The recent passing of the SECURE Act and, more recently, reports of improper sale of consumer data by financial data aggregators, have brought attention to the question of data governance and accountability in the Fintech industry.
Financial data aggregation involves gathering data from disparate sources and presenting it in a single, comprehensive view. The power of data aggregation lies in the fact that end-clients gain a complete view of their financial situation, and their financial advisors can serve them more holistically. In eMoney, this means connecting with, and extracting information from, the companies that manage end-clients’ financial accounts and liabilities, or aggregators of that custodial data. This allows us to deliver a consolidated view into accounts in real time, within our Advisor Dashboard and Client Portal.
As a leading data aggregator, eMoney gathers data for the sole benefit for our clients and their end-investors. We are audited over 300 times a year by our clients and always welcome their input into our aggregation and data usage procedures. Accordingly, we follow the following three fundamental privacy tenets in our business:
- To be transparent about how we process data;
- To receive informed consent from the source of the data; and
- To act strictly in accordance with the foregoing two principles.
It’s important to protect the financial data of our end-clients, advisors, and firms; and end-clients should understand how a third party will access, store, and use their data. Because of this, eMoney employs industry best practices in data governance, security, and privacy to manage and secure the data of our end-clients, and the firms and advisors who serve them.
Recognizing that end-clients may not always see the full impact of providing authorization to share data, in 2019, eMoney implemented a comprehensive strategy to secure and manage sensitive data. The Data Governance Program at eMoney is designed to consistently apply the three tenets above to all data received and passed back to third parties through our platform.
As part of developing this program, eMoney performed a comprehensive data contract analysis, started tracking data lineage, and added a number of safeguards across the organization to ensure transparency and accountability. With this effort came the introduction of our Institutional Data Use Policy and Data Access Agreement (DAA), to limit risks associated with data redistribution and to take appropriate precautions with end-clients’ personally identifiable information (PII).
eMoney is now enforcing the requirement of having a signed DAA in hand prior to the externalization of any bulk data that could include PII. The DAA differs from our standard eMoney Client Agreement because delivering this data is a service that we currently provide at no additional charge on behalf of our clients and carries the risk of a third party misusing the data. Our Client Agreement dictates that the terms and conditions relate to appropriate use of the data such as cost, security terms, service level agreements, etc.
The reality is, as technology improves, the question of responsible data use and security will continue to arise. eMoney intends to continue working with clients and partners to improve the advisor and end-client experience. Importantly, eMoney never sells your data to third parties and does not allow its integration partners to do so.
That means we are going to make sure that we know everything about the data in our platform by asking product questions in technical and legal conversations. And we are going to continue to constantly evaluate our product and data use cases to review and respond to data risk.
So, what does this mean for you? It means you and your firm should ask the same questions of your partners as we ask of ours:
- Do we have consent for this use of data?
- How do we ensure enterprise data security?
- Do we have accountability and transparency through data governance?
- Do data license terms reflect how data is used in new products?
And you should take comfort in knowing that all your partners face the same challenges you do. So if they can’t answer your questions, you should ask them why. It’s important to strongly consider whether or not you want to share your customers’ data with these partners.
Remember, it’s your obligation to ensure sure you know where your customer’s data goes.