Some people are worried that the financial services institution they work for will be the only one that isnt offering account aggregation to customers by 2005. But those who arent careful may wind up with something closer to account aggravation.
Aggregation is a relatively new service that promises to deliver single-site consolidation of customers account data. Customers sign up with companies financial institutions like Citigroup Inc. or nonfinancial ones like Yodlee Inc. that offer to combine all of their monetary accounts (banking, investments, insurance, etc.) and other accounts (like airline rewards programs) on one Web site that is accessible with a few clicks.
After reading some incredible publicized projections on the adoption of account aggregation, banks and other financial institutions are lining up to become part of this new paradigm. However, theres much more to offering these services to your customers than just signing an agreement with third-party providers like Yodlee or ByAllAccounts.com.
The field is fraught with strategic, reputational, transactional, and compliance risks. To address them, an organization needs to ensure that its aggregation service addresses the five components of any effective management framework: strategy, organization and governance, policies, processes, and systems.
Strategy: How can I understand if account aggregation is right for my organization? Is account aggregation really what customers want?
Celent Communications estimates that there will be almost 36 million aggregation users in 2004. U.S. Bancorp Piper Jaffray believes that as many as 90 million people will be using the service by 2006.
Its certainly tough to argue with the idea of implementing the service if you believe those projections, but not everyone does. Forrester Research says that only one in six online households expresses an interest in account aggregation.
The many potential benefits of offering aggregation include:
Attracting new customers (Citibank says that 11% of the 50,000 customers who had enrolled in MyCiti.com by November were new to the bank).
Retaining existing customers.
Achieving competitive differentiation.
Expanding the portfolio of services offered to customers.
Identifying potential partnerships.
The question that you need to ask your customers is Do you want account aggregation?
Organization and governance: Do we fully understand our responsibilities and have sufficient resources to pull this off?
The compliance requirements associated with offering aggregation could become quite complex. For example, on March 2 the Office of the Comptroller of the Currency which charters, regulates, and examines national banks and federal branches of foreign banks in the United States issued a bulletin that outlines the risks involved in the offering of aggregation services by national banks and the management controls that are needed for them.
According to the bulletin, aggregation services may raise compliance risks under Regulation E, which governs electronic fund transfers; asset management laws like the Bank Secrecy Act; and privacy provisions of laws like the Gramm-Leach-Bliley Act and the Fair Credit Reporting Act. So you may need the advice of internal or external regulatory compliance experts to ensure that these risks are properly addressed.
How will we measure success and manage performance?
Management needs to regularly evaluate the effectiveness of their strategy, including:
The effects on customer acquisition and retention.
The impact of aggregation on cross-selling efforts.
Any data or system security compromises that may occur as a result of aggregation.
Customer feedback.
Vendor performance.
Any additional benefits produced by the service.
Policies: How does offering aggregation affect our security and privacy policies and disclosures?
Whenever organizations integrate a change into their operations, that change should also trigger a review and update of their policies.
Account aggregation is no exception. Security and privacy policies should be revisited with an understanding of the risks involved in the new service.
In some cases, a financial institutions disclosures (for example, Products are not insured by the FDIC) may not be compiled with the customer account data. Your organization needs to understand if that will violate any specific regulatory requirements. Involve your compliance and legal departments, and involve them early.
Also, institute hiring policies for employees who will have access to sensitive customer account information. Demonstrating that your organization has performed the appropriate level of diligence to ensure a controlled environment will help you sleep better at night.
Processes and systems: How can I best understand what the effects of offering account aggregation services will be on our organizations processes and systems?
Change introduces risk. How can you identify the risks and implement the appropriate process and systems controls to ensure you dont turn a competitive advantage for you into one for your rivals?
One way is to create an account aggregation process flowchart that details the various steps in the process, as well as any supporting systems. The chart can then be used to identify areas where breakdowns could occur, whether unacceptable risks exist, or if the system could produce inaccurate or incomplete customer information.
Here are some controls you may want to consider:
Manage customer expectations by ensuring that your Web sites disclaimers inform visitors that account information may be incomplete or inaccurate. Make sure your customer complaint mechanisms can identify, track, and resolve aggregation issues, and train your call center personnel to handle them.
This type of structured approach will help you cover all the bases. Your organizations risk management or internal audit resources should help you do this.
And if youre using an outside aggregation vendor, look at their systems and controls, too.
For every financial institution that has scored a hole in one on account aggregation, there are others hacking away in the rough. You can improve your chances of reaping the strategic benefits of aggregation by:
Articulating your organizations strategy and business objectives.
Assigning competent resources to the service and holding them accountable for its performance.
Understanding the risks.
Taking a hard look at your policies and adjusting them to address identified risks.
Ensuring that you have implemented the necessary processes and systems to support your objectives.
This will help your organization succeed in account aggregation.
Mr. Pullara is senior manager in PricewaterhouseCoopers LLP's global risk management solution paractice in New York.
