SlideShare a Scribd company logo

Aggregation Platforms-White Paper

Envestnet Yodlee India
Envestnet Yodlee India

All Aggregation Platforms are not created equal: A Security Perspective

Technology
1 of 3
Download to read offline
All Aggregation Platforms Are Not Created Equal: A Security Perspective W H I T E PA P E R For more information, go to yodlee.com Envestnet | Yodlee The digital era has arrived for banking and financial services. Online and mobile banking and financial services are quickly becoming the channels of choice for today’s digitally savvy customers. Nimble nonbanking and new era financial advisors, unencumbered by brick and mortar, legacy systems, and outdated processes, are using the power of the Internet to entice customers away from traditional wealth management firms. These upstarts are using data aggregation technology to mine valuable financial information to more accurately target customer needs and customize offerings, almost before these consumers realize they need them. Key to this compelling approach are powerful, innovative FinApps®that leverage data held by traditional financial institutions. By their very nature, these solutions access sensitive personal and financial consumer details found within secure online banking, brokerage, bill pay accounts, and more. The challenge for any financial service provider is how to both enable online and mobile banking services powered by aggregation technologies yet also protect customers from data loss while also adhering to regulatory and legal requirements. Financial institutions must embrace the digital era, and they must do so now to avoid market share loss as more customers come to expect the ease and convenience made possible through the digital channel. To do so, all financial service providers must evaluate and manage the risks of enabling access to their systems by aggregators in support of their customers, with a focus on the crucial aspects of security, privacy, risk management, and compliance. As a trusted partner of many of the world’s leading financial institutions and a provider of the premier consumer data aggregation platform, Envestnet®| Yodlee®has broad and deep experience bridging the gap between innovation and security. Privacy and Security Best Practices When evaluating the risks of aggregation technology, security of your customers’ data should be top of mind. Many aggregation providers do not have direct relationships, and therefore direct obligations, with the financial institutions that hold their customers’ accounts and data. This means the security of your customers’ personally identifiable information is unknown to the financial institution (FI) once accessed by the aggregation provider. It is the FI’s responsibility to ensure that appropriate security and risk management protocols are in place, with the appropriate physical, electronic, and procedural safeguards to ensure all financial information is protected against unauthorized access or misuse. Unfortunately, providing these controls is too great a task for most early-stage financial technology service providers. Before you allow an aggregator access to your customers’ valuable data, make sure the service provider follows industry best practice guidelines in the design and implementation of their network security environment. For example, they should provide separate production, staging, development, corporate, and specialty networks, with access control devices between each zone. They should further segment networks within each zone to apply granular security and audit controls appropriate to each function. Other key controls to ask about include restricted access to the data and systems, multi-factor authentication, resilient and redundant infrastructure, data encryption, and centralized security monitoring with real-time alerting. It is also important that the data aggregation provider maintains high standards, in terms of a certification program, for the developers leveraging their data and resources. Another key risk management process is the application testing program. All fintech applications leveraging customer financial account data should undergo rigorous review to ensure they meet the highest security and performance standards. Finally, it is important to assess if the data aggregation provider fully supports current and evolving authentication protocols, such as new multi-factor authentication (MFA), and federated and token-based architectures. Choosing the Platform The aggregation platform is the integration point with your systems and should consist of a set of infrastructure components that intelligently aggregate, cleanse, augment, and store consumer data. However, some platforms are better than others. To reduce the operational load and risk to your systems, and to manage customer service issues, you should assess if the platform you choose:
• Is capable of aggregating a highly extensible range of data from a large number of data providers using a variety of structured and semi-structured data formats including HTML, OFX, and custom feeds; • Supports a variety of data collection methods to provide broad coverage across a non-standard environment of technologies for data serving and authentication, including screen-scraping, statement parsing, data feeds, and batch uploads; • Accesses data by 1) retrieving the most recently cached data from the online transaction processing system (OLTP), and 2) requesting that data be updated from the source on demand, and that the OLTP database updates intelligently and with respect for its impact on your resources. Advanced Monitoring and Data Operations To ensure the aggregation platform interacts with your systems consistently and securely, its operations must be constantly monitored. The aggregation provider should have specialized operations personnel on hand to solve any problem. A sophisticated, proactive monitoring and debugging infrastructure that addresses data source and data quality issues quickly and without compromising the security and privacy of consumer data is essential. Compliance Data aggregation providers access Nonpublic Personal Information (NPI) and therefore fall under the Gramm- Leach-Bliley Act (GLBA). However, only the largest and most mature providers are monitored by the US banking regulators under FFIEC Supervision of Technology Service Providers for compliance with the same strict regulations to which financial institutions must adhere. As you perform your risk assessment on any aggregation provider, ask about: 1. Compliance to applicable banking standards, including strong authentication 2. Compliance with regulatory requirements for authentication, authorization, and protection of financial data 3. An appropriate security, risk, and compliance posture 4. Full-feature data exchange methodologies 5. Compatibility with new technologies for online, mobile, and tablet banking, as well as evolving platforms, such as wearable technology Summary Aggregation-based technology is powering exciting and innovative new solutions that are changing the way your customers interact with their finances, and interact with you utilizing digital channels and apps. These solutions are helping fintech providers create more personalized and engaging financial experiences, and also protect your customers against fraud with transaction analysis and alerting tools. To support these powerful financial applications that benefit your customers, it requires a best-of-breed financial data aggregation provider, one with a secure, scalable data infrastructure that safely aggregates disparate, personal financial information in a secure, scalable, and sustainable way. Envestnet | Yodlee shares your goals for customer enablement and protection, to bring these new financial experiences to life for people around the globe. About Envestnet | Yodlee and Its Security Envestnet | Yodlee and its data aggregation platform is one of the leading enablers of advanced digital financial services and financial data in the world. Supervised Technology Service Provider under US Banking Regulations Of note, Envestnet | Yodlee is a Technology Service Provider under the direct supervision of the US banking regulators. Technology Service Providers (TSPs) provide technology- based systems to United States financial institutions (FIs). These systems are deemed critical to the overall safety and soundness of the financial institutions; therefore, supervision by the banking regulators are warranted to ensure these TSPs satisfy the security, privacy, risk and regulatory compliance requirements. As a supervised TSP, Envestnet | Yodlee undergoes examinations by the US banking regulators (i.e. OCC, FDIC, and Federal Reserve) just like an FI. Envestnet | Yodlee receives a Report of Examination that is made available to its US FI clients. US FIs are not allowed to engage with TSPs that are not deemed satisfactory by this examination process. PCI-DSS Service Provider Envestnet | Yodlee is also a Level 1 Service Provider under the Payment Card Industry Data Security Standards (PCI- DSS). PCI-DSS is a requirement of the card brands (Visa™, MasterCard™, American Express™, Discover™, JCP™) for any entity that stores, processes, or transmits cardholder data (card number, security code, expiration date, track data). As a PCI-DSS Level 1 Service Provider, Envestnet | Yodlee undergoes annual compliance assessments by a PCI Qualified Security Assessor (QSA) and quarterly technical assessments by an Authorized Scanning Vendor (ASV). These reports are available to clients and supplement their own assessments of Envestnet | Yodlee’s security posture.
Global Headquarters: 3600 Bridge Parkway, Suite 200, Redwood City, CA 94065, T: +1 650 980 3600, www.yodlee.com © 2016 Envestnet | Yodlee.™ All rights reserved. Technology protected by one or more U.S. Patents or Patents Pending. Use subject to license terms. May include materials developed by third parties. Yodlee and the Yodlee Logo are trademarks or registered trademarks of Envestnet | Yodlee in the U.S. and other countries. All other trademarks mentioned in this document or website are the property of their respective owners. Yodlee 220 01/16 US-EU Safe Harbor Certification Envestnet | Yodlee acts as a data processor to its clients in their role as data controller for the Yodlee services they offer to their customers. As such, Yodlee must uphold the European Union Directive on Data Protection and supporting regulations related to the data our clients entrust to us from their EU data subjects. Accordingly, Yodlee has designed and operates its data privacy handling per the EU Principles applicable to our role as a data processer. To demonstrate our adequacy with the Principles, we also obtain 3rd party certification of our privacy data handling programs under the US-EU Safe Harbor Compliance Program sponsored by the US Department of Commerce. Asia Pacific Economic Cooperation Cross Border Privacy Rules (APEC CBPR) In OECD member states, Envestnet | Yodlee likewise acts as a data processor to its clients in their role of data controller for the Envestnet | Yodlee services they offer to their customers. Accordingly, Envestnet | Yodlee’s data privacy handling is also designed and operated per the OECD Privacy Principles and adheres to APEC’s Cross Border Privacy Rules applicable to our role as a data processer. To demonstrate its adequacy with the Principles, Envestnet | Yodlee also obtains Accountability Agent certification of its privacy data handling programs under the APEC CBPR System.

Recommended

Payment Gateway
Payment Gateway Payment Gateway
Payment Gateway Rohit Srivastav
 
Account Aggregation Services
Account Aggregation ServicesAccount Aggregation Services
Account Aggregation Servicesgarywilliams203
 
PayPal - Strategy Analysis & Frameworks
PayPal - Strategy Analysis & FrameworksPayPal - Strategy Analysis & Frameworks
PayPal - Strategy Analysis & FrameworksMasoom Modh
 
Stablecoin
StablecoinStablecoin
StablecoinHu Kenneth
 
Payment Gateway History: An interview with the Inventor
Payment Gateway History: An interview with the InventorPayment Gateway History: An interview with the Inventor
Payment Gateway History: An interview with the InventorWayne Akey
 
Payment gateway
Payment gatewayPayment gateway
Payment gatewayPiyush Dua
 
Monetize with PayPal X Payments Platform
Monetize with PayPal X Payments PlatformMonetize with PayPal X Payments Platform
Monetize with PayPal X Payments Platformguest72b121
 
Tracxn Research: Payments Landscape, October 2016
Tracxn Research: Payments Landscape, October 2016Tracxn Research: Payments Landscape, October 2016
Tracxn Research: Payments Landscape, October 2016Tracxn
 

Recommended

Payment Gateway
Payment Gateway Payment Gateway
Payment Gateway Rohit Srivastav
 
Account Aggregation Services
Account Aggregation ServicesAccount Aggregation Services
Account Aggregation Servicesgarywilliams203
 
PayPal - Strategy Analysis & Frameworks
PayPal - Strategy Analysis & FrameworksPayPal - Strategy Analysis & Frameworks
PayPal - Strategy Analysis & FrameworksMasoom Modh
 
Stablecoin
StablecoinStablecoin
StablecoinHu Kenneth
 
Payment Gateway History: An interview with the Inventor
Payment Gateway History: An interview with the InventorPayment Gateway History: An interview with the Inventor
Payment Gateway History: An interview with the InventorWayne Akey
 
Payment gateway
Payment gatewayPayment gateway
Payment gatewayPiyush Dua
 
Monetize with PayPal X Payments Platform
Monetize with PayPal X Payments PlatformMonetize with PayPal X Payments Platform
Monetize with PayPal X Payments Platformguest72b121
 
Tracxn Research: Payments Landscape, October 2016
Tracxn Research: Payments Landscape, October 2016Tracxn Research: Payments Landscape, October 2016
Tracxn Research: Payments Landscape, October 2016Tracxn
 
Payment gateways
Payment gateways Payment gateways
Payment gateways NiyasudheenAK
 
E financial services (payment gateway)
E financial services (payment gateway)E financial services (payment gateway)
E financial services (payment gateway)valliappan1991
 
Payment Gateway
Payment GatewayPayment Gateway
Payment GatewayKillian Delaney
 
revenue and expenditures cycle (accounting information system)
revenue and expenditures cycle (accounting information system) revenue and expenditures cycle (accounting information system)
revenue and expenditures cycle (accounting information system) nus's presentations
 
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsAPIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsJeremy Brown
 
Payment Gateway
Payment GatewayPayment Gateway
Payment GatewayAsif Hussain
 
Perfect dashboard pitch deck
Perfect dashboard pitch deckPerfect dashboard pitch deck
Perfect dashboard pitch deckAdamSawicki9
 
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPTAmazon Web Services
 
Stable Coins: Currency for a Digitized World
Stable Coins: Currency for a Digitized WorldStable Coins: Currency for a Digitized World
Stable Coins: Currency for a Digitized WorldIonixx Technologies Inc.
 
Understanding Blockchain
Understanding BlockchainUnderstanding Blockchain
Understanding BlockchainOgilvy Consulting
 
National payment system architecture
National payment system architectureNational payment system architecture
National payment system architectureAnil Chaurasiya
 
How Credit Card Processing Works
How Credit Card Processing WorksHow Credit Card Processing Works
How Credit Card Processing WorksBusiness.com
 
Binary Options Trading - An Introduction
Binary Options Trading - An IntroductionBinary Options Trading - An Introduction
Binary Options Trading - An IntroductionForex Maximiser
 
Awesome e commerce-shopify
Awesome e commerce-shopifyAwesome e commerce-shopify
Awesome e commerce-shopifyMichael Trang
 
Webinar: Practical use-cases to monetize Open Banking APIs
Webinar: Practical use-cases to monetize Open Banking APIsWebinar: Practical use-cases to monetize Open Banking APIs
Webinar: Practical use-cases to monetize Open Banking APIsShubaS4
 
Mobile wallets Analysis
Mobile wallets AnalysisMobile wallets Analysis
Mobile wallets AnalysisRamraj Mulasa
 
Digital platform and mobile app for banks and credit unions
Digital platform and mobile app for banks and credit unionsDigital platform and mobile app for banks and credit unions
Digital platform and mobile app for banks and credit unionsMikhail Miroshnichenko
 
National Retail Payment System and Proposed Payment Systems Act
National Retail Payment System and Proposed Payment Systems ActNational Retail Payment System and Proposed Payment Systems Act
National Retail Payment System and Proposed Payment Systems ActJanette Toral
 
Merchant one powerpoint
Merchant one powerpointMerchant one powerpoint
Merchant one powerpointMerchant One
 
Accounting information system
Accounting information systemAccounting information system
Accounting information systemNowMaster Academy
 
La provincia de coclé
La provincia de cocléLa provincia de coclé
La provincia de cocléablyn arrouz
 
Fgf
FgfFgf
Fgfmakasdasd415
 

More Related Content

What's hot

E financial services (payment gateway)
E financial services (payment gateway)E financial services (payment gateway)
E financial services (payment gateway)valliappan1991
 
revenue and expenditures cycle (accounting information system)
revenue and expenditures cycle (accounting information system) revenue and expenditures cycle (accounting information system)
revenue and expenditures cycle (accounting information system) nus's presentations
 
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsAPIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsJeremy Brown
 
Perfect dashboard pitch deck
Perfect dashboard pitch deckPerfect dashboard pitch deck
Perfect dashboard pitch deckAdamSawicki9
 
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPTAmazon Web Services
 
Stable Coins: Currency for a Digitized World
Stable Coins: Currency for a Digitized WorldStable Coins: Currency for a Digitized World
Stable Coins: Currency for a Digitized WorldIonixx Technologies Inc.
 
National payment system architecture
National payment system architectureNational payment system architecture
National payment system architectureAnil Chaurasiya
 
How Credit Card Processing Works
How Credit Card Processing WorksHow Credit Card Processing Works
How Credit Card Processing WorksBusiness.com
 
Binary Options Trading - An Introduction
Binary Options Trading - An IntroductionBinary Options Trading - An Introduction
Binary Options Trading - An IntroductionForex Maximiser
 
Awesome e commerce-shopify
Awesome e commerce-shopifyAwesome e commerce-shopify
Awesome e commerce-shopifyMichael Trang
 
Webinar: Practical use-cases to monetize Open Banking APIs
Webinar: Practical use-cases to monetize Open Banking APIsWebinar: Practical use-cases to monetize Open Banking APIs
Webinar: Practical use-cases to monetize Open Banking APIsShubaS4
 
Mobile wallets Analysis
Mobile wallets AnalysisMobile wallets Analysis
Mobile wallets AnalysisRamraj Mulasa
 
Digital platform and mobile app for banks and credit unions
Digital platform and mobile app for banks and credit unionsDigital platform and mobile app for banks and credit unions
Digital platform and mobile app for banks and credit unionsMikhail Miroshnichenko
 
National Retail Payment System and Proposed Payment Systems Act
National Retail Payment System and Proposed Payment Systems ActNational Retail Payment System and Proposed Payment Systems Act
National Retail Payment System and Proposed Payment Systems ActJanette Toral
 
Merchant one powerpoint
Merchant one powerpointMerchant one powerpoint
Merchant one powerpointMerchant One
 
Accounting information system
Accounting information systemAccounting information system
Accounting information systemNowMaster Academy
 

What's hot (20)

Payment gateways
Payment gateways Payment gateways
Payment gateways
 
E financial services (payment gateway)
E financial services (payment gateway)E financial services (payment gateway)
E financial services (payment gateway)
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
 
revenue and expenditures cycle (accounting information system)
revenue and expenditures cycle (accounting information system) revenue and expenditures cycle (accounting information system)
revenue and expenditures cycle (accounting information system)
 
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIsAPIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
APIdays Open Banking & Fintech: Workshop - Financial Services Use Cases for APIs
 
Payment Gateway
Payment GatewayPayment Gateway
Payment Gateway
 
Perfect dashboard pitch deck
Perfect dashboard pitch deckPerfect dashboard pitch deck
Perfect dashboard pitch deck
 
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT
Guard Against Fraud and Financial Crime with NICE Actimize & AWS PPT
 
Stable Coins: Currency for a Digitized World
Stable Coins: Currency for a Digitized WorldStable Coins: Currency for a Digitized World
Stable Coins: Currency for a Digitized World
 
Understanding Blockchain
Understanding BlockchainUnderstanding Blockchain
Understanding Blockchain
 
National payment system architecture
National payment system architectureNational payment system architecture
National payment system architecture
 
How Credit Card Processing Works
How Credit Card Processing WorksHow Credit Card Processing Works
How Credit Card Processing Works
 
Binary Options Trading - An Introduction
Binary Options Trading - An IntroductionBinary Options Trading - An Introduction
Binary Options Trading - An Introduction
 
Awesome e commerce-shopify
Awesome e commerce-shopifyAwesome e commerce-shopify
Awesome e commerce-shopify
 
Webinar: Practical use-cases to monetize Open Banking APIs
Webinar: Practical use-cases to monetize Open Banking APIsWebinar: Practical use-cases to monetize Open Banking APIs
Webinar: Practical use-cases to monetize Open Banking APIs
 
Mobile wallets Analysis
Mobile wallets AnalysisMobile wallets Analysis
Mobile wallets Analysis
 
Digital platform and mobile app for banks and credit unions
Digital platform and mobile app for banks and credit unionsDigital platform and mobile app for banks and credit unions
Digital platform and mobile app for banks and credit unions
 
National Retail Payment System and Proposed Payment Systems Act
National Retail Payment System and Proposed Payment Systems ActNational Retail Payment System and Proposed Payment Systems Act
National Retail Payment System and Proposed Payment Systems Act
 
Merchant one powerpoint
Merchant one powerpointMerchant one powerpoint
Merchant one powerpoint
 
Accounting information system
Accounting information systemAccounting information system
Accounting information system
 

Viewers also liked

La provincia de coclé
La provincia de cocléLa provincia de coclé
La provincia de cocléablyn arrouz
 
Model etika dalam bisnis, sumber nilai etika
Model etika dalam bisnis, sumber nilai etikaModel etika dalam bisnis, sumber nilai etika
Model etika dalam bisnis, sumber nilai etikamakasdasd415
 
Curriculum Nacional Base Sheny
Curriculum Nacional Base ShenyCurriculum Nacional Base Sheny
Curriculum Nacional Base ShenySheny Pop Chocoj
 
Presentazione Tesi Magistrale sul Giffoni Experience
Presentazione Tesi Magistrale sul Giffoni ExperiencePresentazione Tesi Magistrale sul Giffoni Experience
Presentazione Tesi Magistrale sul Giffoni ExperienceGiovanna Di Troia
 
El curriculum nacional base lupita
El curriculum nacional base lupitaEl curriculum nacional base lupita
El curriculum nacional base lupitaSheny Pop Chocoj
 

Viewers also liked (11)

La provincia de coclé
La provincia de cocléLa provincia de coclé
La provincia de coclé
 
Fgf
FgfFgf
Fgf
 
Model etika dalam bisnis, sumber nilai etika
Model etika dalam bisnis, sumber nilai etikaModel etika dalam bisnis, sumber nilai etika
Model etika dalam bisnis, sumber nilai etika
 
DEVELOPMENT AND MANAGEMENT
DEVELOPMENT AND MANAGEMENTDEVELOPMENT AND MANAGEMENT
DEVELOPMENT AND MANAGEMENT
 
Curriculum Nacional Base Sheny
Curriculum Nacional Base ShenyCurriculum Nacional Base Sheny
Curriculum Nacional Base Sheny
 
Presentazione Tesi Magistrale sul Giffoni Experience
Presentazione Tesi Magistrale sul Giffoni ExperiencePresentazione Tesi Magistrale sul Giffoni Experience
Presentazione Tesi Magistrale sul Giffoni Experience
 
El curriculum nacional base lupita
El curriculum nacional base lupitaEl curriculum nacional base lupita
El curriculum nacional base lupita
 
Wqw
WqwWqw
Wqw
 
Las tablet
Las tabletLas tablet
Las tablet
 
Andrea cnb
Andrea cnbAndrea cnb
Andrea cnb
 
Imt slideshare3.2
Imt slideshare3.2Imt slideshare3.2
Imt slideshare3.2
 

Similar to Aggregation Platforms-White Paper

Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and riskEY
 
MLM Platform for Financial (Services Simplifies Industry's Complexity
MLM Platform for Financial (Services Simplifies Industry's ComplexityMLM Platform for Financial (Services Simplifies Industry's Complexity
MLM Platform for Financial (Services Simplifies Industry's ComplexityEpixel MLM Software
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech applicationnimbleappgenie
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxITIO Innovex
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsJason Dover
 
Application-Modernization-Whitepaper.pdf
Application-Modernization-Whitepaper.pdfApplication-Modernization-Whitepaper.pdf
Application-Modernization-Whitepaper.pdfAnil
 
Application-Modernization-Whitepaper.pdf
Application-Modernization-Whitepaper.pdfApplication-Modernization-Whitepaper.pdf
Application-Modernization-Whitepaper.pdfAnil
 
Fiserv FCRM Platform Brochure
Fiserv FCRM Platform BrochureFiserv FCRM Platform Brochure
Fiserv FCRM Platform BrochurePaul Stabile
 
Data engineering Use Cases in financial industry.pdf
Data engineering Use Cases in financial industry.pdfData engineering Use Cases in financial industry.pdf
Data engineering Use Cases in financial industry.pdfshreyathaker
 
Trends 121415 Citizens Bank
Trends 121415 Citizens BankTrends 121415 Citizens Bank
Trends 121415 Citizens BankMichael Ouellet
 
The Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataThe Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataTyler Hannan
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
25 sumit 2
25 sumit 225 sumit 2
25 sumit 2SRJIS
 
DATA Working Group - Consumer Best Practices
DATA Working Group - Consumer Best PracticesDATA Working Group - Consumer Best Practices
DATA Working Group - Consumer Best PracticesDataSecretariat
 
Cards and Payments Asia - Apr. 2016
Cards and Payments Asia - Apr. 2016Cards and Payments Asia - Apr. 2016
Cards and Payments Asia - Apr. 2016Wing Yuen Loon
 
opustechglobal-com-key-risks-to-consider-when-implementing-real-time-payments...
opustechglobal-com-key-risks-to-consider-when-implementing-real-time-payments...opustechglobal-com-key-risks-to-consider-when-implementing-real-time-payments...
opustechglobal-com-key-risks-to-consider-when-implementing-real-time-payments...Opus
 

Similar to Aggregation Platforms-White Paper (20)

Insights into cyber security and risk
Insights into cyber security and riskInsights into cyber security and risk
Insights into cyber security and risk
 
MLM Platform for Financial (Services Simplifies Industry's Complexity
MLM Platform for Financial (Services Simplifies Industry's ComplexityMLM Platform for Financial (Services Simplifies Industry's Complexity
MLM Platform for Financial (Services Simplifies Industry's Complexity
 
How to build a highly secure fin tech application
How to build a highly secure fin tech applicationHow to build a highly secure fin tech application
How to build a highly secure fin tech application
 
All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
 
Whitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant EnvironmentsWhitepaper - Application Delivery in PCI DSS Compliant Environments
Whitepaper - Application Delivery in PCI DSS Compliant Environments
 
Top online frauds 2010
Top online frauds 2010Top online frauds 2010
Top online frauds 2010
 
Application-Modernization-Whitepaper.pdf
Application-Modernization-Whitepaper.pdfApplication-Modernization-Whitepaper.pdf
Application-Modernization-Whitepaper.pdf
 
Application-Modernization-Whitepaper.pdf
Application-Modernization-Whitepaper.pdfApplication-Modernization-Whitepaper.pdf
Application-Modernization-Whitepaper.pdf
 
Fiserv FCRM Platform Brochure
Fiserv FCRM Platform BrochureFiserv FCRM Platform Brochure
Fiserv FCRM Platform Brochure
 
Finance Industry Innovations
Finance Industry InnovationsFinance Industry Innovations
Finance Industry Innovations
 
Data engineering Use Cases in financial industry.pdf
Data engineering Use Cases in financial industry.pdfData engineering Use Cases in financial industry.pdf
Data engineering Use Cases in financial industry.pdf
 
Trends 121415 Citizens Bank
Trends 121415 Citizens BankTrends 121415 Citizens Bank
Trends 121415 Citizens Bank
 
The Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card DataThe Easy WAy to Accept & Protect Credit Card Data
The Easy WAy to Accept & Protect Credit Card Data
 
Fintech Risks and Benefits--DR. Emmanuel Moore ABOLO
Fintech Risks and Benefits--DR. Emmanuel Moore ABOLOFintech Risks and Benefits--DR. Emmanuel Moore ABOLO
Fintech Risks and Benefits--DR. Emmanuel Moore ABOLO
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
25 sumit 2
25 sumit 225 sumit 2
25 sumit 2
 
DATA Working Group - Consumer Best Practices
DATA Working Group - Consumer Best PracticesDATA Working Group - Consumer Best Practices
DATA Working Group - Consumer Best Practices
 
PCI-DSS for IDRBT
PCI-DSS for IDRBTPCI-DSS for IDRBT
PCI-DSS for IDRBT
 
Cards and Payments Asia - Apr. 2016
Cards and Payments Asia - Apr. 2016Cards and Payments Asia - Apr. 2016
Cards and Payments Asia - Apr. 2016
 
opustechglobal-com-key-risks-to-consider-when-implementing-real-time-payments...
opustechglobal-com-key-risks-to-consider-when-implementing-real-time-payments...opustechglobal-com-key-risks-to-consider-when-implementing-real-time-payments...
opustechglobal-com-key-risks-to-consider-when-implementing-real-time-payments...
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 

Aggregation Platforms-White Paper

  • 1. All Aggregation Platforms Are Not Created Equal: A Security Perspective W H I T E PA P E R For more information, go to yodlee.com Envestnet | Yodlee The digital era has arrived for banking and financial services. Online and mobile banking and financial services are quickly becoming the channels of choice for today’s digitally savvy customers. Nimble nonbanking and new era financial advisors, unencumbered by brick and mortar, legacy systems, and outdated processes, are using the power of the Internet to entice customers away from traditional wealth management firms. These upstarts are using data aggregation technology to mine valuable financial information to more accurately target customer needs and customize offerings, almost before these consumers realize they need them. Key to this compelling approach are powerful, innovative FinApps®that leverage data held by traditional financial institutions. By their very nature, these solutions access sensitive personal and financial consumer details found within secure online banking, brokerage, bill pay accounts, and more. The challenge for any financial service provider is how to both enable online and mobile banking services powered by aggregation technologies yet also protect customers from data loss while also adhering to regulatory and legal requirements. Financial institutions must embrace the digital era, and they must do so now to avoid market share loss as more customers come to expect the ease and convenience made possible through the digital channel. To do so, all financial service providers must evaluate and manage the risks of enabling access to their systems by aggregators in support of their customers, with a focus on the crucial aspects of security, privacy, risk management, and compliance. As a trusted partner of many of the world’s leading financial institutions and a provider of the premier consumer data aggregation platform, Envestnet®| Yodlee®has broad and deep experience bridging the gap between innovation and security. Privacy and Security Best Practices When evaluating the risks of aggregation technology, security of your customers’ data should be top of mind. Many aggregation providers do not have direct relationships, and therefore direct obligations, with the financial institutions that hold their customers’ accounts and data. This means the security of your customers’ personally identifiable information is unknown to the financial institution (FI) once accessed by the aggregation provider. It is the FI’s responsibility to ensure that appropriate security and risk management protocols are in place, with the appropriate physical, electronic, and procedural safeguards to ensure all financial information is protected against unauthorized access or misuse. Unfortunately, providing these controls is too great a task for most early-stage financial technology service providers. Before you allow an aggregator access to your customers’ valuable data, make sure the service provider follows industry best practice guidelines in the design and implementation of their network security environment. For example, they should provide separate production, staging, development, corporate, and specialty networks, with access control devices between each zone. They should further segment networks within each zone to apply granular security and audit controls appropriate to each function. Other key controls to ask about include restricted access to the data and systems, multi-factor authentication, resilient and redundant infrastructure, data encryption, and centralized security monitoring with real-time alerting. It is also important that the data aggregation provider maintains high standards, in terms of a certification program, for the developers leveraging their data and resources. Another key risk management process is the application testing program. All fintech applications leveraging customer financial account data should undergo rigorous review to ensure they meet the highest security and performance standards. Finally, it is important to assess if the data aggregation provider fully supports current and evolving authentication protocols, such as new multi-factor authentication (MFA), and federated and token-based architectures. Choosing the Platform The aggregation platform is the integration point with your systems and should consist of a set of infrastructure components that intelligently aggregate, cleanse, augment, and store consumer data. However, some platforms are better than others. To reduce the operational load and risk to your systems, and to manage customer service issues, you should assess if the platform you choose:
  • 2. • Is capable of aggregating a highly extensible range of data from a large number of data providers using a variety of structured and semi-structured data formats including HTML, OFX, and custom feeds; • Supports a variety of data collection methods to provide broad coverage across a non-standard environment of technologies for data serving and authentication, including screen-scraping, statement parsing, data feeds, and batch uploads; • Accesses data by 1) retrieving the most recently cached data from the online transaction processing system (OLTP), and 2) requesting that data be updated from the source on demand, and that the OLTP database updates intelligently and with respect for its impact on your resources. Advanced Monitoring and Data Operations To ensure the aggregation platform interacts with your systems consistently and securely, its operations must be constantly monitored. The aggregation provider should have specialized operations personnel on hand to solve any problem. A sophisticated, proactive monitoring and debugging infrastructure that addresses data source and data quality issues quickly and without compromising the security and privacy of consumer data is essential. Compliance Data aggregation providers access Nonpublic Personal Information (NPI) and therefore fall under the Gramm- Leach-Bliley Act (GLBA). However, only the largest and most mature providers are monitored by the US banking regulators under FFIEC Supervision of Technology Service Providers for compliance with the same strict regulations to which financial institutions must adhere. As you perform your risk assessment on any aggregation provider, ask about: 1. Compliance to applicable banking standards, including strong authentication 2. Compliance with regulatory requirements for authentication, authorization, and protection of financial data 3. An appropriate security, risk, and compliance posture 4. Full-feature data exchange methodologies 5. Compatibility with new technologies for online, mobile, and tablet banking, as well as evolving platforms, such as wearable technology Summary Aggregation-based technology is powering exciting and innovative new solutions that are changing the way your customers interact with their finances, and interact with you utilizing digital channels and apps. These solutions are helping fintech providers create more personalized and engaging financial experiences, and also protect your customers against fraud with transaction analysis and alerting tools. To support these powerful financial applications that benefit your customers, it requires a best-of-breed financial data aggregation provider, one with a secure, scalable data infrastructure that safely aggregates disparate, personal financial information in a secure, scalable, and sustainable way. Envestnet | Yodlee shares your goals for customer enablement and protection, to bring these new financial experiences to life for people around the globe. About Envestnet | Yodlee and Its Security Envestnet | Yodlee and its data aggregation platform is one of the leading enablers of advanced digital financial services and financial data in the world. Supervised Technology Service Provider under US Banking Regulations Of note, Envestnet | Yodlee is a Technology Service Provider under the direct supervision of the US banking regulators. Technology Service Providers (TSPs) provide technology- based systems to United States financial institutions (FIs). These systems are deemed critical to the overall safety and soundness of the financial institutions; therefore, supervision by the banking regulators are warranted to ensure these TSPs satisfy the security, privacy, risk and regulatory compliance requirements. As a supervised TSP, Envestnet | Yodlee undergoes examinations by the US banking regulators (i.e. OCC, FDIC, and Federal Reserve) just like an FI. Envestnet | Yodlee receives a Report of Examination that is made available to its US FI clients. US FIs are not allowed to engage with TSPs that are not deemed satisfactory by this examination process. PCI-DSS Service Provider Envestnet | Yodlee is also a Level 1 Service Provider under the Payment Card Industry Data Security Standards (PCI- DSS). PCI-DSS is a requirement of the card brands (Visa™, MasterCard™, American Express™, Discover™, JCP™) for any entity that stores, processes, or transmits cardholder data (card number, security code, expiration date, track data). As a PCI-DSS Level 1 Service Provider, Envestnet | Yodlee undergoes annual compliance assessments by a PCI Qualified Security Assessor (QSA) and quarterly technical assessments by an Authorized Scanning Vendor (ASV). These reports are available to clients and supplement their own assessments of Envestnet | Yodlee’s security posture.
  • 3. Global Headquarters: 3600 Bridge Parkway, Suite 200, Redwood City, CA 94065, T: +1 650 980 3600, www.yodlee.com © 2016 Envestnet | Yodlee.™ All rights reserved. Technology protected by one or more U.S. Patents or Patents Pending. Use subject to license terms. May include materials developed by third parties. Yodlee and the Yodlee Logo are trademarks or registered trademarks of Envestnet | Yodlee in the U.S. and other countries. All other trademarks mentioned in this document or website are the property of their respective owners. Yodlee 220 01/16 US-EU Safe Harbor Certification Envestnet | Yodlee acts as a data processor to its clients in their role as data controller for the Yodlee services they offer to their customers. As such, Yodlee must uphold the European Union Directive on Data Protection and supporting regulations related to the data our clients entrust to us from their EU data subjects. Accordingly, Yodlee has designed and operates its data privacy handling per the EU Principles applicable to our role as a data processer. To demonstrate our adequacy with the Principles, we also obtain 3rd party certification of our privacy data handling programs under the US-EU Safe Harbor Compliance Program sponsored by the US Department of Commerce. Asia Pacific Economic Cooperation Cross Border Privacy Rules (APEC CBPR) In OECD member states, Envestnet | Yodlee likewise acts as a data processor to its clients in their role of data controller for the Envestnet | Yodlee services they offer to their customers. Accordingly, Envestnet | Yodlee’s data privacy handling is also designed and operated per the OECD Privacy Principles and adheres to APEC’s Cross Border Privacy Rules applicable to our role as a data processer. To demonstrate its adequacy with the Principles, Envestnet | Yodlee also obtains Accountability Agent certification of its privacy data handling programs under the APEC CBPR System.