SIFMA issues guidelines for using data aggregation

Principles are designed to allow safe access to financial data and ensure that aggregators follow the same security standards as financial institutions

Apr 12, 2018 @ 2:21 pm

By Ryan W. Neal

Technology that can pull together financial data from across the industry is increasingly popular.

Such aggregators give advisers a more comprehensive view of their clients' assets to improve the advice and financial plans they deliver. Aggregation also lets clients view all of their brokerage, banking, retirement plan and credit card accounts in a single location, helping them better understand their finances.

Some of these technologies aren't subject to bank or broker-dealer regulation and standards, though, and the convenience of aggregation has created new security and privacy vulnerabilities.

"As we continue to grow the digital economy, personal data is becoming the most important currency there is, and as an industry we have a responsibility and obligation to protect our clients' data," Lisa Kidd Hunt, executive vice president of business initiatives at Charles Schwab & Co. Inc. and chair of the Securities Industry and Financial Markets Association, said in a statement. "Our ability to capture information and data has never been easier, and our responsibility to protect it has never been more essential."

SIFMA released new guidelines Thursday on how member organizations should work with data aggregation. SIFMA CEO and president Kenneth Bentsen Jr. said the four data aggregation principles "provide customers with safe and secure access to their data and protection of their confidential account information, along with assurances that data aggregators adhere to the same data and security standards followed by regulated financial institutions."

(More: SIFMA makes client-data safety a top priority)

First of all, the guidelines say customers can use third parties to access their financial account data, and SIFMA members believe the access should be safe and secure.

Customers should not have to share their account IDs or passwords with third parties. They should be assured that anyone accessing account information will keep it safe and follow the same security standards following by financial institutions, and take responsibility for any data they receive and provide to others.

SIFMA recommended that financial institutions provide a clear and conspicuous explanation of how a third party will access or use the data. Customers should consent affirmatively before aggregation begins and be able to withdraw consent easily and at any time with confidence that third parties will delete and stop collecting data.

Finally, SIFMA provided guidance on the scope of data access and use. Data on holdings, balances and transaction information are OK to share with third parties, while other nonpublic or confidential personal information is not. Account activities like third-party trading, money movement, client verification and other services beyond account data aggregation should have separate agreements.

SIFMA also encouraged firms to move away from "screen scraping" technology, which requires users to submit log-in credentials so an aggregator can access the account and automatically pull data from the financial institution's website. The practice increases the potential the data can be stolen in a hack or data breach.

Instead, firms and aggregators should use application programming interfaces, or APIs, that access data directly from the financial institution, SIFMA said, echoing a FINRA alert to investors last week.

David Johnson, the head of Morningstar ByAllAcounts, said the guidelines align well with how his team approaches data aggregation. Mr. Johnson said ByAllAccounts works with financial institutions to develop safe ways to share customer information, and collaborates with other aggregators like Yodlee and Quovo to help the industry understand how the technology works.

(More: Morningstar buys data aggregator ByAllAccounts for $28 million)

"We are all collaboratively working together to have the safest and securest way to show a holistic view of an investor's wealth," he said.

However, Mr. Johnson said there are emerging fintech companies that rely on financial data, but may or may not be using one of the major players in aggregation. These raise big concerns around security, especially when it comes to the movement of money and assets.

"Some firms are not going through the same security and due diligence," Mr. Johnson said. "We are proactively working with these firms, helping them create these API strategies."


What do you think?

View comments

Recommended for you

Upcoming Event

Nov 13


Best Practices Workshop

For the sixth year, InvestmentNews will host the Best Practices Workshop & Awards, bringing together the industry’s top-performing and most influential firms in one room for a full-day. This exclusive workshop and awards program for the... Learn more

Featured video


What can advisers learn from the first female fighter pilot?

Pressure is pressure. Whether you are taking off from an aircraft carrier or dealing with the unforgiving movements of the market, you need to have a plan. Carey Lohrenz, the world's first female F-14 pilot, has some advice for advisers.

Latest news & opinion

Captrust, prominent 401(k) advice firm, ramps up its wealth management business

Captrust wants to grow annual revenue from wealth management to 50% from 30% over the next five years.

Fidelity CEO says zero-fee funds aimed at expanding its universe

Johnson says way to prosper in financial services is 'by building relationships.'

SEC advice rule contains a huge hole

Jay Clayton aims to clear up investor confusion by drawing a distinction between brokers and advisers in the agency's proposed package of revised standards. But where do dual registrants fit?

9 signs it's time to fire your client

Here are signals that a client should be asked to leave, according to experienced financial advisers.

10 years later, advisers still shudder recalling the financial crisis

Historic chain of market events left advisers and investors more skeptical, cautious


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print