The industry has focused almost exclusively on cybersecurity controls over the past few years, instead of understanding what their core obligations and fiduciary responsibilities are for client data.

Being a fiduciary and acting in your clients’ best interest has become such a frequently repeated mantra in wealth management, it often elicits eye rolls and impatience. All financial advisors should have a fiduciary mindset when serving their clients because it’s the right thing to do. The issue is that while everyone is aware of their responsibilities when recommending and implementing investment solutions, advisors and their firms are woefully deficient about client data. Every minute of every day, even the most staunchly self-declared fiduciaries in the wealth management space are breaching their fiduciary obligations when it comes to protecting client data.

Being a true fiduciary in this digital age is increasingly more of a constant continuum of self-vigilance and activities as opposed to a one-and-done goal to be achieved.

While even a single data security breach can crush an advisor’s reputation and business, they can’t be expected to solve their client data privacy issue on their own. Wealth management firms need to be working on this issue to support their advisors. But is the industry currently structured to meet the escalating data security challenge? So far, the answer is an unfortunate no.


The Securities and Exchange Commission is well aware of the sorry state of data security in the industry and adopted Rule 30(a) of Regulation S-P — commonly referred to as the Safeguards Rule — to ensure that protecting client data was front and center. This rule requires registered broker-dealers, investment companies and investment advisors to have written policies and procedures intended to:

The SEC has taken enforcement actions against firms stemming from violations of the Safeguards Rule. In fact, more firms have gotten in trouble for data issues than cyber. This is going to get expensive quickly if changes aren’t made fast.

Whether they realize it or not, broker-dealers, RIAs and investment advisors are fiduciaries of their clients’ data. These wealth management firms must:

Firms are acquiring data at an exponential rate and have been fixing issues as they arise in a patchwork fashion. This is untenable. The industry has also put the cart before the horse by focusing almost exclusively on cybersecurity controls over the past few years, instead of understanding what their core obligations and fiduciary responsibilities are for client data.

Looking at cybersecurity and trying to stop bad actors are commendable efforts, but firms haven’t paid nearly enough attention to data integrity and ownership. Many have been hesitant to focus too much on data for fear of being seen as some sort of “Big Brother,” watching their clients’ every move. With the SEC Safeguards Rule, ignoring data issues is no longer an option. But what to do about it?


The industry needs new data security tools and services to protect clients and themselves from SEC enforcement. Having policies and procedures somewhere in a binder is great, but firms need the right kind of third-party innovation to turn written procedure into action. They can’t build these in-house — they don’t have the time or the expertise. Meanwhile there are a number of product innovations out there servicing horizontal markets. To bring those innovations to the wealth management industry is no simple task.

What the industry needs is to support a new kind of innovation platform, where startup companies are created by digital innovators who have a strong understanding of how the industry works and a deep-rooted connections to the data problem. We must foster an ecosystem of innovation made up of entrepreneurs, not just capital, because just throwing money at the problem won’t make it go away.

This is an urgent problem, and there’s no time to wait for solutions to be developed, tested and brought to market sequentially. We are so behind as an industry that development must happen in parallel. This will enable multiple innovators to focus on their respective lanes to solve various facets of the client data issue.

Sid Yenamandra is founder and CEO of Surge Ventures, a new SaaS venture studio initially targeting the financial services and wealth management industry.

Original Article:

Leave a Reply

Your email address will not be published. Required fields are marked *