January 26, 2024

Cybersecurity and Digital Onboarding: Safeguarding Wealth Data

As the finance world increasingly becomes digital, wealth management firms have had to introduce cybersecurity measures to protect the data they collect daily from their clients. For a lot of these companies, securing the client onboarding process was their first exposure to cybersecurity in general.

A data breach in the financial sector can be especially devastating since it not only leads to monetary loss but also constitutes an often irreparable loss of confidence with the clients. For that reason, Mako has put in place stringent cybersecurity measures within its platform, but wealth management firms still have a role to play to remain protected.

This article will provide context about cybersecurity in the wealth management sector, tips to remain protected and explain the Mako Fintech cybersecurity process.

Why is Cybersecurity Important in Wealth Management?

The financial sector has always been a prime target for cybercriminals because of its direct link to bank accounts and sensitive personal information. However, data breaches are only one of the cyber threats faced by the financial sector.

‍

Since wealth management offices rely on access to their data to run their operations, cybercriminals often launch ransomware attacks against these types of businesses. As the name implies, this type of attack locks down a system and asks the company for a ransom to unlock the data.

Only 39% of surveyed CEOs in the asset management sector said they felt protected against cyber threats.
You are not too small to be targeted: 43% of cyber attacks are aimed at small businesses, but only 14% are prepared to defend themselves.
The average cost of a data breach is USD$1.44M

These statistics highlight the dire need for robust cybersecurity measures for all wealth management firms, no matter their size.

Building a Cybersecurity Culture

While wealth management offices definitely should invest in security measures like firewalls, cyber criminals rarely attempt to breach systems in that manner. The most common way data breaches and ransomware occur is via human error.

Attacks like phishing and social engineering attempt to trick employees of a company into providing login information or access to data via fraudulent emails or other communication channels. For that reason, it’s important to properly equip your staff to fight off these threats by building a cybersecurity culture within your organization.

Here are some ways to achieve this goal:

Cybersecurity awareness training

This type of training must be done frequently, and ideally, the content should be tailored to your company’s specific needs. There is a plethora of affordable software solutions on the market, but it’s a good idea to also have in-person training to allow your staff to ask questions in a safe environment.

Phishing simulations

These initiatives must be used carefully and sparingly because they can end up making employees who fail them feel singled out. However, sending these fake phishing emails is essential to gain relevant context and identify the type of training you should deliver to your staff.

Third-party audits

As wealth management firms introduce more and more technological tools within their workflows, it is essential to conduct cybersecurity audits on the vendors and partners. While most modern software companies build their products with security in mind, you’ll want to make sure they meet the stringent requirements of the financial industry.

The Mako Fintech Cybersecurity Process

Mako’s product has been carefully built and maintained so that all wealth management firms can use it without any worry for the safety of their data.

Digital onboarding can be extremely convenient and scalable, but it’s also a moment in the customer journey where the most personal information transits via the Web. For that reason, Mako has instituted a number of cybersecurity measures to ensure personal information never leaks out.

SOC2 certification

This voluntary cybersecurity certification delivered by the American Institute of Certified Public Accountants (AICPA) demonstrates that recipients store and process client data in a secure manner.

It is considered the leading certification for data security worldwide and is often required by financial institutions to approve the usage of a product. Mako is proud to have attained this status and remains committed to honouring it.

User authentication and permissions

Mako offers a variety of authentication methods and supports SSO via SAML 2.0. Additionally, our product has a robust user permissions system that allows you to limit the accessible files depending on the authority level of an employee.

This feature creates a more secure operating environment and ensures disgruntled employees or ex-employees can’t cause data breaches.

State-of-the-art encryption technology

Our product relies on strong encryption technology deployed in the following manner:

At rest: Our DB instances are encrypted at rest with the industry standard AES-256 encryption algorithm.
In transit: We make sure to disallow deprecated ciphers. Our allowed cipher suite gets an A+ Qualys SSL Labs rating. Our database communication is also encrypted in transit using the latest available encryption.

Building a Wealth Management Cybersecurity Process

Strong cybersecurity protocols in the finance sector are a careful balancing act between choosing the right partners and enacting the importance of cybersecurity within your organizational culture.

Digital onboarding offers convenience and scalability but must be done right to ensure data security. With a partner like Mako, you’ll be able to rest easy at all times.

If you’d like a more detailed demo of our features, don’t hesitate to reach out here.

‍

Image by Fakhruddin Memon from Pixabay

Technology and Efficiency in Wealth Management

View full Infographic

So in my view an appropriately diversified portfolio should have enough exposure to different asset classes, that its able to withstand a wide range of market disruptions. Usually, it’s some kind of negative or positive event… they’ll affect different asset classes differently. So by having your eggs in different baskets you’ll be well insulated from major risk. For example, there’s some kind of change in the housing market… both by having some exposure to it, you won’t miss out on the opportunity to make money. But if it’s something negative, you’re also not going to lose all your money if all of it were in the housing market for example. So at a high level, a properly diversified portfolio should grow in a growing market and yet not be at risk of major losses in a declining market.
‍
You asked also about an efficiently diversified portfolio, and I would say that that’s a portfolio that achieves those goals with a minimum of different positions. There’s a lot of good reasons to have fewer positions in your portfolio. Being less complex means a portfolio is easier to rebalance and administer. Every time part of your portfolio goes up or down, you're going to need to rebalance it a little to make sure that it stays with the right allocations and the fewer positions you have, the easier it is to do that..the less trading fees you incur doing that.
‍
There is a tradeoff between being completely diversified and being efficiently diversified. If you were completely diversified then you’d have a proportional segment of absolutely everything you could invest in under the sun, like shares of palm oil futures or something like that. I don’t think everyone should have palm oil futures in their portfolio but I’m not a wealth manager. I think it comes down to your portfolio and how large it is (probably the Canada Pension Plan has a proportion of palm oil futures in it). You’re going to have to talk to your advisor and choose a degree of complexity that’s right for your portfolio.
‍
CN: Let’s just take a step back - what does a typical portfolio look like and has that changed over time?
‍
RB: Yeah, so I'm not entirely sure what a typical portfolio looks like these days because it's actually changed quite a lot over time. I think common wisdom used to be that the classic balanced portfolio was 60% public stocks and 40% bonds. These days that's ancient history. Most would say that the bond allocation should be a lot lower these days in this age of unprecedented low-interest rates. These days it’s the stock portfolio that’s been driving a lot of the growth. I think a well-diversified portfolio in the modern era should absolutely include exposure to all kinds of alternative assets (that aren't even really that alternative but still kind of fall out of that traditional bucket). So you know I mentioned real estate, private companies, maybe for example commodities or other types of investments. So I think that there are a lot of things that you can invest in and your advisor can guide you on what’s appropriate for you.
‍
CN: Yeah that makes a lot of sense. Talking about alternative investments, we’ve heard a lot this year about ESGs, impact investing, alternative investments… do you think there’s more of an appetite today for these types of investments than in the last ten years?
‍
RB: Yeah that’s a topic that’s close to my heart having previously started an impact investment company. It’s definitely been a gigantic increase in interest. I think when I started my previous company we were speaking to large wealth managers and having them say “we’re barely getting a grip on early ideas.” Like not including gun manufacturers or tobacco companies, and now these same companies are launching impact portfolios and marketing this aggressively. So there’s definitely been a seat change, it’s a real industry, and there’s a lot of studies out there and data showing that ESG or impact investing can equal or outperform non-impact investments. So I think it’s a huge part of the market these days. That said, one of the things that’s driving it is people’s interest in it. I think that one of the stories of the investment industry has been the personalization of it. People’s portfolios are being tailored to their own needs and circumstances. Impact investing is definitely a piece of that. People are environmentalists, but an institution is not an environmentalist. It doesn’t live and breathe the impact on the environment the way an individual does. The person who is active in the David Suzuki Foundation for example is going to be active as an impact investor and it’s appropriate for them to be.

In Pursuit of Efficiency:

Working with Technology to De-paper Wealth Management Processes

Download Complete eBook

That’s a great question. I think there's a lot of advantages and you gain a lot with an automated platform. For me, it's a lot easier to manage. I have some of my money in one of these platforms and I barely think about it. It's being rebalanced all the time. The costs are much lower in terms of expense ratio for the same kind of rebalancing. Again you're missing a lot with that, but on just the mechanical portfolio rebalancing you're getting a great deal there. I would say that two other advantages are up-to-the-minute reporting, so you always have that login where you can see your position, see how your portfolio is doing historically. And finally, this is an advantage for me and anyone who doesn't love doing taxes, but typically they’ll take care of your tax forms for you, and end up with much simpler tax forms, so it kind of works out what your cost basis was and how much you have to report.
‍
CN: So let's talk about the other side of the coin then...what are the risks of not having a seasoned professional managing your money?
‍
RB: I wouldn’t exactly phrase the question that way. You know it's more what’s the benefits of having a real wealth manager? Some of the clients of robo advisory firms may not even be aware that they're missing out. A wealth manager isn't just balancing your stocks and bonds, that's kind of the very lowest mechanical level of what you get out of the wealth manager. Really they're your advisor on your life. Intimately intertwined with you because you're thinking about retirement planning, on planning for college for your kids, when is the right time to buy a house, and when should you get life insurance, for example. An advisor can help you with all of those decisions and they can connect you with service providers like a mortgage broker when you may be in need of one. So I think that you get a lot of value out of having one of these advisers, particularly when you get to a stage in life when these kinds of services are more about the long-term and your life circumstances are far more critical.
‍
CN: There are clearly pros and cons and two sides of the story depending on who you're asking. Like you said, what stage of their life they’re in ...but do you think the platforms that we’re seeing emerging like to Qtrade, Wealthsimple, and all the rest will ever become status quo?
‍
RB: Yeah, I do actually. I think that similarly to how you know we’re using online platforms to automate everything for us (I can’t think of the last time I used to travel for example), everything you’re going to be trying to do with your money is going to be automated, and it’s going to be appropriate to be handled by one of these one of these platforms. In particular, for most people at an early stage in their lives that have few assets to manage, not a lot of complexity, not a very extended personal family circumstance, it’s gonna make a lot of sense to have a low fee robo worry about it. But at some point their life circumstances are going to get more complex and you’re gonna get married, or maybe you’re not, or you may have other objectives that you may want some advice on and at that point it may make sense to either supplement the robo advisory portion of your portfolio, or graduate to a more holistic wealth management view.
‍
CN: Thank you so much Raph, these answers were great. It’s always insightful chatting with you so thanks for sharing those answers with us today.
‍
RB: It’s my pleasure.

View Posts