Account aggregation is a relatively new service that promises to deliver single-site consolidation of customers' account data. Customers sign up with companies (financial institutions like Citibank and non-financial institutions like Yodlee) which offer to combine all of their monetary accounts and other accounts (such as airline rewards programs) on one Web site, accessible via a few clicks. Banks and other financial institutions are lining up to become part of this new paradigm, based on some incredible publicized projections. By 2005, will yours be the only financial services institution that isn't offering account aggregation services to its customers? There's much more to offering these services to customers than signing an agreement with such third-party providers as Yodlee or ByAllAccounts.com. However, financial institutions must look before they leap, or they may find themselves with something that sounds more like account aggravation. The landscape is fraught with strategic, reputational, transactional and compliance risks. To properly address them, a bank needs to ensure that its account aggregation solution addresses the five components of any effective management framework: Strategy, organization and governance, policies, processes, and systems.It is critical that management consider whether account aggregation is right for its organization, and whether or not it is something its customers really want. If you believe the projections, it's certainly tough to argue with implementing an aggregation strategy. Celent Communications estimates there will be almost 36 million users in 2004. U.S. Bancorp's Piper Jaffray thinks that number is low, and that as many as 90 million people will be using aggregation services by 2006.The benefits of offering these services include:
- Attracting new customers (Citibank maintains that 11% of the 50,000 customers who enrolled in MyCiti.com by November 2000 were new to the bank).
- Retaining existing customers.
- Achieving competitive differentiation.
- Expanding the portfolio of services offered to customers.
- Identifying potential partnerships.
However, not everyone agrees. Forrester Research believes that "only one in six online households express an interest in account aggregation." The question that organizations need to ask their customers is do they really want this new service?Next, management must consider critical factors that come with the decision to offer account aggregation services.
- What is the competition doing? How can the company differentiate its service from the competition?
- What does the organization hope to achieve by offering account aggregation services to its customers? How can success be measured?
- Does the company have the bandwidth and resources to sufficiently focus on this? What's the cost of waiting?
- What will this cost the organization?
- Will the institution be able to keep up with the changes taking place in the way account aggregation services are offered?
- Can the company effectively support account aggregation services with a robust customer relationship management approach?
- How does one select the appropriate third-party vendor? How confident is the organization that it can effectively manage a third-party relationship with an aggregator? How does the company manage the risks inherent in this relationship?
- What is the impact of potential legal and regulatory obligations on the organization's resources?
- Does the institution fully understand the risks involved?
Taking the time to understand how account aggregation fits into an organization's overall strategy and thinking about the potential benefits and risks that come with that strategy are critical first steps. Management should identify someone to be responsible for the initiative. The capabilities required to manage the implementation and operation of account aggregation services will be based on the responsibilities that have been identified. For example, has the organization assigned responsibility for monitoring market and regulatory developments?The compliance requirements associated with offering account aggregation services could become quite complex. For example, on March 2, 2001, the Office of the Comptroller of the Currency issued a bulletin that outlines the risks involved in the offering of account aggregation services, and cited the management controls that are needed.
According to the OCC bulletin, aggregation services may raise compliance risks related to Regulation E, asset management (such as the Bank Secrecy Act), and privacy (such as the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act). So financial institutions may need to involve internal or external regulatory compliance experts to ensure that compliance risks are being properly addressed.
But how can one measure success and manage performance along the way?
To meet objectives, management needs to regularly evaluate the effectiveness of its strategy. Those evaluations should include:
- The effects on customer acquisition and retention.
- The impact of account aggregation services on product cross-selling efforts.
- Any data or system security compromises that may have occurred related to aggregation services.
- Customer feedback.
- Vendor performance.
- Additional benefits received.
Next, management needs to realize how offering account aggregation services will affect security and privacy policies within the organization, in addition to disclosures.Whenever organizations respond to a change driver by integrating it into their operations, that change should also serve as a trigger for reviewing and updating policies. Account aggregation is no exception. Security and privacy policies should be revisited based on an understanding of the risks involved. For example, many aggregation services compile customer account data via a combination of methods including screen scraping and the Open Financial Exchange (OFX) protocol. In some cases, a financial institution's disclosures (e.g., "Products are not insured by the FDIC") may not be compiled with customer account data. So financial institutions should involve their compliance and legal departments and involve them early.Finally, management needs to understand what effects offering account aggregation services will have on the organization's processes and systems.Aggregation services will result in change, and change introduces risk. So how can management effectively identify the risks and implement the appropriate process and systems controls to ensure that a competitive advantage for their organization isn't turned into a competitive advantage for their competitors?One approach begins with the creation of an account aggregation process flowchart that details the various steps, as well as any supporting systems. Management can then analyze the flowchart to identify areas where breakdowns could occur or unacceptable exposures exist. For example, a common risk is that customer's compiled account information is inaccurate or incomplete. Controls that can be considered include:
- Managing customer expectations by ensuring that the Web site includes appropriate disclaimers to inform visitors that account information may be incomplete or inaccurate.
- Ensuring that complaint/problem mechanisms exist to facilitate the identification, tracking, and resolution of customer issues.
- Developing and implementing training for call center personnel.
Remember, if management is relying on a third-party solution to make account aggregation a reality, the third-party's systems and associated controls need to be looked at too.For every bank or financial institution that has signed up to offer account aggregation services to its customers and has scored a hole-in-one, others are hacking away in the rough. Management can improve chances of realizing the strategic benefits of offering account aggregation by:
- Articulating the organization's strategy and business objectives.
- Assigning competent resources and holding them accountable.
- Understanding the risks.
- Taking a hard look at policies, then adjusting them to address identified risks.
- Ensuring that the necessary processes and systems have been implemented to support business objectives.
A structured approach will help ensure account aggregation strategic success.