Assisted Banking Conundrum
Preserving security while allowing 3rd party access
In my world, assisted banking is commonplace. My clients range from busy professionals who have no time to deal with the minutia behind
their financial status, to elders who need protection and help in our increasingly complex, automated world. I am a daily money manager. If you have never heard the term, it’s not surprising. The American Association of Daily Money Managers is a rapidly growing organization of professionals and currently boasts a membership of only about 750 people in the US. AADMM members are held to a high standard of ethics and professionalism. We exist to ease the financial stress and fear that many people experience; to keep an eye on their affairs for their own protection.
In the retail banking industry, protection and security are paramount. Banking software is becoming increasingly sophisticated at identifying just who is accessing an account and inventing new ways to provide security to clients. Therein lies the rub. For technically unsophisticated clients, it can be a nightmare to jump through the hoops to allow a third party to assist them with tasks such as paying bills, accessing statements and reconciling accounts. I have had clients change banks because of the frequent re-verification and lock-out issues. I understand that problems are often browser or user error, but the reality is that frustration can be very high.
As a professional who provides assisted banking, there are some recurring issues I see:
• Account owners must share their user id, password, and password reset information in order for a family member, employee, or professional to help out. This is not a good practice because passwords and security answers are often used across many accounts.
• “Agent” access is permitted by a few banks but is usually too limited to be of use. Just being able to look at an account does not ensure that the bills get paid.
• There is no user accessible audit trail of who did what on the account. Along with multiple users comes the need to prove who did what.
Of course, this is a general assessment and may not apply to every bank. In fact, I would love to hear from banks who have addressed these issues!
I would like to see retail banks be proactive in this regard purely in light of the fact that the number of people over the age of 85 is expected to roughly quadruple over the next 30 years. We are living longer but age-associated cognitive decline is often the companion to our longevity. I believe that a secure team approach is a needed option for personal banking and related billing accounts.
- Allow account owners to set up sub-users on their accounts with grantable access options like
a. full access
c. bill pay but no transfers
d. statement access
e. audit trail review
- Sub-users would have their own passwords and security questions with their own 2-factor authorizations
- Account owner or another set of eyes could see the activity of sub-users via an audit trail
- Sub-users could be required to pass a fiduciary test to be sure they at least understand their role.
I hear too many people say that they have added a son or daughter to their account to provide assisted banking should the need arise. While this is sometimes OK, it can also impact inheritance plans, student financial aid, debt liability, and promote entitlement fraud. It makes more sense in most cases to allow them monitored access to an account rather than ownership.
Obviously, these changes cannot occur overnight and much more thought will have to be put into it. I encourage the banking industry to consider that AADMM is a professional group that is willing to provide insight and work cooperatively for the greater good of mutual clients. Let’s have a conversation!