FINRA recently requested comment on the provision of data aggregation services, supervisory processes concerning the use of artificial intelligence, and the development of a taxonomy-based machine-readable rulebook.
With nearly 20 comments submitted, these topics are clearly top-of-mind issues within the financial services sector. Hearsay provided its insights on data aggregation and AI within the context of electronic communications.
Why these topics?
Hearsay has deep experience in the technology challenges FINRA highlighted with data aggregation, specifically around the best method for 3rd party aggregators to use when collecting data.
FINRA solicited opinions on the methodology third party data aggregators can use to collect data, and its effect on compliance. Since Hearsay had to perform the same cost-benefit analysis when evaluating the efficacy of an API vs scraping strategy while building social media compliance workflows, it’s a topic we know well.. Robert MacCloy, Hearsay’s VP of Engineering explains:
“Social networks, with their balance of public and private sharing, have always been averse to letting companies take out data in an uncontrolled fashion, such as via a screen scraper or in-line proxy technology. In a post-Cambridge Analytica world, this concern has been redoubled. Screen scrapers work unreliably at best, and when they do work, organizations now need to be cautious to respect consumer privacy and meet the expectations and concerns of the general public. Using officially authorized APIs provides a method to get the necessary regulatory data in a way that social networks have signed up to support, and they provide the needed guardrails to keep companies out of hot water.”
What is scraping? a.k.a screen scraping; Consumers provide credentials to their accounts directly to an aggregator. Aggregators have the technical ability to collect any data they deem relevant. Despite contracts with the consumer, aggregators may collect more data than anticipated. Member firms may be held accountable in the case of data breach or mishandling of information, even if they are not the proximate cause.
What are APIs? APIs present a more balanced approach to information sharing. They allow allow member firms and custodians of information to determine the manner and method in which they share information with data aggregators. The potential downside to aggregators (and customers) is that information collected is limited to what has been defined in the API.
What is Hearsay’s POV?
Compliance should be holistic, not tactical. The best way to protect consumers is to examine behavior, not technology.
Hearsay believes FINRA should critically examine the methodology of data aggregation and the potential for data exploitation, as well as play an active role in defining principles and guidance on how member firms can balance the privacy of consumers against regulatory requirements of record keeping, rather than regulating specific technologies.
While FINRA’s Special Notice focused on the potential impact of Personal Financial Management portals (PFMs) and aggregation of financial data (think Intuit Mint, Personal Capital), there are now many more avenues where financial data may be shared, such as electronic communications.
The increasing popularity of messaging apps and texting, for example, has broker-dealers and consumers communicating on a more frequent basis. This increases the likelihood that financial data, including personally identifiable information, will be shared across potentially insecure channels. Because Hearsay deals with the intersection of advisor and client communications, and has seen dramatic growth in both touchpoints and the types of technology, regulating via principles instead of technology is the right way to protect consumers.
FINRA should push principles as the driver of this behavior: “prohibit, prevent and evaluate.”
Applying the principles that balance deterrence with remediation helps create a richer, more complete form of compliance. Aggregated data can “prohibit and prevent” potential consumer fraud by using the complete context of an interaction to determine the nature of the relationship between the broker-dealer and consumer. Aggregated data can also be used to “evaluate” the totality of the broker-dealer contact with a consumer. Although current compliance rules only demand monitoring of individual channels, data aggregation can “stitch” together these channels so that a conversation can be read entirely in context.
Read our full response for an example of “prohibit and prevent”, how data aggregation can provide interesting insights into compliance workflows, and more details on data aggregation for “evaluate.”
Does Hearsay’s POV resonate within the community?
Hearsay’s points of view are shared by other commenters in the financial services industry.
Other commentators echoed Hearsay’s position on approaching compliance from a principles based approach, instead of favoring certain types of technology. For instance, SIFMA is also a proponent of principles-based guidance. SIFMA has long held the position that FINRA should define the ground rules and then allow the marketplace to develop technology, rather than continually reforming laws to react to the current technological landscape. As SIFMA notes in its comment, “Regulation and supervisory practices should be principles-based and technology agnostic to accommodate future innovation without requiring reforms each time a new technology is created.” Page 2 of the SIFMA Response.
FINRA has always taken a principles based approach and dovetails with Hearsay’s compliance roadmap.
The intersection of compliance and technology is an important topic, which Hearsay cares about passionately. Hearsay has been one of the pioneers of developing tailored, specific and effective compliance tools to assist member firms to enforce their communications policies on a variety of different channels. Data aggregation and artificial intelligence is simply the next frontier, which Hearsay has embraced. Hearsay was one of the first companies to offer risk mitigation features within advisor mobile telephony, and now Hearsay is assisting member firms in addressing compliance issues when integrating their technology stack into CRM.
When given the chance, Hearsay takes full advantage of opportunities to communicate with regulatory bodies to influence the conversation and speak on behalf of our customers.
Stay tuned for more thought leadership from Hearsay on this and other compliance issues.