.

Plaid said in a statement to CNBC that this figure “misrepresents how data access works” because all activity begins when customers grant permission to fintech companies when they sign up for accounts. Of course, many customers don’t closely read the lengthy “Terms and Conditions” pages that contain data-sharing disclosures before opening new accounts.

“Calling a bank’s API when a user is not present once they have authorized a connection is a standard industry practice supported by all major banks in order for consumers to get critical alerts for overdraft fees or suspicious activity,” Plaid told CNBC.

Plaid also said that JPMorgan’s claims of higher fraud among aggregators were “misleading,” though it didn’t elaborate.

“It is not surprising that the volume of data access is increasing alongside demand from consumers for financial tools that are smarter, faster, and more tailored to their needs,” Plaid said.

“To be clear, we believe it is essential that the data sharing ecosystem works for everyone, including consumers, fintech developers, and financial institutions – many of whom leverage open banking in their own products,” the company said.

The proposed fee schedules circulated by JPMorgan could result in Plaid paying $300 million in new annual fees, according to a Forbes report.

The rest of the companies tracked in the JPMorgan document are far smaller entities; only four other middlemen registered more than 100 million monthly API calls.

If the Biden-era “open banking” rule is struck down by the courts, the main question is not whether the middlemen will have to pay for data, but how much they will have to pay.

The back-and-forth between JPMorgan and the middlemen is a private process, spilling into public view, to arrive at a new reality that is acceptable to all.

JPMorgan has had productive conversations with several data aggregators who acknowledge that they can change the way they pull data if it is no longer free, according to a person with knowledge of the negotiations.

“I think both sides fully acknowledge there are things they could do to right-size call volume,” this person said.