As we announced last year, eMoney is deploying API-based data aggregation to provide clients with a more seamless and secure connections experience.
We’re happy to see that the industry is taking notice of the importance of safe and responsible data aggregation. The recent FINRA alert, for example, urges consumers to understand how data aggregators operate before sharing sensitive information with them. We wholeheartedly agree that consumers need to understand how and where third parties are using their credentials and sensitive information.
Because we are serious about protecting clients’ sensitive data, we follow industry best practices for data management. Where appropriate, we innovate our security measures to protect client data.
Read below to learn more about our data aggregation operations, and see why data aggregation through eMoney is a safe and effective way to present clients with their entire financial situation.
Some data aggregators use client financial information regarding spending habits, income, and other transactional data for advertising. Know that eMoney has never and will never share client data with advertisers. We believe that your clients’ data is private and should always remain under their control.
While our current aggregation standards follow industry best practices, we are always looking to innovate. We continually push ourselves to set new standards. To achieve this goal, we are transitioning from screen-scraping to API-based aggregation.
FINRA: Weigh the benefits of aggregation against the risks of sharing your security credentials. Be particularly diligent when you authorize a third party to facilitate payments on your behalf. Check to assure payments go to the right place.
eMoney: We couldn’t agree more with FINRA’s guidance: It’s important to understand the potential risk of sharing financial information with a third party. eMoney mitigates the risk by securely aggregating data so that advisors and investors can develop informed financial plans based on client data.
Additionally, eMoney does not facilitate payments of any kind on a client’s behalf. In fact, clients can use the Spending tab of the Client Portal to closely monitor and spot unauthorized transactions they might otherwise miss. When this feature is combined with notifications of specific transactions, clients gain a single application through which they can monitor all of their accounts.
FINRA: Read the terms and conditions of any user agreement or contract you sign. Know what rights you are granting with respect to accessing your financial accounts and using your data. For instance, how often are your accounts scraped and what data is collected? Verify that the aggregator will access only the information it needs to provide the desired service to you. Also be aware that there may be charges for certain transactions and services you elect to use.
eMoney: To understand how their data is aggregated, clients should refer to our Terms of Service (ToS) available on the Client Portal. Our ToS state that access granted is for:
We access only the information needed to create the client’s complete financial picture—eMoney charges no fees to the client for this service.
Does (or may) the aggregator share your security credentials and data with, or provide access to your accounts to, another data aggregator or service provider? Does the aggregator sell your data to a third-party entity? If so, are you comfortable with that?
eMoney: We do not and will not sell client data to a third-party entity. Our Terms of Service clearly define how a client’s personal information may be disclosed. Disclosure is limited to the financial advisor and his/her affiliates, our vendors (such as hosting providers and the vendor of the account aggregation service), and as necessary to comply with legal required disclosures. When we disclose client data to our vendors, we only disclose the information needed to provide our services, and we disclose it confidentially.
FINRA: Does the aggregator use encryption when retrieving your data? How long is the data retained? What is the process of purging or disposing the data once you terminate your contract?
eMoney: We fully encrypt production data while in transit. Employing a standard higher than that used by most banks, we encrypt highly sensitive data using the industry-leading AES 256-bit. Data is stored unless an advisor discontinues service with eMoney, at which point, it is completely and irrevocably purged from our systems.
FINRA: What happens if there is a data breach or any unauthorized access to your account? Is there a process in place to notify consumers and financial institutions should a breach occur?
eMoney: We have a robust security incident response plan should we suspect a breach. Our plan includes identification, assessment, remediation, resolution, and notification. All eMoney employees are trained to identify and properly report any suspected breach of confidential information. In the event of a breach, we would coordinate advisors and firms on communications.
FINRA: What type of liability, if any, does the aggregator bear in the event of a consumer loss due to a data breach or unauthorized access? Does the aggregator have the financial capacity or insurance coverage to compensate consumers for loss? Is there a dispute mechanism in place to resolve any issues related to data breaches or unauthorized access?
eMoney eMoney follows standard aggregation industry best practices, including retaining cyber liability insurance coverage. Ultimately, however, the consumer is responsible for any damages due to unreported or unauthorized use of their log-in credentials.
FINRA: How accurate are the scraping algorithms used to collect data from your financial accounts? To find out, you can ask whether the aggregator conducts periodic checks to ensure that it is collecting data and using it accurately to provide the required service. You should also check the data yourself against your primary source accounts.
eMoney: With support from our dedicated data support team, our experts and certified professionals ensure the availability and accuracy of our aggregation data. Any client issues can be addressed through our ticketing system. A support representative will review the connection status and determine whether it can be resolved by eMoney or originates at the financial institution. If the issue can be addressed through our aggregation service they will work to ensure the timely collection and accuracy of the data.
FINRA: Check with financial data providers to find out what, if any, data is delivered to aggregators through an Application Programming Interface (API), which is generally considered a safer alternative than scraping.
eMoney: We employ a combination of screen scraping and API-based aggregation, the industry’s current best practice. As a leading industry innovator, we continuously evaluate and implement the safest and most secure methods of data aggregation to provide the highest levels of service. To that end, we are in the process of adopting API-based aggregation.
FINRA: Do your own online research and due diligence. Look up any reviews, complaints or lawsuits against the data aggregator or the third-party service provider you are contemplating using.
eMoney: We’re committed to providing a seamless and secure user experience. We invite advisors and consumers to review our data security standards, which demonstrate the importance we place on protecting client information. If your clients have questions, or if you’d like to learn more about our security controls, please review our Information Security Controls Overview.
FINRA: Finally, make sure you cancel your account and terminate the access and rights you have granted to the aggregator once you discontinue using the service. Failing to do so may expose your financial information to ongoing security risks. Understand and follow the steps that need to be taken to stop the ability of the aggregator to access your account. This may involve more than just deleting the software application from your computer or mobile device.
eMoney: It’s important that clients remain vigilant about protecting their sensitive data. If a client would like to remove their data from our system, we encourage them to contact their advisor to terminate use of service immediately.
Share these resources with clients to help them understand the state of data aggregation and best practices for managing their connections.
To learn more about eMoney Advisor’s Data Aggregation, check out our recorded webinar, All About Connections, which will step you through the process of managing your client’s connections.
Or watch a recording of our API Transition webinar with CEO, Ed O’Brien to get the full story on our upcoming API-based aggregation methodology.
Questions? Give us a call at 888-362-8482 or send us an email.