Financial adviser firms will be well aware that May 25 2018 was somewhat of a watershed day for their industry.
That was the enforcement date of the EU’s General Data Protection Regulation (GDPR), meaning firms can now be fined up to 4 per cent of their annual turnover for data breaches, depending on the severity.
Most adviser firms are still having to use Excel, or similar desktop tools, to properly monitor their client portfolios in their entirety. This has the potential to cause considerable issues for those firms allocating increasing amounts of client funds to unlisted assets and, more specifically, tax-efficient investments, such as enterprise investment schemes (EIS), venture capital trusts (VCTs) and inheritance tax (IHT) products.
Due to the mainly paper-based and relatively inconsistent distribution of investment reports from these product providers, advisers find themselves at risk when using these incumbent tools.
Advisers using legacy spreadsheets, which are unreliable and extremely insecure, could easily find themselves in breach of GDPR. They are also confronted with the problem that their existing back office systems do not easily support the efficient monitoring and updating of clients’ tax-efficient investment portfolios.
GDPR has outlined key requirements, including transparent, accurate and up-to-date processing, as well as the confidentiality and security of data.
There is no shortage of stories about how close to 90 per cent of all Excel spreadsheets contain serious errors.
Just like any other file, these spreadsheets are also prone to corruption, “fat finger” user error or simple unintentional deletion.
Specifically, advisers that rely on Excel and similar tools to manage client assets are at serious risk of running afoul of GDPR for the following reasons:
- Providing access to data in a timely manner can be unreasonably difficult through spreadsheets;
- Data is often duplicated in Excel, which can cause inaccurate (and untraceable) data due to human error;
- Version control is put at risk because of spreadsheets stored in different locations such as company servers and personal devices. This also increases the risk of a data breach, either through accidental loss or the intentional manipulation of data.
New compliant tools
Technological advances in software and data storage, however, can provide adviser firms with the solution to avoid the ominous fines of the GDPR.
New platforms have been developed by providers offering the following benefits:
- Enterprise-grade data storage and back-up. All data should ideally be hosted on a secure cloud services platform, offering computing power, database storage, content delivery and other functionality. Data should also be encrypted using bank-level encryption and backed-up daily;
- All activity on the platform should be automatically logged, ensuring non-repudiation and full accountability;
- Platforms should be set up to be “permissions-based”, so that only users with the appropriate level of permission can access and make changes to stored customer data.
Secure your data, and your business
Because legacy spreadsheets do not meet most GDPR requirements, the financial adviser firms that do rely on them are exposed to significant regulatory and reputational risk.
As the operating environment for adviser firms continues to be reshaped by changing regulation, technological advances and evolving customer expectations, there is now an opportunity for forward-looking firms to embrace technology, thereby improving their clients’ overall experience and, ultimately, the security of their business.
Charles Owen is founder of CoInvestor