Wells Fargo, Envestnet Yodlee sign data-sharing agreement

Dive Brief:

Wells Fargo announced Thursday it has signed a data exchange agreement with fintech Envestnet Yodlee.
Over the past several years, banks have looked to pivot away from screen scraping, a practice that allows aggregators to take bank customers' user names and passwords, log in on their behalf, and copy and paste their account information into a third party's software. With the Yodlee deal, 99% of Wells Fargo’s third-party financial app screen scraping will be transitioning to application programming interface (API)-based access.
Neither Wells Fargo nor Yodlee would disclose terms of the deal. The San Francisco-based lender now has agreements with 17 data aggregators, American Banker reported. They include Plaid and Finicity, both of which were bought by major credit-card networks this year.

Dive Insight:

Wells Fargo said the Yodlee deal will give customers greater control and transparency over which data they choose to share and with whom. Customers can allow or revoke third-party access to account information through the bank’s Control Tower app, which also lets them manage subscriptions and recurring payments and turn on or off their mobile wallets and debit or credit cards.

“With the onset of the pandemic, and with customers experiencing unexpected financial stress, the recurring payments controls have proven to be a powerful component of Control Tower that has resonated now more than ever,” Ben Soccorsy told American Banker. “That speaks to the notion that we want to provide transparency and control for our customers, not just on the recurring payments and subscriptions, but also on the data sharing.”

Yodlee has signed agreements with other banks, including JPMorgan Chase, Bank of America and Citi.

“None of the agreements are exactly the same, but they all have alignment around the key principles: moving from screen scraping to an API, moving from requiring the customer to entrust their online banking credentials to us, to an Oauth-based, redirected flow,” Brian Costello, vice president of data strategy at Envestnet Yodlee, told American Banker. “These bilateral agreements are ensuring that there's a minimum standard of customer protection, which is absolutely fantastic for the industry.” Oauth authentication uses tokens rather than password data to prove identity between consumers and service providers.

Wells Fargo said it would begin launching its experience with Yodlee to select customers this year.

Envestnet came under fire this year when Sens. Ron Wyden, D-Ore., and Sherrod Brown, D-Ohio, and Rep. Anna Eshoo, D-Calif., urged the Federal Trade Commission in a January letter to investigate whether the company’s sale of customer data to third parties violates the FTC Act’s guidance on unfair and deceptive practices.

“Envestnet does not inform consumers that it is collecting and selling their personal financial data. Instead, Envestnet only asks its partners, such as banks, to disclose this information to consumers in their terms and conditions or privacy policy,” the lawmakers wrote. “Envestnet should not put the burden on consumers to locate a notice buried in small print … then find a way to opt out — if that is even possible — in order [to] protect their privacy.”