SIFMA issues guidelines for using data aggregation

Principles are designed to allow safe access to financial data and ensure that aggregators follow the same security standards as financial institutions

Apr 12, 2018 @ 2:21 pm

By Ryan W. Neal

Technology that can pull together financial data from across the industry is increasingly popular.

Such aggregators give advisers a more comprehensive view of their clients' assets to improve the advice and financial plans they deliver. Aggregation also lets clients view all of their brokerage, banking, retirement plan and credit card accounts in a single location, helping them better understand their finances.

Some of these technologies aren't subject to bank or broker-dealer regulation and standards, though, and the convenience of aggregation has created new security and privacy vulnerabilities.

"As we continue to grow the digital economy, personal data is becoming the most important currency there is, and as an industry we have a responsibility and obligation to protect our clients' data," Lisa Kidd Hunt, executive vice president of business initiatives at Charles Schwab & Co. Inc. and chair of the Securities Industry and Financial Markets Association, said in a statement. "Our ability to capture information and data has never been easier, and our responsibility to protect it has never been more essential."

SIFMA released new guidelines Thursday on how member organizations should work with data aggregation. SIFMA CEO and president Kenneth Bentsen Jr. said the four data aggregation principles "provide customers with safe and secure access to their data and protection of their confidential account information, along with assurances that data aggregators adhere to the same data and security standards followed by regulated financial institutions."

(More: SIFMA makes client-data safety a top priority)

First of all, the guidelines say customers can use third parties to access their financial account data, and SIFMA members believe the access should be safe and secure.

Customers should not have to share their account IDs or passwords with third parties. They should be assured that anyone accessing account information will keep it safe and follow the same security standards following by financial institutions, and take responsibility for any data they receive and provide to others.

SIFMA recommended that financial institutions provide a clear and conspicuous explanation of how a third party will access or use the data. Customers should consent affirmatively before aggregation begins and be able to withdraw consent easily and at any time with confidence that third parties will delete and stop collecting data.

Finally, SIFMA provided guidance on the scope of data access and use. Data on holdings, balances and transaction information are OK to share with third parties, while other nonpublic or confidential personal information is not. Account activities like third-party trading, money movement, client verification and other services beyond account data aggregation should have separate agreements.

SIFMA also encouraged firms to move away from "screen scraping" technology, which requires users to submit log-in credentials so an aggregator can access the account and automatically pull data from the financial institution's website. The practice increases the potential the data can be stolen in a hack or data breach.

Instead, firms and aggregators should use application programming interfaces, or APIs, that access data directly from the financial institution, SIFMA said, echoing a FINRA alert to investors last week.

David Johnson, the head of Morningstar ByAllAcounts, said the guidelines align well with how his team approaches data aggregation. Mr. Johnson said ByAllAccounts works with financial institutions to develop safe ways to share customer information, and collaborates with other aggregators like Yodlee and Quovo to help the industry understand how the technology works.

(More: Morningstar buys data aggregator ByAllAccounts for $28 million)

"We are all collaboratively working together to have the safest and securest way to show a holistic view of an investor's wealth," he said.

However, Mr. Johnson said there are emerging fintech companies that rely on financial data, but may or may not be using one of the major players in aggregation. These raise big concerns around security, especially when it comes to the movement of money and assets.

"Some firms are not going through the same security and due diligence," Mr. Johnson said. "We are proactively working with these firms, helping them create these API strategies."


What do you think?

View comments

Recommended for you

Upcoming Event

Oct 23


Women Adviser Summit - San Francisco

The InvestmentNews Women Adviser Summit, a one-day workshop now held in four cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Featured video


I am a professional woman, not a woman professional.

How Bella Allaire's upbringing in the Soviet Union actually helped her rise to the top, and her wish for women everywhere.

Latest news & opinion

Trump tax plan making dividend ETFs hot

Funds that are seeing inflows largely steer clear of sectors like utilities.

Wells Fargo Advisors continues to see a decline in brokers

Company also set aside $114 million over fees for rich clients.

Morningstar to replace funds in its managed portfolios with nine of its own

New sub-advised funds, offered exclusively through financial advisers, are intended to lower costs and provide 'greater flexibility.'

Average client assets top $2 million for first time

Charles Schwab's latest RIA Benchmarking Study reports organic growth is driving increased AUM and revenues.

Merrill Lynch launches fiduciary dashboard for advisers

Despite death of the DOL fiduciary rule, wirehouse continues to invest in ways to meet best-interest standard.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print