SIFMA Issues Framework For Data Sharing Between Banks And Apps

The Securities Industry and Financial Markets Association (SIFMA), the trade group for the financial industry, released a framework on Thursday (April 12) to protect the data of consumers when they give third parties the right to access that information.

Reuters, citing SIFMA, reported the trade group said that while these third parties, often FinTechs, help consumers make decisions on investments, they also expose consumers to personal data security risks. As a result, SIFMA came up with a framework they hope will protect individuals.

“The goal of the principles is to provide customers with safe and secure access to their data and protection of their confidential account information, along with assurances that data aggregators adhere to the same data and security standards followed by regulated financial institutions,” SIFMA President and Chief Executive, Kenneth Bentsen, said in a statement.

Reuters noted one area of the framework focuses on using application programming interfaces (APIs) and other technology to better secure the process of gathering customer data. As it stands, data aggregators require customers to offer up their log-in credentials for their accounts to access the data. SIFMA said that leaves consumer data vulnerable to a hack. An API or another technology would make the data accessible to the aggregator via an agreed-upon portal, which would prevent consumers from having to share log-in information. Other frameworks focus on data access, security and responsibility, permissions, transparency and the scope of access, noted the report.

The move on the part of SIFMA comes as protecting personal data has reached a fevered pitch after Facebook revealed in mid-March that the data on 87 million Facebook users was accessed by Cambridge Analytica, the political consulting company that worked on President Donald Trump’s campaign. There is also a movement by consumers to interact with third-party financial apps. As a result, they’ve been granting permission for FinTechs to access their data residing at banks and traditional financial services companies.