PlatformJan 24 2019

How to select a technology provider

twitter-iconfacebook-iconlinkedin-iconmail-iconprint-icon
Search supported by
How to select a technology provider

Selecting a technology provider may seem like a daunting task for an advisory firm but the process does not have to be onerous.

“Key to selecting a technology provider is to understand what you actually need it to do,” says Scott Gallacher, chartered financial planner at Rowley Turton. “All too often are we presented with snazzy technological solutions that don’t actually do what we, or advisers, would want them to do.”

In other words, suggests Tony Bray, head of business development at threesixty services, they should be carrying out the same process they would for any other significant change to their business.

He says advisers should be asking the following questions: 

  • What services do their clients need? And how do they want them delivered? 
  • How does the technology add to the client experience? 
  • How must it be delivered from a regulatory perspective? 
  • What’s available in the marketplace to assist with that? Is it of value? 
  • How can the firm exit the technology? 
  • Is the supplier committed, and do they run a sustainable business model?

High standards

For Steve Bryan, director of distribution and marketing at The Exeter, the key considerations for adviser firms looking to outsource to a technology provider should be around security and data protection.

There have been many high-profile examples recently of when security and data protection goes wrong. 

TSB suffered issues with its online banking services in April 2018, which saw nearly two million customers locked out, as it began to move customer data from Lloyds Banking Group to its new owner.

The IT debacle, which was well documented on social media and in the news, resulted in chief executive Paul Pester stepping down.

“Advisers should ensure their chosen provider has the correct standards in place and that they are up-to-date,” Mr Bryan notes. 

“Ideally, technology providers should be ISO 270001 certified – the international standard that defines the requirements for managing information risks, such as cyber-attacks, hacks, data leaks or theft.”

He adds: “They should also be part of the government-backed ‘Cyber Essentials’ scheme, which identifies the fundamental technical security controls that an organisation needs to have in place to help defend against internet-borne threats. As a provider, we ourselves are both ISO270001 and Cyber Essentials Plus certified, because the protection of our members’ data is incredibly important to us.”

Conor Murphy, chief executive of Smartr365, recommends: “Before selecting a technology provider, there are some key points that advisers should consider. 

“It’s always a good idea to check for positive user feedback, for example, and to create a functionality checklist to determine what advisers really need versus what sounds good on paper. Advisers should also take some time to judge the size, scale, and credibility of any providers on their shortlist.”

A due diligence questionnaire may help firms to ensure they are covering off the most important areas before making a financial commitment and investing in new technology.

Ray McCarthy, head of distribution at AIR Sourcing, says he has received many due diligence questionnaires from large networks and adviser firms considering endorsing their software.

He adds: “While smaller firms need not replicate what is often equivalent to war and peace, their due diligence questionnaires usually look at eight main areas which you can adopt in considering technology for your business, whatever its size.” 

Those areas are:

  1. Compatibility – In simple terms, will the technology do what you want it to do? For smaller firms, consider how many current users there are. Do you know anyone that uses it and how do they find it? This is the most important area of due diligence; you do not just want it to do what you need it to do, but do it well. If the software is providing you with information, is that information complete and can you rely on it being up-to-date and accurate?
  2. Compliance – Does the software comply with any necessary law and regulations stipulated by your principal or network?
  3. Information Security – How is your data, including that of your clients, stored? Is access to your account password protected and is the data itself encrypted and secure to the highest possible standard?
  4. Data protection – What is your data and that of your clients used for? Will it be shared with anyone else and, if so, for what purpose? How long is data stored for and is it retrievable if you need to obtain records in the future?
  5. Continuance of service – In plain English, how likely is it that the system will go down? Has it gone down before, and if so, how often? This will give you an indication of likely downtime in the future.
  6. Risk management – What procedures are in place if things go wrong? How long can you expect to wait if you cannot access the software?
  7. Cyber security – How secure is the technology against malicious intent by hackers or those who could benefit from accessing your data? Often technology providers protect against this by using third-party experts to conduct something called ‘penetration testing’ to establish whether it is possible to obtain data maliciously.
  8. Legal – Finally, are you protected if a failure of the technology results in financial loss for you? For example, is public liability insurance in place?

Safety in numbers

With so many adviser firms using the same providers to meet their technology requirements, does this mean there is a possibility of concentration risk? 

Mr Murphy does not think so: “Some advisers may worry about using the same technology providers as everyone else, but the benefits outweigh the risks. 

“After all, most advisers would probably prefer a solution that is widely adopted and attainable in the sector, since there is safety in numbers.”

As Niral Parekh, head of retail wealth and asset management at Capco, acknowledges: “The concentration risk arises mostly when advisers are overly reliant on automated advice from an engine without applying a fit test, and getting their paraplanners and independent file checkers to continuously monitor the outcome. 

“Generally, the client money and assets are well segregated which is important in an event of a disaster. For firms, ensuring these procedures are robust is of paramount importance during due diligence and on an ongoing basis.”

Terry Huddart, head of proposition at the lang cat, observes: “In terms of how to select providers and manage the back-end digital ecosystem, I am seeing a growing desire for using independent components. 

“The natural centre for everything is the back office, with planning and fund research software plugged into it, and platforms and other providers used for products (investments and wrappers), custody and implementing portfolio management.”

He says: “Advisers are increasingly looking for the platform to do the basics well, such as custody, products and portfolio management, and then plug independent software in (with as much connection as possible to the back office) for everything else.”

eleanor.duncan@ft.com