Advisers could become clients' first line of
defense to keeping their financial lives safe
Financial advisers don't want to talk about
cybersecurity.
You can see it in the attendance numbers of
cybersecurity panels at conferences (though this is improving), as well as in
regulator regulators' messaging to the industry to get
its act together. Legal and technology experts who work with
financial advisers confirm this observation, as does internal InvestmentNews data
on which articles advisers read most (Spoiler alert: Not cybersecurity).
This isn't a criticism of the industry. After
all, people don't get into financial planning and investment management to
worry about things like DDoS attacks or penetration
testing or SSL encryption. And when technology vendors and giant financial institutions can
both fall victim to a data breach, what chance do small registered independent
advisers have?
This is perhaps why despite being the top concern among RIA compliance executives
for six years running, according to a survey by the Investment Adviser
Association and ACA Compliance group, cybersecurity deficiencies are increasing
at small firms.
But it's important to talk about and write
about cybersecurity because advisers of all sizes have a target on their backs.
Not only do they have access to wealthy families' assets, but also personal
information that can be bought and sold on the dark web. Independent advisers
can also be bait for hackers looking to catch larger fish by infiltrating a
custodian or broker-dealer.
My idea is to change how we discuss cybersecurity
away from a scary, complicated technology issue to a potential money-making
opportunity. Instead of a threat that could destroy your business, what if
cybersecurity became a service advisers provided alongside financial planning
and portfolio management?
What if advisers become clients' first line of
defense to keeping their financial lives safe?
To explain what I mean, let me first tell you
a bit about my mom. She's retired now after a career working in insurance,
including some of the first online insurance firms that launched during the
dotcom boom.
Like most of us, she gets a daily deluge of
phishing scams in her email inbox, many looking identical to official emails
from real financial institutions with which she has accounts. Mom is more
tech-savvy than most women her age (which I'm omitting because she's an
avid InvestmentNews reader), but even she has trouble spotting
all the fakes.
Many others fall for it. There's a simple
reason we all see so many phishing emails: they work.
Luckily, my mother doesn't have to worry about
it. Her financial adviser, an independent broker-dealer affiliated with one of
the large firms, has said that she will never get a request about one of her
financial accounts unless it comes directly from him. Anything else, no matter
how legit looking, is a scam.
There are still plenty of other attack vectors
mom has to worry about, but her adviser has removed a huge one from her mind,
and the one with most direct access to her financial accounts. He has also
helped make her feel secure that those accounts are safe from hackers, all
while making her confident that his investment strategy will protect her assets
through retirement.
There are other benefits for the adviser as
well. Promising to monitor accounts made Mom feel comfortable providing access
to held-away assets.
And what better way to demonstrate the value
of account aggregation? A client not fully on-board with handing over access to
all of her held-away accounts could be swayed by an adviser offering to be the
go-to cybersecurity point person for those accounts.
Of course, this puts the onus on the adviser
to ensure the accounts are never breached. The whole idea comes toppling down
if a hacker gets control of his broker email address.
But if the industry doesn't like talking about
security, let's talk about what they love: building relationships, providing
value beyond commoditized investing, and, most of all, opportunities to grow
their business.
This adviser effectively turned cybersecurity
into one of the most valuable services he can provide. What's more
"holistic" financial advice than that?
No comments:
Post a Comment