Has a solution to wealth managers’ email cybercrime fears been found?
By Tristan Blythe, Group Editor
Read the article online at thewealthnet
Cybersecurity has been front page news recently, thanks to the hacking of Sony Pictures Entertainment.
The hack meant many private emails from executives at the firm were made public. This highlighted the need for organisations and individuals to take the issue seriously and demonstrated the vulnerability of email.
This is an area that wealth managers should be aware of. In 2013 Kroll, an investigations firm, warned cybercriminals were targeting advisers to the wealthy and their email in particular (see thewealthnet 17/12/2013). UK trade body the Wealth Management Association is in the process of creating an information document to educate and advise its member firms on the area of cybercrime. While C Hoare & Co said last year that around three of its clients have their emails hacked on average each week (see thewealthnet 14/03/2014).
Outside of the UK, one Hong Kong firm has been fined after it transferred client funds based on email instructions which were fraudulent (see thewealthnet 30/07/2014). The Hong Kong Securities and Futures Commission (SFC) reprimanded A One Investment Company Limited (A One) and fined it $1.2 million for “internal control failures relating to the unauthorised sales of client securities and the unauthorized transfers of more than $7 million in client funds held by A One to third party accounts”. The sales and transfers were carried out following email instructions that the client had previously used to contact A One. However, the client denied that the instructions were given by him and claimed that his email account had been compromised.
These dangers have led many wealth managers and private banks to turn away from email as a method of communication with clients, according to Douglas Orr, founder and chief executive of Novastone, a specialist wealth management focused IT communications firm. In extreme cases some firms have even banned advisers using email to talk to clients completely, he told thewealthnet.
This adds to the firm’s costs as phone calls have to be made to contact clients either instead of an email or to confirm instruction given via email. It simultaneously slows down the process and therefore impacts client satisfaction levels, he explained.
The reaction is understandable given the implications if a wealth manager were to fall to victim to cyber fraud, however it is far from ideal.
However, Mr Orr believes that Novastone’s new product, WealthChat, will give firms a way to communicate electronically with clients – but without fear of being hacked.
WealthChat is an electronic chat service which enables wealth managers to communicate in real time with clients. Mr Orr said it has been checked by third party security experts to test its security.
The service, which is white labelled so it appears to the client under their wealth manager or private bank’s branding, is initially available for Apple devices and via a secure log in on firm’s computers. It is also designed to exist alongside a firm’s current IT infrastructure and communicate with their CRM systems.
It automatically logs conversations to meet the regulatory requirement of recording communications with clients.
Beyond the security concerns, Mr Orr said it will bring other benefits to wealth managers. It allows advisers to bring other professionals from the firm into conversations, for example an expert in a particular asset class. Unlike emails where it is easy for the client to respond directly to the additional adviser, the lead adviser keeps control of the conversation.
If the adviser leaves the firm, then all the “chat” with a client remains at the firm and if used properly could help tie the client to the firm – rather than follow their personal relationship with the departing adviser, he added.
Novastone is currently launching the product and is consulting with firms and organisations, including the FCA, as to how best to develop the product and address the ongoing concerns over cyber security and meeting regulatory requirements.
Although still early days, the team are in contact with a number of UK- based wealth managers and private banks about adopting the new product. They believe the product has potential outside of the UK too.
Mr Orr added that the product was designed solely for the wealth management sector, but could have wider application in other sectors dealing with confidential data. He said that the product was built with a good understanding of the wealth management sector. Mr Orr himself is a long term client of the sector, while his colleagues Andrew Hodson, director, and Peter Reading, chief technology officer, are both former employees of Barclays Wealth and Investment Management.