Category: 3. Business

(Reuters) -JPMorgan Chase has secured deals that will ensure it receives payments from fintech companies for access to its customer bank account data ​by third-party apps, CNBC reported on Friday, citing sources familiar with ‌the matter.

The agreements were struck with data aggregators including Plaid, Yodlee, Morningstar and Akoya, Drew Pusateri,‌ a JPMorgan Chase spokesperson, told Reuters.

Data aggregators are intermediaries who link banks with fintech firms. They previously accessed customer account data from banks such as JPMorgan without paying for it, enabling fintech apps to offer services like budgeting and payments – an arrangement that drew ⁠criticism from lenders concerned about data ‌security and fair compensation.

“The free market worked. After productive conversations with our aggregator and fintech partners, we’ve come to agreements that ‍will make the open banking ecosystem safer and more sustainable – and allow customers to continue reliably and securely accessing their favorite financial products,” Pusateri added.

The deals follow weeks of talks between ​the largest U.S. bank and the aggregators, with JPMorgan agreeing to a ‌lower fee than initially proposed and fintech intermediaries securing concessions on how data requests are handled, the CNBC report added.

The Consumer Financial Protection Bureau’s (CFPB) “open banking” rule, introduced last year under the Biden administration, set standards for data sharing between fintechs and banks, enabling consumers to move personal financial data between providers at no ⁠cost.

Banks, facing potential losses, swiftly criticized the ​rule, arguing it risked consumer data security and ​overstepped the agency’s authority, while fintech firms welcomed it, saying it would enable secure sharing of consumer data.

The CFPB kicked off a do-‍over of its “open ⁠banking” regulations in August, amid public pressure from fintech firms and crypto entrepreneurs.

The Trump administration had initially sided with a banking industry call to scrap the ⁠regulations entirely, claiming they exceeded the agency’s legal powers, before changing tack earlier in the year,‌ citing “recent events in the marketplace.”

(Reporting by Pritam ‌Biswas in Bengaluru; Editing by Maju Samuel)

AFP via Getty Images

AFP via Getty Images

A leading artificial intelligence company claims to have stopped a China-backed “cyber espionage” campaign that was able to infiltrate financial firms and government agencies with almost no human oversight.

The US-based Anthropic said its coding tool, Claude Code, was “manipulated” by a Chinese state-sponsored group to attack 30 entities around the world in September, achieving a “handful of successful intrusions”.

This was a “significant escalation” from previous AI-enabled attacks it monitored, it wrote in a blogpost on Thursday, because Claude acted largely independently: 80 to 90% of the operations involved in the attack were performed without a human in the loop.

“The actor achieved what we believe is the first documented case of a cyber-attack largely executed without human intervention at scale,” it wrote.

Anthropic did not clarify which financial institutions and government agencies had been targeted, or what exactly the hackers had achieved – although it did say they were able to access their targets’ internal data.

It said Claude had made numerous mistakes in executing the attacks, at times making up facts about its targets, or claiming to have “discovered” information that was free to access.

Policymakers and some experts said the findings were an unsettling sign of how capable certain AI systems have grown: tools such as Claude are now able to work independently over longer periods of time.

“Wake the f up. This is going to destroy us – sooner than we think – if we don’t make AI regulation a national priority tomorrow,” the US senator Chris Murphy wrote on X in response to the findings.

“AI systems can now perform tasks that previously required skilled human operators,” said Fred Heiding, a computing security researcher at Harvard University. “It’s getting so easy for attackers to cause real damage. The AI companies don’t take enough responsibility.”

Other cybersecurity experts were more sceptical, pointing to inflated claims about AI-fuelled cyber-attacks in recent years – such as an AI-powered “password cracker” from 2023 that performed no better than conventional methods – and suggesting Anthropic was trying to create hype around AI.

“To me, Anthropic is describing fancy automation, nothing else,” said Michal Wozniak, an independent cybersecurity expert. “Code generation is involved, but that’s not ‘intelligence’, that’s just spicy copy-paste.”

Wozniak said Anthropic’s release was a distraction from a bigger cybersecurity concern: businesses and governments integrating “complex, poorly understood” AI tools into their operations without understanding them, exposing them to vulnerabilities. The real threat, he said, were cybercriminals themselves – and lax cybersecurity practices.

skip past newsletter promotion

after newsletter promotion

Anthropic, like all leading AI companies, has guardrails that are supposed to stop its models from assisting in cyber-attacks – or promoting harm generally. However, it said, the hackers were able to subvert these guardrails by telling Claude to role-play being an “employee of a legitimate cybersecurity firm” conducting tests.

Wozniak said: “Anthropic’s valuation is at around $180bn, and they still can’t figure out how not to have their tools subverted by a tactic a 13-year-old uses when they want to prank-call someone.”

Marius Hobbhahn, the founder of Apollo Research, a company that evaluates AI models for safety, said the attacks were a sign of what could come as capabilities grow.

“I think society is not well prepared for this kind of rapidly changing landscape in terms of AI and cyber capabilities. I would expect many more similar events to happen in the coming years, plausibly with larger consequences.”

The Chinese government has expressed “extreme disappointment” with the Dutch minister at the heart of a row over chip supply to the car industry.

A spokesperson for the ministry of commerce was responding to an interview by Vincent Karremans on Thursday in which he described the standoff between China and the European Union as a “wake-up call” for western leaders.

The spokesperson said: “China has noted the recent remarks made by Dutch minister of economic affairs Karremans in media interviews. China expresses extreme disappointment and strong dissatisfaction with such remarks that confuse right and wrong, distort facts and persist in a single-minded course.

“The profound lesson this semiconductor supply chain crisis has taught the world is that administrative measures should not be used to improperly interfere with corporate operations.”

Beijing imposed a worldwide ban on exports of chips from Nexperia at the beginning of the October, almost bringing the global car industry to a halt.

Its drastic action followed a decision by the Dutch government to take supervisory control of the Chinese-owned company at the end of September citing economic security issues.

In the interview Karremans said the Dutch government had received intelligence that the Chinese CEO was “moving away intellectual property rights, they were firing people and they were looking to relocate production to China” from its subsidiary factory in Hamburg.

Nexperia is a subsidiary of Wingtech Technology, a Shanghai-listed company, which bought the Dutch chip maker in 2018.

Karremans said he had no regrets about the steps his government took, saying on the basis of the information he had now, he would do it all over again.

But his actions have infuriated China, which instead of entering a bilateral battle on behalf of Wingtech, ordered a global ban on exports of Nexperia chips which are all finished in China.

The spokesperson for the Chinese ministry described a court decision to suspend the Chinese boss of Nexperia as “erroneous” and blamed the export ban directly on the Dutch.

“This unwise and impulsive act, which violates the spirit of contract, is the root cause of the turmoil and chaos in the global semiconductor supply chain,” it said.

A delegation from the Netherlands is travelling to Beijing next week in an effort to find a long-term resolution to the row, with Karremans expected to travel there next month on a pre-scheduled trade trip.

The cyber-attack that closed Jaguar Land Rover factories has pushed the company from profit into a quarterly loss of almost £500m, the carmaker has revealed.

JLR made pre-tax losses of £485m in the three months to 30 September, with production shut down throughout September due to the hack – a brutal turnaround from the £398m profit it recorded in the same period a year earlier, and ending 11 consecutive quarters of profit.

With factories only now returning to full output after a phased restart in October, the total financial impact of the hack on JLR is yet to be quantified.

The hack has been estimated to have cost the wider UK economy up to £1.9bn, and was blamed by the government for dragging down the quarterly GDP growth figures, announced earlier on Friday, to 0.1%.

JLR reported £196m of exceptional direct costs in addressing the hack, including hiring in global IT expertise as it restarted its systems.

The manufacturer confirmed that car production had returned to normal levels, with all plants “at or approaching capacity”, after it closed its plants in the UK and elsewhere immediately after the hack.

The carmaker said that the impact of Trump’s tariffs, which led briefly to a pause in exports to the US and are now set at 10% under the UK-US trade deal, had contributed to the unprecedented losses.

The winding down of the manufacture of older Jaguar models was another factor, JLR said. More than 150 prototypes of its new electric Jaguar had been completed, it added, with testing continuing.

The outgoing JLR chief executive, Adrian Mardell, said: “JLR has made strong progress in recovering its operations safely and at pace after the cyber incident. In our response we prioritised client, retailer and supplier systems and I am pleased to confirm that production of all our luxury brands has resumed.

“The speed of recovery is testament to the resilience and hard work of our colleagues. I am extremely grateful to all our people who have shown enormous commitment during this difficult time.”

Mardell, who will hand over to ex-Tata Motors chief financial officer, PB Balaji, said JLR was poised to deliver the outcome of “an extraordinary period of British design and engineering”, with the arrival of the new electric Range Rover and Jaguar models, whose launch has been delayed until at least 2026.

The JLR chief financial officer, Richard Molyneux, declined to confirm a launch date, adding: “We will launch it when it is perfectly right.”

He said the investigation into the cyber incident was still live, and the company was continuing to work closely with law enforcement agencies.

JLR had been able to process some sales and registrations manually in September, which is normally the car industry’s busiest month. Molyneux declined to put a single figure on the financial impact of the hack, adding: “Some of the volume we will get back, some we will not.”

skip past newsletter promotion

after newsletter promotion

But he said the company had “used the downtime wisely”, including accelerating development and testing work for electrification.

The wider supply chain was also severely affected. The business secretary, Peter Kyle, on Thursday rejected criticisms from some in the car industry that the government had not provided help to companies in JLR’s supply chain.

The government offered JLR a guarantee on a loan facility worth up to £1.5bn. However, the Guardian revealed that JLR has not drawn down any of the money.

Molyneux said JLR had so far drawn down £500m from a separate £2bn bank facility it had earlier agreed.

Kyle said the guarantee “gave the space for JLR to focus on resumption and not constantly just panic about money”, but added that it should be responsible for helping its suppliers. He added that “any company in the supply chain that is in extreme distress and is not being supported by JLR should contact my department”.

JLR has paid upfront for parts from 56 suppliers in an effort to prevent a cash crunch.

Two separate consultations have been launched on how inflation is adjusted annually for the Renewables Obligation (RO) and the Feed-In Tariff (FiT) schemes by the UK government’s Department for Energy, Security and Net Zero (DESNZ).

The RO has incentivised UK renewable electricity generation since 2002 via a system of tradable ‘Renewables Obligation Certificates’ (ROCs).  Although the RO scheme closed to new projects completely in 2019, generators will continue to receive payments until they come off it in a decade-long transition period starting in 2027.

Three separate but complementary RO schemes cover the UK. The UK government is responsible for RO legislation in England and Wales, while Holyrood and Stormont are responsible for the legislation of their respective schemes, all of which come under the administration of regulator Ofgem.

Meanwhile the FiT scheme ran between 2010 and 2019 to support small scale electricity generation (up to 5 MW), with a view to helping organisations, businesses, communities and individuals via solar PV, onshore wind, hydropower, anaerobic digestion, and microcombined heat and power (less than 2 kW). It provides fixed payments for the electricity they generate and export to the grid, with support continuing to be provided to generators until 2043.

But as part of a UK-wide drive to cut energy bills for consumers, DESNZ is running consultations into how to decrease costs of both schemes – including shifting how inflation increases are calculated by using the consumer prices index (CPI) instead of the retail prices index (RPI).

Ronan Lambe, a renewable energy expert at Pinsent Masons, explained this change could undermine confidence in the schemes from both consumers and energy generators.

“The changes under consultation are likely to be seen by the developer and investor community as a moving of the goalposts by the government,” he said.

“If implemented, the changes would have significant impact on the economics of existing projects, not just a reduction in the value of FiT or ROC revenue. Many projects will have ongoing operating expenses, the cost of which is indexed in accordance with RPI. If project revenues no longer attract RPI indexation, there’s an immediate mismatch between operating expenses and project revenues.

“While reducing electricity bills for industry and domestic consumers is a laudable aim, it shouldn’t come at the cost of reducing confidence in the UK as a destination for key energy investments.”

CPI has been used since 2003 as the official way to measure inflation, tracking the change in costs of goods and services annually, and tracks the prices of items in a representative shopping basket of household items. RPI, however, uses a different formula to calculate inflation rates, and also includes household costs such as council tax or mortgage repayments, which means it usually tracks higher than CPI figures.

A move to using the CPI for the ventures would bring them into line with other schemes, such as the government’s Green Gas Support Scheme.

Martin McGuinness, an energy expert at Pinsent Masons, said any potential switch to the previous agreed terms for either or both schemes could have longer term repercussions.

He added: “Although these consultations are not too much of a surprise following the focus on reducing bills and the terms of the recent Green Gas Support Scheme, it remains to be seen whether generators and their backers will accept this shift without putting markers down, whether in terms of strongly worded consultation responses or even legal challenges.

“Any adverse impact on forecasted revenues could be difficult to forget among the generator and investor communities.”

The RO consultation runs until 28 November, with the FiT one open until 12 December.