What Is IntraLinks & Is It Safe? What Businesses Need To Know About Bank Of America’s Loan Servicing Partner
Bank of America is one of the largest and most omnipresent lending institutions in the country, so it’s no surprise that many small businesses seeking relief through the Paycheck Protection Program (PPP) during the COVID-19 crisis are applying through the bank. Applicants expecting to only have to deal with Bank of America infrastructure are, however, running into unfamiliar software provided by one of its partners, IntraLinks.
Note, at this time the PPP is currently suspended due to a lack of appropriations. It’s not yet clear whether Congress will approve additional rounds of funding for the program.
Table of Contents
What Is IntraLinks?
IntraLinks is a publically traded tech company based out of New York City. Founded in 1996 by John Muldoon and Mark Adams and later acquired by TA Associates, the company specializes in creating software for the financial industry, as well as Virtual Data Rooms (VDR). VDR are online databases companies can use to store and share confidential information, typically during a financial transaction. IntraLinks customers include Goldman Sachs, Starbucks, General Mills, Whole Foods, and L’Oreal.
In the context of Bank of America’s PPP applications, they are repurposing those VDR tools to allow customers to remotely submit their documents and pertinent information. Bank of America claims this will expedite the application process and allow the bank to more quickly submit the information to the Small Business Administration (SBA) for approval.
Is IntraLinks Safe?
If it isn’t, they aren’t doing their job very well. There’s always some justifiable skepticism when a third party is brought into a transaction that involves sensitive information. That said, IntraLinks’s bread and butter is providing secure infrastructure for the exchange of sensitive information. Bank of America’s application of that technology falls well within that umbrella.
IntraLinks is certified under the EU-US Privacy Shield. Participating organizations are considered to provide “adequate” protection for the transfer of data outside the European Union under the EU Data Protection Directive. U.S. organizations that are subject to the jurisdiction of the Federal Trade Commission may also participate. The guidelines of the EU Data Protection Directive are as follows:
- Notice—data subjects should be given notice when their data is being collected;
- Purpose—data should only be used for the purpose stated and not for any other purposes;
- Consent—data should not be disclosed without the data subject’s consent;
- Security—collected data should be kept secure from any potential abuses;
- Disclosure—data subjects should be informed as to who is collecting their data;
- Access—data subjects should be allowed to access their data and make corrections to any inaccurate data
- Accountability—data subjects should have a method available to them to hold data collectors accountable for not following the above principles
Additional security certifications include:
- ISO/IEC 27001:2013
- SOC 1; SOC 2; SOC 3 (formerly SSAE 16 / ISAE 3402)
- SOC 2 Type II (formerly SAS 70 Type II)
- ISO/IEC 20000-1
- ISO 9001
- ISO 27017 & ISO 27001
IntraLinks also touts its trademarked “Distribute Content Nodes.” It’s a fancy way of saying IntraLink lets customers–in this case Bank of America–determine what geographic regions the information will ultimately be stored in, and from where processing functions like encryption and indexing will be run. So, for example, if a company doesn’t want information stored outside the United States, they could ask IntraLinks to keep it within the borders. Additionally, IntraLinks offers customer management encryption keys that control access to sensitive documents.
User reviews of IntraLinks VDRs are mixed. Generally speaking, users are pleased with the features and security the software offers. Most of the negative comments tend to be about the cost of the service and its learning curve. The company is not accredited with the BBB, although the watchdog group does rate it an A- due to failure to respond to one registered customer complaint. That particular customer complained about the company “refusing to cease email communications to an employee who is no longer with our company.”
So is it safe?
Nothing is 100% secure, but if you’re comfortable giving a bank like Bank of America your information online in the first place, you shouldn’t be too worried about IntraLinks.
Tips For Using IntraLinks Platform
While safety shouldn’t be a major concern, usability may be another matter. IntraLinks is generally designed for corporate acquisitions and proprietary information-sharing. In other words, it would normally be overkill for a loan application. It’s complicated enough that Bank of America provided a downloadable walkthrough for how to use it to complete your PPP application.
The best advice I can give, other than “follow the instructions in the guide” is to ignore most of the program. Everything that you need to do to complete your application will be done under the DOCUMENTS heading. Make sure to keep that tab highlighted whenever you’re interacting with IntraLinks.
Initially, you’ll pull all the instructions you need out of the Instructions folder and download them via a ZIP file. After you’ve gathered the ones you need, you’ll drag them into white space underneath the Instructions folder. Each time you add a file, you’ll be confronted with a pop-up window to confirm your upload. All you need to do is click upload.
On the bright side, if something goes wrong, you can expect to be contacted by Bank of America.
Final Thoughts On IntraLinks
Unusual events like the COVID-19 crisis test the infrastructure of many institutions as well as subject their clients to unfamiliar processes. For many PPP applicants, this will be the first time they’ve encountered a program like IntraLinks. That said, there’s no reason to fear this particular one.
Need more help navigating the coronavirus crisis? Check out our COVID-19 small business resources.