March 2, 2001
OCC Issues Guidance on Bank-Provided Aggregation Services
WASHINGTON — The Office of the Comptroller of the Currency (OCC) today issued a bulletin that outlines the risks involved in the offering of account aggregation services by national banks and the management controls that are needed in connection with such services.
Account aggregation is a service that gathers information from many web sites and presents that information in a consolidated format to the customer. The information gathered can range from publicly available information to personal account information such as credit card, brokerage and banking data. Emerging capabilities include the ability to initiate transactions, obtain financial advice, and use shopping services to scan the web for products.
"Banks are positioned well to increase the usefulness of their services to customers through account aggregation," said Clifford Wilke, Director of Bank Technology. "Safety and soundness are of paramount importance when delivering these services. We expect the growth of account aggregation to occur within a sound risk management environment."
Today's guidance addresses the risks and controls of bank-provided account aggregation activity. It stresses the need to maintain security and privacy in an environment where customer information is centralized. Because third parties are typically involved in critical areas of service delivery, the guidance addresses vendor management and contracting. The bulletin discusses the steps banks can take to limit risks and educate customers.
This guidance, OCC Bulletin 2001-12, can be obtained by writing to Comptroller of the Currency, Public Information Room (mail stop 1-5), Washington, D.C. 20219; faxing a request to (202) 874-4448; retrieving the document from the OCC Web page at http://www.occ.treas.gov; or visiting the OCC's Public Information Room at 250 E. Street S.W. in Washington, D.C. (9 a.m. - noon and 1:00-3:30 p.m., Monday-Friday).
- OCC Bulletin 2001-12, Bank-Provided Account Aggregation Services: Guidance to Banks