Securities Association Announces Fintech Guidelines
SIFMA’s Data Aggregation Principles follow reports from government agencies about potential data-security threats for customers sharing financial information online.
Following up on concerns from federal agencies that data-collection practices from financial firms involving new technology may put consumer information and privacy at risk, the leading securities industry association has announced its own guidelines.
Last week, the Securities Industry and Financial Markets Association announced its Data Aggregation Principles, a brief set of recommendations designed to help financial firms “provide customers with secure access to their financial information, while maintaining the security and integrity of their members’ systems.”
SIFMA’s action was motivated in part around the U.S. government’s increasing attention to “fintech”—the use of technology by banks and other financial institutions to provide services, as well as cryptocurrencies—and to consumers’ ability to control the personal data such firms use. Last October, for instance, the Consumer Finance Protection Bureau (CFPB) released a set of guidelines on fintech, noting that “that while consumer-authorized data sharing promises great benefits to consumers, there are many consumer protection challenges to be considered as these technologies continue to develop.”
And last month, the Government Accountability Office issued a report on how best to regulate fintech, noting that while “fintech products pose similar risks as traditional products…their risks may not always be sufficiently addressed by existing laws and regulations.”
SIFMA’s principles are a way for the association to announce its own concerns about the issue directly to the public, according to Melissa MacGregor, SIFMA managing director and associate general counsel. “We wanted to get the word out in a consumer-focused way, educating the general public on what these services are and how they can impact their data security,” she said.
The guidelines, which address issues regarding sharing customer information with third parties, customer consent, and data protection, were created by a working group of approximately 30 representatives of SIFMA members, according to MacGregor. Following the CFPB announcement, the SIFMA working group spent two months working on its own principles, which were approved by the board in January.
SIFMA’s statements on the new principles reflect its awareness of government attention to fintech issues and include some direct responses to its findings. For instance, SIFMA announced that it was encouraging member firms to pursue secure, API-based tools for gathering customer information and getting consent for sharing it, rather than having customers provide information to third-parties separately—a process called “screen scraping” that the CFPB has criticized.
“The goal of the principles is to provide customers with safe and secure access to their data and protection of their account information, along with assurances that data aggregators adhere to the same data and security standards followed by regulated financial institutions,” said SIFMA president and CEO Kenneth E. Bentsen Jr. in a statement.
(scyther5/iStock/Getty Images Plus)