One of the most powerful tides rising in the financial services industry is the global shift towards open banking. By 2024, over 130 million consumers worldwide will be engaging with open banking services which promise consumers greater control over their data, but also places responsibility on firms to manage and secure their data effectively.
The European Union passed the Payment Services Directive (PSD2) in 2018, with wide-reaching effects across their financial markets. This year, the United States has started to follow suit with the Consumer Financial Protection Bureau’s (CFPB) consumer data sharing rule (Section 1033 of the Dodd-Frank Act), marking the country’s first move towards an open banking approach.
To many people, sharing their finances with organizations that are not their bank can be unnerving. A survey by ING found that despite the protections offered by PSD2, only 30% of European consumers were comfortable giving their consent to share their data.
New open banking-style legislation is shifting how players engage with consumer data by increasing transparency, access, and client agency. Though almost all financial services firms collect mountains of client data, most are not making the best use of this invaluable resource.
Craig Iskowitz, CEO of Ezra Group, hosted a panel entitled “Data Is Your Most Valuable Asset: Adapting to New Regulations to Drive Better Client Conversations” at the recent Morningstar Investment Conference. The panelists were Tara Unverzagt, President of South Bay Financial Partners and Brian Costello, Head of Data Aggregation Strategy and Governance at Morningstar.
The panel discussed the current state of data aggregation, the impact of open banking legislation, and methods for building trust and data sharing among both clients and advisors.
The Benefits of Data Aggregation
Data aggregation technology correctly implemented can magnify an advisor’s work and take it beyond the scope any one person could achieve on their own. The first account aggregation service Mint.com launched in 2006, and gained 1.5 million users in two years, cementing this holistic view as table stakes for consumers.
“Data aggregation allows advisors to deliver better advice and manage their practice at scale and with speed,” Costello extolled. Bringing together market data and individual data about your customer and their behavior is very powerful, he said.
Unverzagt explained that data aggregation is the only way to get a full picture of a client’s finances. This should include not only their investments, but also cash flow, liabilities, and other financial assets such as insurance and real estate.
South Bay Financial Partners works with clients on improving cash flow and budgeting. One of the tools they recommend is You Need a Budget (YNAB). They also build a financial plan for each client in Right Capital, which uses Morningstar ByAllAccounts for data aggregation.
Many small businesses aren’t profitable and don’t realize it, Unverzagt added. Her firm leverages account aggregation to help these clients improve cash flow, often through more efficient tax planning.
Managing Held Away Assets
Morningstar’s ByAllAccounts aggregates data from over 15,000 sources, bringing together data on clients’ portfolio holdings and spending habits. When it comes to aggregator tools, Unverzagt considers ByAllAccounts an invaluable resource to analyze her client’s portfolios and build holistic and consistent investment strategies.
It is important to be able to view all of a client’s holdings to make holistic investment decisions, according to Unverzagt. Third-party studies have shown that professional management of retirement accounts can increase annual returns by 3.3% on average, net of fees. Over 20 years, this that can lead to as much as 79% more wealth for clients.
Like many advisors, Unverzagt charges a lower fee for advice on held-away assets as she does not have custody and clients have to implement her trading recommendations. As a potential solution for this service gap, Iskowitz suggested that advisory firms look into Morningstar’s recent partnership with Pontera, which allows advisors to directly trade holdings in 401(k) and other retirement accounts.
Beyond retirement funds, Unverzagt listed several other use cases for data aggregation. One is ensuring that cash flow and savings can cover ongoing expenses, which requires visibility into checking and savings accounts. Advisors need to know if the client has enough in their emergency fund cash account, or if they’re expecting this to be pulled from a brokerage account instead. Occasionally, clients will divide their assets between more than one financial advisor, which makes data aggregation critical to ensure that both advisors are working off of the same information and planning cohesively, she noted.
The Issues with Data Aggregation
Data aggregation is a powerful tool, but it isn’t without its limitations. “The way advisors connect to held away accounts is fragile,” Unverzagt emphasized. The function relies on the client providing their credentials, which can be difficult with older clients who are usually less technically adept.
There is no support for different access rights when sharing login credentials with an advisor, Unverzagt noted, as it is an all or nothing affair. In many cases, full access to all accounts and holdings is excessive and it would be more secure to develop a secondary access level that would limit the accounts an advisor, or other trusted third party, would be able to see, she said.
Over the past decade, banks and custodians have added layers of security to protect clients, which have the side effect of interfering with the data aggregation connections. Costello described the common experience of a client signing up for their bank account and receiving a privacy notice asking if the bank can share their data with affiliated and/or unaffiliated third parties who may want to market to them. Seeing this notice, most consumers choose not to share their data. However, since aggregators are considered third parties, the bank now has the power to decide whether to share the client‘s data or not, he said.
New open banking rules in the EU give consumers the rights to all their financial data and require banks to share data with other companies at the consumer’s request. In the United States, this data sharing is voluntary, and the regulations surrounding the system are minimal. Iskowitz cited a survey showing that if the US enacted open banking regulation, 54% of consumers would want to maintain control over their data and only provide consent for specific requests.
Costello explained that in the US, citizens do not have a constitutional right to data privacy — though recent legislation and the consumer data sharing rule has started to change that. However, these laws are still limited in scope and do not cover all of the institutions and data types currently in use.
In the first iteration , only checking accounts, savings accounts, and credit cards will be covered, leaving mortgages, installment loans, retirement accounts, 401(K)s and equity accounts unregulated. In the gaps of government regulation and authority for open banking, third parties are forced to shoulder the risk that banks pass off to them.
This is still a step in the right direction, Costello assured, and the industry should see more reliability in financial planning and budgeting, as well as good custodian connections for traditional asset providers.
Helping Clients Feel More Secure
When it comes to sharing data, Costello sees consumers falling into one of three camps. A small percentage won’t share any data at all, another group will share everything, but the majority sit somewhere in the middle. Most investors want positive outcomes while avoiding risk, but they often lack the information to determine their own risk tolerance.
Unverzagt has observed that consumers are becoming more willing to turn over their digital credentials without adequate concern for who they are giving them to because there isn’t any immediate impact. . “Nothing bad happens, so we keep going,” she mused. Cybersecurity isn’t so different from home security in Unverzagt’s view — we put locks on our doors and accept that they won’t prevent 100% of break-ins, and we do the same (metaphorically) with our personal data.
Alongside this acceptance, Unverzagt emphasized the value of educating clients on cybersecurity to reduce online risk. You’re only as strong as your weakest link, and for a firm’s cybersecurity the weakest link is generally the client.
Scheduling regular security check ups is one of the best ways to improve the safety of client accounts. At South Bay Financial Partners, they utilize automated systems to alert the advisor if client funds are moved without permission.
Iskowitz highlighted that while there are protections for hacking, there are not the same protections or insurance options for social engineering attacks such as phishing. Phishing remains the most common cause of data breaches, and in 2022, financial services were the target of 20% of all phishing attempts.
Many older clients lack digital literacy and can easily fall victim to scams, and there is little that can be done once money has been transferred out of the account. Advisors can use cybersecurity education as a way to strengthen client relationships, increasing client engagement and helping them to see their advisor as a trusted figure who is centering their best interests.
Using Data, Building Trust
While data aggregation tools can automatically gather tremendous amounts of data, most firms do not take advantage of it. Iskowitz cited a study by Forrester which found that less than 0.5% of data collected by companies is ever analyzed or used. In order for firms to utilize the data they collect, they need to be able to trust it and build trust with the people who access it.
As new players enter the market, Costello sees a breakdown in the chain of trust and understanding that previously underscored relationships in the industry. “Traditional market players trust their peers and traditional advisors, but not the new asset providers,” he observed. As the industry moves towards an open banking approach, we can observe how varying levels of understanding and expertise correspond to their degrees of trust.
Oftentimes, new asset providers don’t fully understand the landscape that they’ve entered, or the advisor’s relationship with their clients and the duty of care. In many cases, the new asset providers are so focused on the new use cases that they aren’t prepared for the other elements they need to manage. Custodial fees, SEC/FINRA standards, Reg SP, and how the relationships between advisors and clients are maintained and enforced are some of the main aspects that Costello sees the new providers struggling to understand and incorporate into their strategy.
Costello also called out banks for treating established advisors the same as random fintechs that may have just launched out of a dorm room when connecting them to data off the bank platform. Though he hopes open banking can help even out the avenues to data access, he still sees a long road ahead.
Advisors in the Center
Data aggregation has had wide-ranging effects across the wealth management industry, but many gaps and issues still remain. Advisors should provide cybersecurity education to help clients protect themselves as government regulation lags behind. While new open banking legislation is adding some structure around data sharing, clients, advisors, and financial institutions remain distrustful of data systems.