Yodlee Security


Envestnet | Yodlee adheres to leading financial industry practices for security, privacy, risk, and compliance management. As an FFIEC supervised Technology Service Provider, Envestnet | Yodlee follows the security and risk management standards required to engage with consumers and their financial data. We are also supervised and examined by the OCC and all major banking regulators, and we have undergone nearly 200 audits by financial institutions over a recent 24 month period. Envestnet | Yodlee is committed to its security infrastructure in the industry.

Envestnet | Yodlee has been a leading provider of cloud-based financial technology services to global financial institutions and innovators for almost two decades. Our risk programs meet not only their expectations, but also some of the most stringent security, privacy and compliance standards in the world.

Information Security

Yodlee’s Security Office focuses on three main areas of security:

  • Information Security
  • Network Security
  • Application Security

The team manages a comprehensive program of risk-driven policies and procedures to maximize the Information Security Program (ISP), including guidelines and frequent audits. The ISP covers all aspects of the Production, Development, Staging, and Corporate environments as well as vendor relations, BCP, and personnel management.

Risk Management

Yodlee prioritizes its comprehensive risk management program designed to intelligently focus resources and efforts to minimize security risk profiles. The process consists of formal risk assessments at the organizational and product level. In addition, risk management is incorporated into all facets of our processes, including integration with application development, data center operations, and internal security processes.

Disaster Recovery

Yodlee has formal DR programs for our internal services and our clients’ applications. Our approach requires regular tests of our internal DR and annual testing with clients of their DR option. Our client DR options include contracted RPO and RTO designed to map with our client’s requirements.

Best Practices

Yodlee follows industry best practice guidelines in the design and implementation of our network security environment. We use zones to separate our Production, Staging, Development, Corporate, and specialty networks from each other with access control devices between each zone. We further segment networks within each zone in order to apply granular security and audit controls appropriate to each function. Other key controls include:

  • Central bastion hosts
  • Multi-factor authentication
  • Resilient and redundant infrastructure
  • Data encryption
  • Centralized Security Incident and Event Management (SIEM)

Skyhigh Enterprise-Ready

Skyhigh Networks performs objective and thorough evaluations of the enterprise-readiness of cloud service based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA). Services designated as Skyhigh Enterprise-Ready are the services receiving the highest CloudTrust™ Ratings, which fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.

Yodlee’s Compliance with Banking Standards

Yodlee is examined under the FFIEC Supervision of Technology Service Providers guidance. We receive a multi-agency examination, with the OCC taking the lead. For US-based financial institutions, our Report of Examination (RoE) is available from your regulator. On July 10, 2012, the FFIEC issued an information-only document on Outsourced Cloud Computing. They state this type of deployment is subject to the same risk considerations and oversight requirements as more traditional outsourcing arrangements.

As the leading provider of personal finance management applications, a pioneer in bringing SaaS applications to the financial industry and an FFIEC supervised Technology Service Provider, Yodlee has been addressing the questions and concerns of outsourced cloud computing for over a decade. We are very pleased that the FFIEC has provided their opinion to help guide institutions as they work to evolve their service provider oversight programs to allow them to capitalize on the benefits of cloud-based services while maintaining their risk posture and adhering to their compliance obligations. More about this process can be found here.

Why Yodlee


companies from
global 500 companies
to start-ups

70%Structured Data Feeds

which represent formal business relationships with the largest financial institutions.


of consumers
around the world


issued U.S. patents
make our technology
platform unique

Please provide a few details

Fill out the form below and we'll call you within 48 hours.