02:33 PM
Citibank UK Finds Aggregation Loophole
In September 2001, Citibank U.K. launched an account aggregation service similar to the MyCiti.com site launched by Citibank in the U.S. two years ago. Yodlee, based in Redwood Shores, Calif., powers both sites.
In the face of legal challenges, Citibank U.K.'s "MyAccounts" service initially had to refrain from aggregating customer accounts held by the major "High Street" banks. However, by giving the end user control of the aggregation process for nonconsenting banks, Citibank has found a way to provide a greater number of its customers with the ability to assemble a total picture of their finances at one site.
The conflict stems from The Computer Misuse Act, a U.K. law that sets a fairly high standard for third party access to online systems. "The Computer Misuse Act was basically created 12 years ago to protect individuals and consumers against fraudulent hacking," said Jonathan Mindell, sales and marketing director for MyAccounts at Citibank U.K. "As a way to ensure that our service was legal and compliant in the U.K., we had to seek consent from the data providers."
That's where Citibank's MyAccounts ran into a roadblock. "Most of the data providers, both in terms of financial and nonfinancial services, either gave specific or implied consent," said Mindell. "But a number of the High Street banks - our competitors, if you will - denied us consent."
Citibank's U.K. competitors, citing security concerns, legal concerns, and the absence of oversight by the Financial Services Authority, the U.K.'s regulatory body, were initially successful in preventing the service from linking to their institutions.
Citibank tried various methods to get around this legal block. For example, when the Association of Payments and Clearing Services (APACS) created voluntary industry guidelines for account aggregation in December of 2001, Citibank again requested permission to aggregate from its competitors. Again, the bank was denied.
So Citibank went back to Yodlee and came up with a barrister-approved solution. "We don't aggregate on behalf of the user. The users have to initiate the aggregation themselves," said Mindell. "We effectively give them a license to the software, so that they use our site as a portal."
Although far from ideal, it's a clever workaround that seems to sidestep the legal issues involved. "We're giving them access, but they actually initiate the aggregation every time they log on, rather than us, every 24 hours, updating their site whether they log on or not," said Mindell. "For the nonconsenting banks, we've initiated this deviation so that the customers themselves have to click on the 'Refresh Now' button to be refreshed."
Citibank U.K. has approximately 1 million "mass affluent" customers across its banking, lending and credit card businesses, of which 8% have online access to their accounts. The exact number of MyAccounts users was not disclosed, although Citibank has achieved relatively high utilization rates compared with the U.S. "We had some fairly rapid takeup," said Mindell. "Our utilization rate is about 60% of registered users, whereas in the U.S. it's more like 45-50%."
Other account aggregators in the U.K., including online bank Egg and the Financial Times' "Your Money" service, solved the legal challenge by using a PC-based software package called Accountunity, provided by a joint venture between U.K.-based Silkmoth plc and eWise Systems Pty Ltd, an Australian technology firm. But that wasn't the approach favored by Citibank and Yodlee.
"You're introducing complication with a client-side download, automatically," said Matthew Idema, vice president for international markets at Yodlee. "It's very difficult to control what customers do on their home PCs."