Using A Password Manager For Account Aggregation

Sunday, December 19, 2010 20:40
edit
Using A Password Manager For Account Aggregation

Financial advisors may want to consider using a password manager to help with aggregation of client accounts.

This Website Is For Financial Professionals Only


Account aggregation enables an advisor to view all of a client’s assets on one screen, including held-away assets. Well-known account aggregation apps include ByAllAccounts, Advisor Exchange, and CashEdge.


Aggregating a client’s accounts in one of these apps opens the possibility of managing assets now held away from your firm. For instance, if a client has a company 401(k), you could track its growth—even though you don’t manage those assets. It gives you data crucial in assessing the client’s retirement plan.
 

Since many wealthy clients tend to have assets scattered or insist on working with more than one advisor, using an account aggregation app to see assets managed by others is good for the client and may be good for you, too.
 

Your client gets you to keep an eye on other advisors, and a little competition keeps you on your toes.
 

Moreover, if you help the client aggregate his investment data, it puts you in the position of the trusted advisor. If the other advisor does a poor job, you can suggest a change.
 

Though account aggregation is useful to clients and advisors, adoption remains a big hurdle.
 

Clients must first establish online access to each of their accounts. Then, they must share their user IDs and passwords for each account with you.
 

The logistical problems pose a serious obstacle to implementing account aggregation for clients.
 

But it occurred to me today that a good way to manage these logistics is by utilizing a password manager.
 

There are scads of password managers. I’ve used RoboForm for over 12 years. Another good one is LastPass.
 

These programs not only store passwords but also store an associated URL. So if your click on your Bank of America entry in your password manager, it navigates to the BA website, fills in your password, and logs you in to see your account.

 

Importantly, the passwords are encrypted. You just need to remember one master password in order to gain access to all of the passwords that you save, and you can save hundreds of passwords in a password manager.
 

For advisors, what I am suggesting that you save clients’ passwords in your password manager.


You could create a naming convention to store each client’s passwords in your password manager. For instance, you might save an entry in your password manager for “Smith-John & Vicki - IRA,” which would store the user ID and password for John and Vicki Smith’s IRA at a brokerage. When you click on that entry of your password manager, it will log you into the account holding the Smith’s IRA.
While some account aggregation apps include workflow and dashboards for getting clients signed up, advisors have reported mixed results using these tools.
 

Using the password manager to store the data might be a lot easier. You can log into the account while you’re with the client. That avoids painstakingly walking through with a client the many steps in an account aggregation app’s workflow. Instead, you just save the password and user ID in your password management app. After you get the information needed to log into the client’s accounts, you can go through the workflow in the account aggregation app.
 

What’s especially nice is that, if you ever want to fire the account aggregation service, you’ll have retained all of the passwords. You won’t have to start all over from scratch if you need to change aggregation systems.
 

A word of caution: when you know a client’s sign-on credentials to his investment accounts, you could be held as a fiduciary on those assets—even if they are held away. Generally, if you can trade the assets using the client’s credentials, you should be willing to accept the role as a fiduciary for those assets—even if you don’t manage them. You should speak with a compliance consultant to nail down how you want to handle this issue. Or maybe one of your A4A compliance experts can comment on how they’d like to see advisors handle this issue.

 

What do yo think about using a password manager to create a record of your clients' passwords?

Comments (1)

...
brentb843
Wow - scary idea. Assuming you could get the clients to blindly enter the userid and passwords in such applications, advisors still run a muck in a minefield.

The first scenario would be a client gives you their credentials and you as their advisor logs into their accounts using this information. According to the SEC and states, this advisor has custody of the client's assets and is subjected to report such on their form ADV and have annual surprise CPA audits. There are also net capital requirements generally associated with having custody.

If your clients at your computer put their information into your roboform (if this can be done), you still may have custody. For example, lets assume that one of the held away accounts allows the client to then dispurse money from their account using the password/login you have - because you can direct withdrawals (aside from fees) you have custody.

While most aggregation software providers have some hiccups and user interface issues, the benefit is the ability to never actually be able to conduct business while in the account and sometimes the convience of a single download of all clients assets.

If you do not want to use aggregation, have the client add you as a third party for statement purposes, generally this will provide you to also obtain a 'view only' log-in to their accounts.

If you are a registered rep - don't attempt this unless you are looking to get fired!

BEB
a guest , December 20, 2010

Write comment

You must be logged in to post a comment. Please register if you do not have an account yet.

busy