Account Aggregation is a relatively new service that promises to deliver single-site consolidation of customers' account data. Customers sign up with companies (financial institutions like Citibank and non-financial institutions like Yodlee) who offer to combine all of their monetary accounts (e.g., banking, investments, insurance) and other accounts (like airline rewards programs) on one Web site, accessible via a few clicks.
Banks and other financial institutions are lining up to become part of this new paradigm, based on some incredible publicized projections. However, look before you leap, or your company may find itself with something that sounds more like account aggravation.
The Rewards and HazardsBy 2005, will yours be the only financial services institution that isn't offering Account Aggregation Services to its customers?
There's much more to offering these services to your customers than signing an agreement with third party providers like Yodlee or ByAllAccounts.com. The landscape is fraught with strategic, reputational, transactional, and compliance risks.
To properly address them, an organization needs to ensure that their Account Aggregation solution addresses the five components of any effective management framework: Strategy, Organization and Governance, Policies, Processes, and Systems.
"How can I understand if Account Aggregation is right for my organization?
Is Account Aggregation really what customers want?
If you believe the projections, it's certainly tough to argue with implementing a strategy. Celent Communications estimates that there will be almost 36 million users in 2004. But U.S. Bancorp Piper Jaffray believes that as many as 90 million people will be using aggregation services by 2006.
The many benefits of offering these services include:
Sum Attracting new customers (Citibank maintains that 11% of the 50,000 customers who enrolled in MyCiti.com by November 2000 were new to the bank ); Sum Retaining existing customers; Sum Achieving competitive differentiation; Sum Expanding the portfolio of services offered to customers; and Sum Identifying potential partnerships.
But not everyone agrees. Forrester Research believes that "only one in six online households express an interest in account aggregation." The question that you need to ask your customers is:
"Do you want account aggregation?"
Taking the time to understand how Account Aggregation fits into your organization's overall strategy is a critical first step.
2) ORGANIZATION & GOVERNANCE
"Do we fully understand our responsibilities and have sufficient resources to pull this off?"
The compliance requirements associated with offering Account Aggregation Services could become quite complex. For example, on March 2, 2001, the Office of the Comptroller of the Currency (OCC) -- which charters, regulates and examines national banks and federal branches of foreign banks in the U.S. -- issued a bulletin. It outlines the risks involved in the offering of Account Aggregation Services by national banks and the management controls that are needed in connection with such services.
According to the OCC Bulletin, aggregation services may raise compliance risks related to Regulation E, asset management (e.g., the Bank Secrecy Act), and privacy (e.g., the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act). So you may need to involve internal or external regulatory compliance experts to ensure that compliance risks are being properly addressed.
"How will we measure success and manage performance?"
To meet objectives, management needs to regularly evaluate the effectiveness of their strategy to include:
Sum The effects on customer acquisition and retention; Sum The impact of Account Aggregation Services on product cross-selling efforts; Sum Any data or system security compromises that may have occurred related to aggregation services; Sum Customer feedback; Sum Vendor performance; and Sum Additional benefits received.
"How does offering Account Aggregation Services affect our security and privacy policies and disclosures?"
Whenever organizations respond to a change driver by integrating it into their operations, that change should also serve as a trigger for reviewing and updating their policies.
Account aggregation is no exception. Security and privacy policies should be revisited based on an understanding of the risks involved. In some cases, a financial institution's disclosures (e.g., "Products are not insured by the FDIC") may not be compiled with customer account data. Your organization needs to understand if that will put it at odds with specific regulatory requirements. So involve your compliance and legal departments and involve them early.
What are other policies worth considering? Institute hiring practices for employees who will have access to sensitive customer account information. Demonstrating that your organization has performed the appropriate level of diligence to ensure a controlled environment can help you sleep better at night.
4) & 5) PROCESSES & SYSTEMS
"How can I best understand what the effects of offering Account Aggregation Services will be on our organization's processes and systems?"
Change introduces risk. So how can you effectively identify the risks and implement the appropriate process and systems controls to ensure you don't turn a competitive advantage for your organization into a competitive advantage for your competitors?
One approach begins with the creation of an account aggregation process flowchart that details the various steps, as well as any supporting systems. One can then analyze the flowchart to identify areas where breakdowns could occur or unacceptable exposures exist, such as:
Customer's compiled account information is inaccurate or incomplete.
Here are some of the controls you may want to consider:
Sum Manage customer expectations by ensuring that your Web site's appropriate disclaimers inform visitors that account information may be incomplete or inaccurate. Sum Ensure that customer complaint/problem mechanisms exist to facilitate the identification, tracking, and resolution of customer issues. Sum Develop and implement training for call center personnel.
This type of structured approach will help ensure that you've covered all the bases. Leverage your organization's risk management or internal audit resources to help you do this analysis. Remember - if you're relying on a third party solution to make account aggregation a reality, look at their systems and associated controls, too.
CONCLUSION For every financial institution that has signed up customers for Account Aggregation Services and has scored a hole-in-one, others are hacking away in the rough. You can improve your chances of realizing the strategic benefits of offering Account Aggregation by:
Sum Articulating your organization's strategy and business objectives; Sum Assigning competent resources and holding them accountable; Sum Understanding the risks; Sum Taking a hard look at your policies, then adjusting them to address identified risks; and Sum Ensuring that you have implemented the necessary processes and systems to support your objectives. A structured approach will help ensure your organization's Account Aggregation strategic success.