A new type of vendor service aims to make life easier for bankers who want to assess the risks of working with certain data aggregators.
Several large banks, including Bank of America and JPMorgan Chase, have recently piloted the Streamlined Data Sharing Risk Assessment offered by The Clearing House and the risk-assessment providers TruSight and KY3P. The two companies collect responses from aggregators to hundreds of questions and review their internal documents as well as conduct on-site visits.
The service is intended to produce standard risk assessments of data aggregators like Plaid, Finicity, Envestnet Yodlee and Intuit, which banks can then reference before deciding to forge a data-sharing agreement with one of the firms. Helping banks complete that due diligence is crucial to unlock data securely, better enabling customers to use third-party fintech apps like Venmo and Betterment.
“The new service makes it easier for aggregators to provide information to banks and for banks to assess their risk,” said Paul LaRusso, managing director of digital platforms at JPMorgan Chase.
U.S. Bancorp, Truist Financial, PNC Financial Services Group, TD Bank and Wells Fargo also participated in the pilot. JPMorgan and some of the others have signed on to continue using the service beyond the pilot.
Such services are bound to be in demand as consumers continue to choose to use fintech apps that require their bank account data to work properly. But banks have objected to screen-scraping methods in which third parties log in to customers’ online banking profiles to feed account information to fintech services.
Banks can opt to work with aggregators to share data more securely through application programming interfaces. But working with data aggregators comes with risks as well.
The Clearing House wants to move the banking industry away from screen scraping and toward “an ecosystem where there are agreements in place for API-based data sharing, which we believe is more safe and secure as well as ultimately more transparent to consumers,” said Ben Isaacson, senior vice president at The Clearing House.
Up to now, the vendor risk assessment process has inhibited reaching this goal, he said.
“When you think about the hundreds of questions, documentation reviews and on-site visits, those are very cumbersome for all parties involved,” Isaacson said.
As banks consciously pass data from their own servers to the outside world, they have to ensure that that data is kept secure and private and that the data aggregator won’t do anything that violates customers’ trust. Banks also have to make sure the data aggregators meet basic vendor management risk guidelines set by the Federal Financial Institutions Examination…