One other significant concern. If the bank is actively involved in providing third-party access, there could be an implication (or at least an assumption by the deposit customer) that the bank has vetted the third party, even though it's the customer's request to permit the access. You really don't want to be responsible for ensuring that the third party is honest, secure in its other internet dealings, etc., etc., etc.
John S. Burnett
Fighting for Compliance since 1976
Bankers' Threads User #8