The Financial Industry Regulatory Authority recently issued an “alert” that cautions consumers of the risks associated with sharing financial information with companies using account aggregation services. These threats, such as cyber fraud and identity theft, are real so consumers should be cognizant of how firms aggregate their data. Brokers and financial advisors using aggregation also have a responsibility to vet their vendors to make certain they hold themselves to the highest information security standards, and both financial firms and aggregators should collaborate to obtain the clearest possible consent from consumers whenever data is exchanged to ensure that end clients know exactly who has access to what information and for what purpose at all times. However, the alert fails to acknowledge the myriad ways in which data aggregation enables brokers, firms and FINRA to better protect investors on multiple levels.
In the 2018 annual letter announcing FINRA’s priorities for the year, “suitability,” or ensuing that advisors act in investors’ best interests, was a focal point of the list (as it has been for the past several years). Account aggregation enables advisors to meet this suitability standard by providing a rich, holistic view of a client’s current financial situation and past behavior. As a result, advisors can analyze that information to make sound assessments about the suitability of products for their clients, and for advisors, such as registered investment advisors, who hold themselves to a true fiduciary standard, that complete the picture of a client’s finances is critical for accurate advice. With or without the fiduciary rule, account aggregation is still necessary for advisors to effectively and responsibly serve their clients. FINRA should acknowledge these benefits as they continue to release guidance on the issue.
Advisors don’t just use data aggregators to learn about their clients; firms actually utilize these services to meet FINRA compliance requirements. Under FINRA Rules 3270 and 3280, all registered representatives are required to notify their compliance officers of their outside business activities and private securities transactions that could impact the products they sell to their clients. To meet reporting requirements, firms collect the information on advisors’ investment holdings, often using account aggregation providers to access and manage this data in a more timely and accurate fashion. The fact that account aggregation actually enables compliance with FINRA’s own regulations should also be highlighted by the organization.
FINRA’s alert also proposes that investors should seek firms that use an aggregation service provider that deploys secure application programming interface connections to financial institutions, instead of providers “scraping,” or using bots to collect information. While institution-built APIs are an ideal standard to work toward, the industry has a lot of work to do to meet that goal. Most financial institutions still lack their own APIs to directly share data with third-party providers. It is not feasible to expect small, or even middle-market, financial institutions to develop such infrastructure when the biggest banks are still working to develop their own APIs and to establish data-sharing partnerships with aggregation providers.
Sharing financial data is not inherently dangerous. In fact, access to data has become more important to consumers over the past decade. Despite the growing importance of connecting to financial accounts so consumers and their advisors can make smarter financial decisions, most regulators have been reticent to speak about it. In addition to FINRA, SIFMA has also weighed in on the issue with the release of their own account aggregation principles this morning. The fact that these two have made statements outlining their positions on account aggregation demonstrates real progress. FINRA’s alert even referenced the Consumer Financial Protection Bureau’s guidelines on aggregators, marking the first time two regulators demonstrated any signs of tacit agreement on the issue. As regulators continue to formulate a position and collaborate on the issue, they should consider and promote the positive impact of account aggregation for their own agencies, advisors and, most importantly, consumers.
Lowell Putnam is co-founder and CEO of Quovo, Inc., a data science platform optimized to extract, manage and analyze financial portfolio data.