In this final lecture, we will look at some of the risk and
legal issues associated with financial account aggregators.
As the name implies,
these companies allow consumers to aggregate the information from
their various financial accounts including
their assets and bank accounts and brokerage accounts,
to enable them to better see their financial health and receive
advice on alternative ways to save money or manage your finances.
Account aggregators allow consumers to access their information either online or on
mobile devices and some of
the more well-known firms providing the service include Mint and HelloWallet.
While count aggregators certainly provide a convenient service.
They also pose unique risks that consumers should be aware of.
The main risk is that consumers could potentially be more exposed to losses due to fraud.
If a consumer authorizes an account aggregator to access their financial accounts,
and grants the aggregator authority to make transfers,
the consumer may be liable for fraudulent transfers made.
Market participants do not agree about whether consumers using
account aggregators will be reimbursed if
they experience fraudulent losses in their financial accounts.
Some banks have even stated publicly that they may not
reimburse losses from consumer accounts if the consumer
provided his or her account credentials to
an account aggregator if
fraudulent activity subsequently occurs in the consumer's account.
The relevant regulatory agencies don't see eye to eye on this issue either.
In 2017, the Consumer Financial Protection Bureau
issued non-binding guidance which stated that
consumers should have reasonable and practical means to
dispute and resolve instances of unauthorized transactions.
Federal reserve on the other hand,
has suggested that industry stakeholders will need to come to
an agreement on which party bears responsibility for unauthorized transactions.
Another risk associated with account aggregators is
that some firms may hold consumer data without
disclosing what rights consumers have to delete
the data or prevent the data from being shared with other parties.
However, the Gramm-Leach-Bliley Act of 1999,
generally requires FinTech firms and
traditional financial institutions to safeguard
nonpublic personal information about customers.
Because of these risk, several large banks have intervened at
times to limit the flow of information to some account aggregator websites.
This occurred in late 2015,
when several big banks including JP Morgan, Bank of America,
and Wells Fargo express concern as
the aggregator sites could threaten consumers' account security and that
these services overload bank websites at busy times by
requesting updated information about consumer accounts from bank servers.
Well, these concerns may be valid.
It's important to keep in mind that banks also have a competitive incentive not to share
their customers data with tech-savvy FinTech firms who can
potentially utilize the data to provide superior products or services.
To address some of these issues,
several financial institutions have negotiated
contractual arrangements with individual account aggregators.
For instance, in 2017,
JPMorgan Chase and Intuit which owns
mint.com TurboTax and QuickBooks reached an agreement to
allow the bank's customers to check account information on
their technology firms sites without sharing their Chase passwords.
To do this, JPMorgan Chase customers authorized the bank to
electronically share their financial information
with Intuit's financial management sites,
and the data is shared in Application Programming Interface or API.
This eliminates the whole process whereby customers had
to manually enter their Chase passwords into the sites.
As part of the agreement, Intuit agreed not to sell
customer data to third parties which has been a concern of many banks.
As more and more consumers continue to enjoy and
demand the convenience provided by account aggregators,
expect to see similar types of agreements between
aggregators and banks to become commonplace.