Financial Services commentator Ian McKenna
Post
3 min read

Ian McKenna: The Provider-Adviser Tussle Over Cyber Security

Posted by Picture of Ian McKenna Ian McKenna

Advisers need to up their game on data security- and providers should not obstruct them from doing so. The chance for change may arrive none too soon, with around half of the FCA’s 2019/20 business plan being focused on technology, with a particular focus on cyber security, thus opening the door for inevitable and much needed new regulatory requirements. Inevitably, there will be a review of previous guidance to be sure it is being acted on. This could be an enormous problem for the pensions and financial advice markets.

As far back as 2008, the then FSA published its Data Security in Financial Services report. This gave valuable guidance into both digital and physical security. In March 2019, the FCA published its own research paper, Cyber Security – Industry Insights. Both documents are essential reading for any advice business.

The 2008 report was clear: if a regulated business suffered a data breach, they would expect the firm to take action to protect customers against any future loss. Back then, the FSA identified that the average cost of rectifying a data breach was £55 for each customer record. The same report highlighted that the regulator did not consider webmail such as Hotmail, Yahoo and Gmail suitably secure for client communications. Despite this, in my experience around one in five IFA firms still use such services for their standard email.

At the recent Empowering Advice Through Technology conference in London, a poll of delegates found that only 13% of firms sent all client communication as encrypted, while another 25% only sent client communications via a secure client portal. A significant 62% of delegates admitted that their firms did neither. Given the audience was adviser firms specifically interested in getting the best out of technology, I suspect this overstates the situation on the ground.

During last month’s Technology Tools for Today conference in San Diego, US fintech gurus Joel Bruckenstein and Bob Veres shared their own recent research that showed only 7% of US advisers have ever engaged with an external cybersecurity expert. I suspect this would be a more accurate view of the UK too.

I have long been concerned about the extent of this issue but have mostly remained mute on the subject because there has not been a viable industry solution readily available to fix the problem. This is no longer the case.

At Empowering Advice Through Technology, Origo and Beyond Encryption, the specialist email security business established by industry stalwart Paul Holland (who was the original driving force behind the Webline protection system) announced a new joint-venture, Unipass Mailock.

Unipass Mailock is available free of charge to IFAs to encrypt their communications with life offices, pension providers and platforms, and for an additional £8.50 per adviser employee per month, this can be extended to all client communications. The system won a coveted ‘best in show’ award, voted for by advisers and wealth managers at the event.

It is only fair to point out that this is not the only solution in the market. Filehaven, Secure the File and Qwil have all built solutions designed to address similar issues, with comparative analysis of each of these and other generic solutions already being undertaken.

What differentiates Unipass Mailock is that 45,000 advisers and their support staff already have Unipass IDs that can be upgraded to adopt the new system free of charge for their communications with insurers, pension providers and platforms.

Worryingly, I am hearing that there are some pension providers and platforms that are refusing to accept any encrypted communication from advisers. This is putting both advisory firms and their clients at considerable risk and is totally unacceptable behaviour.

It is not a stretch to think that both the FCA and the ICO would take a very dim view of this. The companies involved should be thinking long and hard about the liabilities and fines they might be exposing themselves to as a result.

Unipass Mailock on its own will not address all cyber security issues within an adviser firm but offers strong outbound security for email communication with providers.

Return to listing