In a potentially controversial move, regulators have certified financial management platform Yodlee as an Accredited Data Recipient under Australia’s Consumer Data Right.
The ruling paves the way for the American data firm to collect and share more consumer data from local banks and fintechs under Open Banking.
The clearance also means Australian consumers’ data will more easily flow into Yodlee’s platforms and eventually feed the insights the controversial fintech and its parent company Envestnet sell to investors as part of multimillion-dollar annual subscriptions.
As Australia’s Open Banking regime finally gets rolling, the Yodlee inclusion is an example of the serpentine path consumers’ data can travel under the portability scheme and the potential tradeoff consumers will be asked to make.
Founded in 1999 by ex Microsoft an Amazon staff, Yodelee went public in 2014 and less than a year later it sold itself to Envestnet for a reported $US660 million, delisting as a result and rebranding as Envestnet | Yodlee.
The company is now one of the biggest financial data aggregators in the world, offering platforms that integrate accounts, collect data and display analytics for various financial activities. It also offers a “free” finance management service to consumers that integrates various accounts and transactions data. But in exchange Yodlee can reuse any data or information it collects, per its terms of service.
Typically the company aggregates the data and sells it to data brokers or investors. Yodlee insists the data is always de-identified.
Investors see huge value in Yodlee’s “alternative data”, reportedly spending as much as $US2 million a year for a subscription to the insights which get to granular levels of consumer groups in certain cities.
For example, investors can use the analytics to track how much consumers groups are spending on food delivery services, giving an edge in identifying companies like Uber Eats and Deliveroo’s revenue.
Yodlee has faced scrutiny for its data practices and transparency, including US lawmakers last month urging the FTC to investigate the data firm for potentially selling millions of consumers’ personal financial information without proper consent.
“Consumers generally have no idea of the risks to their privacy that Envestnet is imposing on them,” United States Senators and Members of Congress said in a letter tot eh US regulator.
In Australia, Open Banking is expected to reduce some of the barriers involved in the data sharing between banks, consumers and companies like Yodlee, but the new Consumer Data Right laws enabling the scheme will also bring strict consent and security requirements.
Consumer Data Right
Australia’s data portability scheme began development in 2017 in Australia and launched last year after a couple of false starts. As of February 1st this year banks are required to share consumers’ data from various products and services in a machine-readable way if a customer requests it.
It means consumers personal financial information from savings accounts, debit cards, home loans, investment loans and consumer leases, among others, can be quickly shared with accredited recipients, often other banks or smaller fintechs offering specialised financial products and services.
A spokesperson for Envestnet | Yodlee told Which-50 that it will “consume” its Australian users’ CDR data now it is accredited but it “does not sell data that identifies consumers” and adheres to “leading industry practices for data security, regulatory compliance, and privacy”.
“Money by Envestnet | Yodlee is our direct-to-consumer platform for financial wellness … We offer Money for free so we can obtain feedback from consumers about our tools and insights to inform our product development,” the spokesperson said.
“As we migrate our connections to Data Holders to use Open Banking, we will consume our customers’ CDR Data.
“We derive a de-identified data set of transactions data for use in our data analytics and insights. All use of this data is subject to our global governance program to ensure this use is understood and permissioned by the end user customer following industry and regulatory requirements, including the CDR.”
Envestnet | Yodlee already offered has historically relied on “screen scraping” to offer the service, a method of collecting data criticised for being less secure than direct integration. The company says Open Banking data will be handled in much the same way but will also adhere to any prescriptive requirements of the CDR.
That means Yodlee will need consumer’s explicit consent from consumers to receive the data and needs to be upfront about how it will be used and who else will have access to the data, according to Australia’s consumer and privacy regulators.
Open Banking Accreditation
Envestnet | Yodlee moved into open banking in 2017 as various schemes around the world developed. Last week it joined just six other companies as an Accredited Data Recipient under Australia’s Consumer Data Right. Certification in Australia’s data portability scheme means Envestnet | Yodlee can receive consumers’ data from accredited data holders, currently the big four banks and Regional Australia Bank.
Providers such as Envestnet | Yodlee are only allowed to use the data for the purposes a consumer has requested.
Envestnet | Yodlee says it has worked with Australian regulators on how it shares open banking data with banks and fintechs, and like other recipients, it will need to use a rigorous consent process.
“This accreditation will enable Envestnet | Yodlee to continue to bring the best financial data and intelligence to Australia’s banks and FinTechs,” said Tim Poskitt, Country Manager ANZ at Envestnet | Yodlee in a statement.
“By collaborating with regulators and delivering these capabilities to financial service providers, consumers will be in a position to make better financial choices and decisions based on their data, behaviours and personal situations. Ultimately, this will enable Australians to improve their financial health.”