This article describes financial account aggregation and explores potential financial risks to the consumer and account holding financial institutions from aggregation. The current state of the law and contractual relationships relevant to such risks are analyzed. These risks include, theoretically, an increase in the incidence of unauthorized transactions due to the concentration of information (including consumer user/IDs and passwords) and losses to the consumer as a result of reliance upon bad or old account data. ; The following conclusions are reached under the law as it is today: (1) parties other than the consumer appear to bear the ultimate liability for financial losses in most situations where an unauthorized transaction occurs (whether or not the consumer has signed up for an aggregation service), and (2) parties other than the account holding financial institution appear to bear the ultimate responsibility for financial losses resulting from unauthorized transactions in a number of situations. With respect to losses resulting from reliance upon bad account data, it is suggested that this has not been much of a practical problem to date; however, if it does become problematic, the consumer will probably have a more difficult time shifting losses to either the account holding financial institution or another party. ; The Article evaluates whether the currently existing laws and regulations are adequate to protect consumers and concludes that additional regulation is not needed at this time, given both the absence of any significant dollar clearly losses clearly tied to aggregation and the relatively small number of consumers using aggregation. It suggests that existing laws and regulations may be sufficient to protect the consumer and that new laws and regulations should not be added until it has been demonstrated that existing ones are not adequate to handle problems with aggregation services. It points out that where theoretical problems are "solved" by new legislation/regulations before problems actually develop, the solutions may be unnecessary or result in unanticipated negative consequences. It recommends that regulators continue to monitor business practices and developments in connection with the aggregation product and take regulatory action if the need arises.