As wealth managers are now forced to work from home, it raises questions about cybersecurity, protection of data and safety of clients' and firms' information. In the second part of a series, author Wendy Spires examines the issues.
Along with being our head of research, Wendy Spires is a Certified GDPR Practitioner who takes a keen interest in all things related to data privacy in wealth management. This is Part 2 of a three-part feature examining the risks surrounding remote working, with specific reference to new communication channels.
It is a sad fact of life that bad actors will always seize on crises as an opportunity, and so it is proving amid the unprecedented disruption stemming from the COVID-19 pandemic. It is undoubtedly good that life can go on in the digital realm, but risk exposure has rocketed for firms dealing in highly sensitive financial and personal information – as wealth managers most certainly are.
As the first part of this feature argued, the depth of knowledge that wealth managers require to advise and service their clients to the highest standards could now present an acute weakness if that data is not sufficiently protected. And, with firms all over the world having been forced into remote working with scant notice, it is easy to see how this could very often be the case.
The notion that cybercrime is an ever-evolving threat has never had greater force behind it. Day by day an ever more alarming picture emerges of vulnerabilities being exploited at both the corporate and individual level. Business policies, technical set-ups and staff training are being tested in the most challenging of circumstances; business continuity planning may well cover an office burning down, but hardly a global pandemic forcing all staff to work from home -- or wherever they found themselves at lockdown -- for an indefinite period. Even with the best will in the world to protect client data privacy, firms could be exposed to regulatory censure, fines and litigation.
No time to catch up
Overarching this issue are, of course, the tools and broader technology architecture wealth managers have in place. The lucky ones will be well advanced in their digitisation journey already and so have secure tools for video conferencing, screen-sharing and instant messaging with clients already available (or at least internal facilities that can readily be turned outwards).
Where this is not the case, firms may be forced to turn to mass-market technology and, as recent headlines have highlighted, security here is often dubious at best. The video conferencing tool Zoom is truly experiencing the “best and worst of times” at present, becoming both immensely popular globally and the subject of a shareholder lawsuit over an alleged coverup of security flaws. “No time to catch up” is true in both senses.
That compliance is a moving target has never been truer too. Operational agility is, of course, vital to achieving what both institutions and clients need right now, but firms sacrifice due diligence on the altar of expediency at their peril.