How Advisors Can Protect and Securely Share Client Data

Clients must trust their financial advisor for the advisor/client relationship to work. If you’re an advisor, that means handling your clients’ money responsibly, but in this day and age, it also means protecting your clients’ data. The problem is that keeping clients’ data secure isn’t always easy, and best practices are always evolving. Here’s how you can stay up to date on the best ways to protect and securely share data with clients.

What Data Must Advisors Protect?

Before we talk about protecting client data, we first need to take a step back and discuss what sort of data requires protection. Personally Identifiable Information (PII) is information, either sensitive or non-sensitive, that either on its own or in combination with other information, can be used to identify an individual. Social security numbers, driver’s licenses, and financial information are all examples of sensitive PII. Other types of PII are non-sensitive, but when used in conjunction with other data could also identify an individual. Date of birth, zip code, and place of birth are all examples of non-sensitive PII. Ideally, advisors will protect all PII, but sensitive PII is especially important to protect and should only ever be shared securely.

 

Sharing Files Securely

The nature of the financial advisory business requires the sharing of much PII and other sensitive information. Therefore, one of the hardest parts of protecting client data is figuring out how to send and receive data to and from clients. To make clients more amenable to any additional steps imposed by your cybersecurity policy, instead of framing cybersecurity as a regulatory requirement or a hassle, frame it as another aspect of your excellent customer service – something you want to go above and beyond on because you value securing the data of your clients.

End-to-End Encryption

One of the most common ways to protect data is through encryption. To send and receive sensitive information, you need encryption on both ends, which is called end-to-end encryption. This method of sharing data works so well because only the sender and receiver can decrypt the shared information and therefore are the only ones who can view the contents. While end-to-end encryption is a great option, it’s largest drawback has typically been that implementation is required on both ends, meaning that to share information with a client, that client must sign up for the encryption service. While not terribly difficult, this process may prove time consuming for the client.

Presults offers an innovative approach to this obstacle by utilizing a combination of auto-expiring pages and one-time verification codes that don’t require client registration.

Cloud Storage

Another option for sharing information with clients securely is through cloud storage. The point of storing documents on the cloud is to keep those documents from being stored on your computer’s hard drive (which is typically more vulnerable). The benefits of cloud storage extend beyond more securely sharing and protecting data. When documents are stored on the cloud you can access them from any device with an internet connection, which allows for easier collaboration on documents and eliminates the risk of losing documents if a specific computer is damaged, lost, or stolen.

Client Portal

The final option for securely sharing sensitive data with clients is a client portal. A client portal is a centralized, secure area where clients can login to view communications, reports, invoices, contracts, etc. A client portal is a great option from a customer service perspective since the burden on clients is minimal. The only downside is that not all portals allow for two-way communication, though some do. If you value two-way communication, you’ll therefore want to find an option that includes this offering.

Train Employees on Client Privacy

According to a report by the Financial Planning Association’s Research and Practice Institute, 44% of advisors say they don’t understand the risks and issues of cybersecurity. This is especially concerning considering that while 48% of data breaches were due to malicious or criminal attacks, a full 27% of data breaches were due to human error. Proper training is therefore necessary both to decrease the risk of human error, and to make it harder for hackers to take advantage of weaknesses in your cybersecurity. While education obviously can’t eliminate human error, it can help decrease the chances of it.

The proper training for you and your employees will depend on the various roles of those in the firm. Mandatory training should be required for everyone, which goes over the firm’s procedures for protecting client data. The reason why these procedures are necessary should also be included in the training. How do your procedures help limit the chances of a data breach? What would a data breach mean for the company? What would a data breach mean for the information and assets of clients?

Create a Plan for a Data Breach

No matter what precautions you implement or how well you educate your team, a data breach is still possible, which is why every firm should create a data breach emergency plan. Every plan will be unique, but should include the following:
• Data recovery procedures
• How you will notify clients of the breach
• Procedures for compensating clients impacted by the breach.

For a more personalized plan, work with your IT team or IT consultant. The more quickly you can react to a data breach, the better, both for your firm and for your clients. Becoming aware of the breach quickly, notifying clients immediately, and communicating exactly how you will handle the data breach can help maintain clients’ trust in you and your firm.

Another option that may be worth considering is cybersecurity insurance. Depending on the specific plan, this type of insurance could help you cover costs related to data recovery and compensating clients.

The Takeaway

Advisors have a duty to their clients, and that includes doing their best to protect client data. Presults takes protecting client data seriously, which is why its unique software flags emails containing PII and keeps them from being sent out. Unlike most other email archiving systems on the market, which only notify you after PII has been sent out, Presults gives you the ability to proactively protect the valuable data of your clients.

Social Media Archiving for RIA's

How AI is Changing Compliance for Financial Advisors

AI impact on compliance

In today’s digital world, banks and financial institutions must work harder than ever to protect the assets of clients. Since the 2008 financial crisis, regulatory change increased 500% and these changes have translated to increased spending of up to 60% on compliance. While modern technology makes it easier for bad actors to commit financial crimes, the good news is that banks and other financial institutions can also use technology to improve their financial programs.

What is AI and Machine Learning?

Artificial intelligence (AI) is technology that can replicate human-like behavior, such as learning, planning, and problem solving. Machine learning is a subset of AI, which takes data (typically massive amounts) and sorts through it to find patterns. Over time, machine learning becomes better and better at what it does (hence the “learning”).

AI and specifically machine learning, is becoming more common across many industries, and finance is no exception.

Across the industry, AI technology is being used to:
• Improve data management
• Reduce human error
• Minimize false positives
• Prevent fraud and money laundering

Improved Data Management

No matter which sector of the financial industry you work in, it’s almost guaranteed that you’re managing massive amounts of data. When you implement AI technology you bring all that data together. Patterns that previously may have been almost impossible to see now become clear.

Bringing together all your data and using AI technology to sort through it can show where people or processes struggle, but even more importantly it can help businesses understand why they’re struggling. The ability to add context to human data is the difference between a series of data points and behavioral data that can help you improve processes. For example, knowing that something comes up in a disclosure report is helpful, but highlighting common denominators appearing consistently in disclosure reports tells you far more.

The use of behavioral data is already common, but it’s implementation will likely only increase in the coming years. No matter the size of your organization, whether you’re looking for technology to improve operations, email archiving, or compliance, considering AI offerings that improve data management can help your organization save time and money.

 

Reducing Human Error

Human error costs regulated industries billions annually. Due to its complex and highly regulated nature, asset management is especially susceptible to issues of human error (and these errors can often be quite costly). While eliminating human error completely is impossible, increased use of machine learning and AI can help minimize it.

Compliance officers working in finance are required to handle massive amounts of data relating to everything from transactions to company operations. The amount of data is more than any human could review on their own, which is why capable technology is so necessary. While more data typically increases the chance of a human making a mistake, it generally decreases the chances of machine learning technology making a mistake, since the more data the technology has, the more it can “learn” and the better it can become.

Minimize False Positives

Arguably one of the most time-consuming aspects of compliance is addressing false positives. With rule-based alert systems the rate of false positives can be incredibly high since the system applies a rule across all situations and cannot take into account different circumstances or contexts.

Any time an alert is raised, a compliance officer must personally review it. False positives are therefore a waste of resources since the time and energy of the compliance officer must be redirected from other tasks to address the alert. Additionally, bringing in a compliance officer when not necessary opens the situation up to human error, which as discussed previously, is a major concern in regulated industries such as finance.

An excellent example of machine learning compliance in action is email review. A rule-based alert system will search outgoing emails for specific keywords and will typically flag many false positives, which a compliance officer must then review. In contrast, an AI-based technology can learn as it goes and over time will raise fewer false red flags.

Prevent Fraud and Money Laundering 

Since machine learning can identify data points as unusual in different scenarios, as opposed to applying the same criteria across the board, it’s ideal for identifying fraud and money laundering activities. For example, credit card companies often notify cardholders when fraudulent activity is suspected on their card. If you have a credit card, you can probably attest to how much this fraud prevention technology has improved in recent years, with higher accuracy in identifying fraudulent activity. This increased accuracy is thanks in large part to machine learning technology since the more the technology can become familiar with patterns the better it can detect anomalies.

Technology that learns as it goes is especially necessary when it comes to fraud and money laundering, since those attempting to commit fraud or launder money are constantly adapting their tactics in response to new regulations. For example, anti-money-laundering (AML) policies require that transactions greater than $10,000 to sanctioned countries must be reported and analyzed. Many money launderers have become aware of this rule, and in order to avoid detection often keep transactions right below this $10,000 mark. Machine learning technology can learn and update its search criteria in response to this change. Instead of searching for transactions over a certain amount it can use multiple screening tools to stay ahead of money launderers and flag potentially fraudulent transactions, even if they fall below the $10,000 mark.

The Takeaway

AI and machine learning is becoming the norm in the industry and it’s not just the major players who can take advantage of its benefits.  Organizations of any size can find technological resources to improve their compliance program. One such option is Presults, which offers AI-powered email archiving and compliance software to help improve the efficiency of your compliance program.