Online account aggregation has been a major phenomenon in the US. It hasn’t taken off in the UK, partly due to the lack of a set of guidelines. But while APACS’ move will help clear up some of the confusion surrounding account aggregation, there are still significant obstacles to be overcome before the service becomes more widely adopted.
UK banking forum APACS has issued guidelines concerning online account aggregation.
APACS (the Association for Payment Clearing Services), the body which manages the main networks allowing UK banks and building societies to exchange payments on behalf of their customers, has issued its guidelines on account aggregation.
Account aggregation allows online customers to bring all their financial accounts, alongside features such as email, supermarket loyalty cards and air miles, into one personal portal regardless of where the accounts are held. They can then use a single PIN/password rather than one for each account that is aggregated.
While account aggregation is popular in the US (market leader Yodlee recently acquired its two millionth user), there are currently only two UK providers. These are Citibank, which offers ‘My Accounts’, and FTyourmoney.com, which offers the ‘My Money’ account aggregation service implementing Accountunity technologies.
Before APACS’ move, the UK market lacked a definitive set of account aggregation guidelines along the lines of those provided by BITS (the Technology Group for The Financial Services Roundtable) in the US. Citibank’s launch highlighted the need for guidelines, as several of the UK’s leading banks objected to their accounts being ‘scraped’ (the process by which customer data is retrieved) without their consent.
Indeed, consent is the overriding principle behind the new guidelines. An institution wishing to ‘scrape’ accounts must request permission first, giving details of any aggregators or software providers being used to support the destination site. Data providers/host institutions should then reply within 28 days to requests to aggregate their data, but non-reply to a request should not imply consent. APACS will also keep a register of contacts that can be approached to gain permission to scrape.
These guidelines will clear up some of the confusion surrounding account aggregation. However, the Financial Services Authority (FSA) still states that account aggregation is outside its remit. This is a serious problem. There will be no automatic regulation for those companies who enter the account aggregation space, which will leave many customers concerned about the obvious potential for security breaches.