Journal summer 2017 by PIMFA

JOURNAL Summer 2017

Personal Investment Management Finance Advisors Association

Our Mission Our mission is to create an optimal operating environment so that our member firms can focus on delivering the best service to clients, providing responsible stewardship for their long-term savings and investments.

What We Do 1.

Represent the diverse range of firms in the investment and financial advice industry with a unified voice

Be the undisputed industry thought leader, consolidating our extensive technical insights and expertise in research and policy work

Lead the debate on policy and regulatory recommendations to ensure an optimal operating environment for firms and clients, maintaining the UKâ&#x20AC;&#x2122;s position as a leading global centre of excellence

Through our advocacy work, we promote the industry as a key catalyst to develop a culture of savings and investment in the UK

Promote a greater understanding of the sector and its role as a beneficial force in transforming the way people save and invest for the future

Facilitate dialogue across industry stakeholders, whilst developing best-practice guidance

Would you like to contribute an article? Alongside updates from the PIMFA, the Journal includes several useful inputs from our associate member firms. These articles are an excellent opportunity to gain interesting insights into the wider industry and to learn more about PIMFA associate members. If you are an associate member who is interested in contributing to future editions of the Journal then please contact: Richard Adler, Director of Strategic Partnerships (richardr@pimfa.co.uk) or Sheena Gillett, Head of PR & Communications (sheenag@pimfa.co.uk) Journal design by Cicero No responsibility for loss to any person acting or refraining from acting as a result of any material contained in this publication can be accepted by the PIMFA, the author, publisher or printer. The views expressed by individual contributors are not necessarily those of the Association. Company limited by guarantee. Registered in England and Wales. No 2991400. VAT registration 675 1363 26. Published for PIMFA

22 City Road Finsbury Square London EC1Y 2AJ Tel: +44 (0)20 7448 7100 www.pimfa.co.uk Twitter: @PIMFA_uk Members: enquiries@pimfa.co.uk Non-members: info@pima.co.uk

Foreword 2017 has been a year of change so far for us at PIMFA - the recent merger will strengthen the voice of the personal investment Management & Financial Advice industry. The combined PIMFA membership represents UK firms offering a range of financial solutions, including investment advice and portfolio management, as well as investment and execution services, financial planning and advice for private clients. Through the merger, both trade associations can unlock further synergies for the benefit of members by championing a wider remit for our growing community. As the sectorâ&#x20AC;&#x2122;s flagship trade association, PIMFA will also continue to lead the debate on policy and regulatory recommendations to ensure that the UK remains a global centre of excellence in the investment advice and financial management arena. But 2017 will also be a year of change on a grander scale: from finalising the details and compliance prep work ahead of the MiFID II regulation deadline, all the way to the anticipation related to the Brexit negotiations and its wider impact on UK plc; all of us remain firmly focused on the months to come. PIMFA remains committed to ensuring members receive all the support required to minimise disruption and ensure an optimal working environment as the UK re-negotiates its relationship with its European neighbours. Our policy work this year will continue to focus on the regulatory environment and its impact on businesses and their clients, covering topics such as MiFID II, PRIIPs Regulation, the FSCS funding model debate, the ongoing battle against Financial Crime including engagement with the authorities on implementing the 4AMLD, relevant aspects of the GDPR, Benchmarks and Indices, and lobbying for proportionality in the SMRC. PIMFA will also continue work on Tax Simplification, our Millennial Forum and other initiatives to encourage diversity and attract the best talent to our industry. New initiatives launching this year include the introduction of a new webinar and technical workshop programme for firms; a new study on the â&#x20AC;&#x2DC;Value of Adviceâ&#x20AC;&#x2122; to use in our lobbying efforts, as well as a plan to develop and publish a manifesto to use in our discussions with Government. The team and I look forward to working with you and your firm in what is sure to be a pivotal year. Liz Field, Chief Executive PIMFA- Personal Investment Management & Financial Advice Association

Contents

2017

Cyber crime outweighs impact of regulations for wealth management firms

The Evolving Wealth Management Landscape

Inside the mind of a scammer

Internal data theft

PIMFA CEO Sentiment Survey 2017: Key statistics

What will GDPR cost?

PIMFA events

MSCI: Introducing Your New Private Investor Index Series

PIMFA Financial Advice In Number Report: Key Findings

How Intelligence Sharing Can Help You Detect and Prevent Financial Crime

PIMFA Fintech Conference 2017

Hacker Girl

Become a member

Cyber crime outweighs impact of regulations for wealth management firms

In a survey of 20 UK wealth management firms, insurance broker Lark (Group) Limited explores wealth management executives’ thoughts on the role of insurance in their business, and their thoughts on regulatory and technological trends affecting the wealth management sector.

55% put insurance at the forefront of the decision making process… Wealth management firms face a number of different risks in the current environment and, as a result, this research shows that firms view insurance as an integral part of their operational strategy, with 55% putting insurance at the forefront of the decision making process and a further 30% building it into the process at a later stage.

Only 15% did not see insurance as important for their business strategy.

Summary:

Research by insurance broker, Lark (Group) Limited explores wealth management executives’ thoughts on the role of insurance in their business, and their thoughts on regulatory and technological trends affecting the wealth management sector.

Key findings • 55% put insurance at the forefront of the decision making process • Cyber and Regulation seen as the biggest risks • Over half of respondent’s state cyber crime is difficult to insure against • 20% of respondents worried about the reputational risks associated with failing to comply with new regulatory measures. • Despite concerns over cyber security, firms are reluctant to curtail IT investment due to its role in facilitating business growth 8

The Broker Relationship

Q.what kinds of risks inherent in the wealth management business are difficult to insure against?

Q. To what extent do you view insurance as an integral part of your operational strategy?

55% 60

30%

55%

55 50

15%

45 40 35 30

Very much so

20%

15%

Loss of client money

Non standard finanical products

Terrorism

0 Regulatory issues, fines, etc.

Director & officers liability

Financial advice

Cyber-crime Cyber-crime is the greatest threat currently facing UK wealth Management firms… Over half of respondent’s state cyber-crime is difficult to insure against and there were not many policies available that could encompass all relevant dangers.

Regulatory Risks 20% of respondents worried about their reputation risk… Behind cyber-crime, regulation was viewed as the next greatest risk to the industry, with one fifth of respondents worried about the reputational risks associated with failing to comply with new measures.

Not at all

15%

Cyber crime

More of an afterthought

90% of wealth managers rate the threat of cyber-crime as either high or very high… However, despite these concerns over cyber security, firms are reluctant to curtail IT investment due to its role in facilitating business growth. Over half of the interviewees said nothing would stop them from investing in technology because of its importance for the workings of their business. Improved client service tended to be at the forefront of this investment, with 35 percent of firms planning to upgrade Customer Relationship Management (CRM) systems over the next three to five years. One quarter (25 percent) also plan to develop their online portals while 15 percent want to improve their mobile technology.

55% believe the vast scope and fast evolving nature of cyber-crime made it difficult to get the right policy or find an insurer with the correct expertise… The research also suggested the need for greater understanding between wealth management firms and the insurance sector about the risks of cyber-crime. Any partnership between a wealth management firm and an insurance broker who understands them is likely to be beneficial for the continued growth and innovation of the sector.

bespoke and responsive cyber insurance solutions for all our clients. As the research suggests, Wealth Management businesses are looking to work with insurance providers that really understand the sector and their business activities. This research will help us to do this so we can continue to develop long standing relationships with clients, something which has always been our ethos since my Grandfather started the business in 1948.” -

Stephen Lark, Lark (Group) Ltd, www.larkgroup.com

“We commissioned the research project to enable us to better understand the challenges that the wealth management sector is currently facing. Along with regulation, it was perhaps unsurprising to discover that the one common area for concern for all the participants are the issues relating to cyber risk. We are already working with our insurer partners and other strategic suppliers to strengthen our proposition in this fast developing area of risk and this will enable us to provide

The EvolvingWealth Management Landscape According to PwC Global FinTech report among the areas facing the highest disruption are wealth management, consumer banking, fund transfer, and payments industry. The accelerated pace of financial technologies deployment in the banking sector boosts the use of collaborative models such as Peer-to-Peer Lending (P2P). MyPrivateBanking Research’s report, entitled Reaching Millennials – The next Big Opportunity in Digital Wealth Management, also notes that “although millennial investors share many common psychological and behavioural traits, there are sub-segments within this cohort of 20- to 35-yearolds that are seeking a certain type of wealth management experience”. During this transformation journey, financial services institutions and Wealth Management firms realise that it is becoming important to redesign their offering not only to comply with regulations, such as MiFID II which again focus on customer, but also to incorporate modern web and mobile capabilities within their operations to enhance their experience according to their needs. Thus, more and more banks are investing in the emerging digital technologies to deliver innovative services, which allow them to automate and streamline their operations, improve regulatory compliance, better control and monitor risk and security boundaries, as well as to decrease administration and operational costs. Besides the investment in technology and tools to make wealth management firms more competitive in their target market, the approach and the “investment” in new services are necessary to be considered. Understanding the growing patterns across different age groups as well as type of HNWIs (inheritance, entrepreneur, etc.), allows firms to better design a strategy that would meet specific group expectations and result to profitability. This could be easily identified during the client onboarding process which needs to be fast, relevant and when possible online-driven. Thus creating the feeling of the value given to the investment of the potential customer. Throughout this process the firms can deploy mechanisms to intelligently profile the client and allocate the right strategy for him/her as well as identifying any connector to family members that would add value to the process and offer extra benefits during or after the onboarding.

Continuous research and regulations in the investment management industry dictate a number of changes, one of them being the use of digital tools to move ahead of the competition, as a result of improved client experience, operational efficiency and new product offering.

On the Digital Business Global Executive Study of Deloitte it is stated that

90% of financial services executives strongly agree that digital technologies are disrupting the industry to great or moderate extent. 13

A communication method can easily be identified as the most preferred depending on the investor’s profile, providing a more targeted approach to the service and improving the image of the firm. As the technology, undoubtedly, moves to the next level with robo-advisory services, Wealth Management institutions and banks can embrace this and collaborate to give the service needed, thus not only improving their service range but significantly increasing their clients while reducing costs. To add to these range of collaborative approaches is the emerging trend of FinTech and alternative finance firms. Such firms can vertically differentiate to meet the increasing needs of the investment management sector and deliver specialised services. As a service, this allows investment management firms to develop their offering and diversify or expand so as to provide alternatives for their target market with more

investment options, different methods to do so and enhanced online communication. The regulatory landscape and transparency in fees and processes is also a significant element that can act to the benefit of the firm. Certainly the right tools are needed to monitor and report on investments making the customer feel attended to and kept aware of the costs at all stages. This particular action offers greater security and advanced client experience. By Kath Wallace, Business Development Manager at Profile Software UK www.profilesw.com

As a result, it is important to select a platform that offers the capability to:

•

give the firm the freedom of creating a new branding approach across markets

•

identify the client onboarding elements that provide the appropriate investment strategy,

•

deliver a superior user experience and

•

allow compliance with regulatory requirements

The fundamentals to take from the various analyses and market trends revolve around some key factors which can create competitive superiority, such as:

•

digital communication options for faster and accurate profiling and reporting

•

best-of-breed client service to meet specific requirements

•

transparency and accessibility to processes and information on fees

•

collaboration or new service offering that would target specific client groups

•

deployment of a marketing approach to identify those trends that would add value to the process and to the service provided

Inside The Mind of a Scammer Discover the tactics investment fraudsters use to deceive investors Last year, victims of investment fraud lost on average £32,000* as fraudsters employed increasingly advanced psychological tactics to persuade victims to invest. Research**, commissioned as part of the Financial Conduct Authority’s ScamSmart campaign, reveals that only two in five of those surveyed think they know how to spot a fraudulent investment opportunity.

One of the most common methods used by fraudsters is to pressurise potential investors to make a quick decision on a time-limited investment offer. Research shows that more than half (53%) of the over 55s surveyed believed acting quickly can be key to getting a good deal, demonstrating how many could be vulnerable to this tactic. Fraudsters are targeting the growing over 55 population because they are more likely to have money to invest. Additionally, the pension freedoms and low interest rates are making the over 55s an increasingly rewarding target for fraudsters. 16

As someone who has been approached by scammers myself, I know how hard it is to identify whether an investment offer is legitimate. They’re very clever these people, playing psychological games to win over the trust of often vulnerable victims Said Nick Hewer, ScamSmart campaign ambassador.

Mark Steward, Director of Enforcement, FCA, asks consumers to

be alert to the warning signs like being contacted out of the blue, promises of low risk and/ or guaranteed above market returns, special deals just for you, time pressure and, very often, flattery.

The Warning Signs Interestingly, those surveyed were more aware of certain signs of investment fraud, but less aware of others. For example, 92% agreed being contacted out of the blue could be a warning sign, but 19% were unaware that being promised returns above the market rate could also be a tactic. Research showed that a third (34%) said it is best not to discuss investment decisions with others and fewer than half (48%) said they would be likely to seek impartial advice before making an investment. These attitudes are seized on by fraudsters, who often urge their target to keep the offer a secret, in order to prevent others from dissuading them from investing. *Figures from Action Fraud released in October 2016 **All figures, unless otherwise stated, are from YouGov Plc. The total sample size was 1,004 GB adults aged 55+, in social grade ABC1, with a gross household income of £30,000+ and/ or savings of £5,000+. Fieldwork was undertaken between 27th January to 6th February 2017. The survey was carried out online.

Common tactics used by fraudsters:

Help stop your clients falling victim to investment scams Support our ScamSmart campaign and spread the word to your clients. To avoid being a victim of investment fraud, the FCA advises consumers to, at the very least:

Offering lucrative returns above the market rate and downplaying the risks of the investment.

Using flattery to make potential victims feel good, such as praising them for being a knowledgeable investor.

Reject unsolicited contact about investments.

Before investing, check the FCA Register to see if the firm or individual you are dealing with is authorised and check the FCA Warning List of firms to avoid.

Get impartial advice before investing.

The FCA has a range of assets you can use, including leaflets, editorial and videos. For more information on how to help your clients become ScamSmart investors visit: www.fca.org.uk/scamsmart or email atinuke.akintola@fca.org.uk

Saying that the deal is only available to the target and asking them to keep it a secret.

Saying that other clients have invested or want in on the deal (known as ‘social proof’).

Putting them under pressure to invest in a time-limited offer. *Figures from Action Fraud released in October 2016 **All figures, unless otherwise stated, are from YouGov Plc. The total sample size was 1,004 GB adults aged 55+, in social grade ABC1, with a gross household income of £30,000+ and/ or savings of £5,000+. Fieldwork was undertaken between 27th January to 6th February 2017. The survey was carried out online.

Internal DataTheft Internal data theft is becoming increasingly prevalent in large organisations. Given the ramifications of the upcoming EU General Data Protection Regulation (â&#x20AC;&#x153;GDPRâ&#x20AC;?), this is an area that is expected to generate increasing scrutiny at a Board level, given the reputational and trust ramifications resulting from a data breach, as well as the magnitude of the monetary penalties. While a great deal of attention to date has been on the impact of external data left on GDPR, much less discussion has taken place with respect to internal data theft. Executives expect that attacks will come from invisible hackers, but do not view their own employees as having the same threat level. This paper will discuss the background of internal data theft by reviewing specific events that have occurred, potential solutions for prevention and factors to be considered, and the difference between data privacy and cybersecurity.

Statistics Statistics around internal data loss vary, but all are pointing to a trend of increasing frequency. Staff-related breaches feature notably in the HM Government 2015 Information Security Breaches Survey. 75% of large organizations suffered a staff-related breach (up from 58% the previous year) and over 30% of small organizations had a similar occurrence (up from 22% the previous year). The types of incidents reported by large organizations included:

Unauthorized access to systems or data: 65%, up from 57% the previous year;

Breach of data protection laws or regulations: 57%, up from 45% the previous year; and

Loss or leakage of confidential information: 66%, up from 55% the previous year. 21

Delving a little deeper into the statistics reveals that looking at the single worst breach suffered by survey respondents, human factors inside an organisation and the supply chain account for over 50% of all sources of a breach. This is over twice that of â&#x20AC;&#x2DC;Organised Crimeâ&#x20AC;&#x2122;, which was reported as being responsible for 23% of incidents. Global research indicates that internal actors were responsible for 43% of the serious data breach incidents experienced by the respondents, and external actors were responsible for 57% of data breaches. Approximately 50% of data exfiltration by internal actors was intentional, and the remaining 50% was accidental. Employee information and customer data, including personally identifiable information (PII), was the most frequently stolen data. Stolen PII can be sold on the black market or used to commit fraud, i.e. collecting someone else's benefits, opening new credit card accounts in another's name, or applying for health insurance by assuming the identity of someone else. Office documents (Microsoft Excel, Word and PowerPoint) and plain text/CSV files were the most common format of data stolen by internal actors, because these documents are stored on employee devices and many organisations place few controls on the data once it is no longer in a database. Research reveals that those who had experienced insider breaches indicated they were not as knowledgeable about Data Loss Protection. Likewise, they were less likely to have this technology deployed than those who have experienced mostly external attacks. This is especially notable since Data Loss Protection was identified as one of the top security tools for catching insider data thefts.

Case Studies Lux leaks Summary: Luxembourg Leaks (Lux Leaks) is the name of a financial scandal revealed in November 2014 by the International Consortium of Investigative Journalists. It is based on confidential information about Luxembourg’s tax rulings set up by Pricewaterhouse Coopers from 2002 to 2010 to the benefits of its clients. Antoine Deltour, the French whistle-blower at the origin of the Lux Leaks scandal says he acted out of conviction and that other employees of the “big four” accountancy firms also contributed to revelations on the widespread practice of fiscal optimization in Luxembourg. Mr. Deltour completed an internship at PWC Luxembourg and was awarded a permanent contract in September 2008. He resigned two years later. “I progressively discovered the reality of the system… the massive practice of fiscal optimization,” he said. “I didn’t want to contribute to that.” Before leaving Mr. Deltour copied training documents at PWC, and came across tax ruling files in his trawl of the firm’s database. “Without any particular plan, I copied them because I was dismayed by their content,” he said. The PWC suit alludes to a violation of professional secrecy and a digital break-in. Mr. Deltour says he did not breach any digital security mechanisms. “Perhaps I should not have had access to those files, but it’s not my fault.” Result: The Lux Leaks’ disclosures attracted international attention and comment about tax avoidance schemes in Luxembourg and elsewhere. The leaked data exposed the role played by Luxembourg in facilitating aggressive tax avoidance by multinationals. It caused a massive international controversy, and prompted worldwide calls for political action. This investigation made tax rulings publicly available for over three hundred multinational companies based in Luxembourg. 24

Lessons Learned: The Lux Leaks case is very different in tone to the HSBC Private Bank example. Mr. Falciani was vilified as a criminal and subject to 5 years in prison, and fined CHF 40 million, while Mr. Deltour, who was portrayed as a modern day “Robin Hood”, was given a suspended sentence of 12 months and fined €1,500. There are both similarities as well as differences from a data protection perspective. There are distinct similarities in that the data was unencrypted and there was no continuous monitoring of data access. However, there are also several significant differences. Firstly, there is the type of threat that needs to be protected against. Mr. Falciani, was actively looking to exfiltrate the data for personal gain. It was a calculated attempt to access and monetize the data. Mr. Deltour had a completely different motivation. His actions were much more opportunistic and were driven by a desire to exposure what he perceived to be an injustice. The key comment from Mr. Deltour from a data privacy perspective was “Perhaps I should not have had access to those files, but it’s not my fault.” This highlights a very important consideration around user access control. There needs to be a very clear level of access control, and sensitive documents should not be able to be accessed by all employees. Firms need to ensure that there is an appropriate level of protection implemented so that only people who are absolutely required to access data can access that data. It is lastly worth noting that the data breach in the Lux Leaks is corporate data, and it would not fall under the definition of PII and therefore would not be considered under the scope of the GDPR.

Sage Summary: Sage suffered an internal data breach in August 2016, which was conducted by an employee utilising a password to access data. A 32-year-old worker from the company was arrested at Heathrow airport by the City of London Police on suspicion of conspiracy to defraud. Following discovery of the breach, Sage warned 280 business customers that data, including bank and payroll information, had been accessed and potentially stolen. The loss of data was particularly embarrassing for Sage, and has caused executives and politicians to publicly state their worries that too many companies are ignoring the risks of attack from internal employees. Result: Sage’s share price dropped 4 per cent after the hack was revealed. The UK Information Commissioner’s Office (ICO), which enforces data security, will be investigating Sage as a result of this incident. It is interesting to note that the ICO only has approximately 30 enforcement staff dealing with over 1,000 cases and 200,000 public concerns a year, and the maximum fine that they can enforce is only £500,000. Lessons Learned: The Sage breach is still in the early days of the investigation, but some lessons learned are immediately apparent. The first is the calculated nature of the breach. There was no secondary control, and one individual with a password was able to access the employee data of 280 businesses. This highlights a clear lack of security, as well as a lack of monitoring who was accessing the data. The second observation is the implications under GDPR from a Processor perspective. Sage, as well as its clients, could both be caught under the Controller/Processor rules. This could have interesting implications to Software as a Service (SaaS) providers once the GDPR rules are tested. The third observation is a comparison of the penalties pre-GDPR and post-GDPR. Pre-GDPR, Sage would have a maximum fine from the ICO of £500,000. In the GDPR construct, assuming a 4% fine, this would increase to £57.4 million (based upon 2015 earnings). This represents 29.5% of total 2015 profit, before any class action lawsuits.

Potential Solutions There are different ways to address internal data theft. There is no one perfect solution, and the best defense is a combination approach. The most effective solution is a combination of: Formal Policies and Employee Training: Currently, 29% of UK companies surveyed have written cyber security policies, and just 10% have formal

Formal Policies and Employee Training

Preventative Controls

Surveillance and Monitoring

incident management processes. The guidance also highlights the importance of user education and training, although only 17% of firms have had their staff undergo some form of cyber security training in the last 12 months. Having a policy does not mean that an organisation is completely protected against breaches. Of all the organisations where security policy was poorly understood, 72% experienced a staff related breach. 56% of organizations where security policy is understood still had a breach, which represents a 37% year on year increase. It is for this exact reason that preventative controls are also required. Additionally, in the examples previously discussed, the internal individuals were intent upon exfiltrating the data. No matter how robust a policy may be, it will not stop internal data theft in the way that preventative controls can. Preventative Controls: The establishment of Formal Policies and Employee Training are very important in order to education and create awareness. This is the starting point of any data protection program. However, preventative controls are the next safeguard which must be considered. Relatively few companies (34%) have rules specifically around personal data encryption, which has been at the centre of various recent high profile cyber security breaches. Moreover, whilst most businesses set rules and controls within their organizations, just 13% set minimum cyber security standards for their suppliers. This is particularly significant, given that one of the main drivers of investment in cyber security was because clients demanded it. 28

Regulatory Technology (RegTech) companies, such as Exate Technology (Exate) has developed Formal Policies and Employee Training with Preventative Controls and Surveillance Monitoring. Recalling the statistics from the beginning of this article 75% of large organisations suffered a staff-related breach. 81% of large organizations stated that there was an element of staff involvement in some of the breaches they suffered. In order to prevent these levels of staff-related breaches, Exate model incorporates three lines of defense which...

1. Separates data security from application security. This is accomplished through a key management system that defines which individuals within a firm have access to PII. 2. Uses Machine Learning to track behavioral patterns, and where requests are out of the traditional behavior, they insert an additional supervisory control. 3. Uses surveillance and monitoring: to alert the relevant Risk and Control or Compliance individuals within a firm when there has been attempted key access which exceeds internal comfort levels.

The three lines of defense solution is designed to sit in the background within a firm, being almost totally invisible to all with the exception of the internal controls team. While data protection is the ultimate goal, it is also critically important to enable staff to be able to perform their daily functions without interference.

Conclusion Internal data loss (accidental or theft) is an increasing concern for both large corporation as well as small to medium size entities. Statistics prove that this is a growing source of data leaks, which can lead to both reputational damage as well as significant fines under the GDPR. Given that most of the attention at a corporate level has been to guard against external hackers and breach attempts. Peter Lancos, Exate Technology www.exatetech.com 30

PIMFA CEO SENTIMENT SURVEY 2017: KEY STATISTICS

The top 3 areas of focus for 2017:

Regulations

89%

Of the 89% of respondents who listed regulations as a business issue 30% stated MiFID II specifically.

78% of respondents do not see these issues changing in 2017.

The top 5 business issues in 2016 overall as listed by respondents: 47% Growth/New Business 32%

Regulations

27%

32% of respondents mentioned Regulations as their top of mind business issue in 2016.

Staffing

42%

Political Uncertainty

38%

IT/Cyber Security

36%

Costs

27% 32

Clients

18% 33

Events Calendar 2017/18 June 2017 M

5 12 19 26

6 13 20 27

7 14 21 28

July T 1 8 15 22 29

F 2 9 16 23 30

S 3 10 17 24

S 4 11 18 25

August

3 10 17 24 31

4 11 18 25

5 12 19 26

6 13 20 27

7 14 21 28

S 1 8 15 22 29

S 2 9 16 23 30

M 7 14 21 28

T 1 8 15 22 29

W 2 9 16 23 30

T 3 10 17 24 31

F 4 11 18 25

S 5 12 19 26

S 6 13 20 27

T 2 9 16 23 30

F 3 10 17 24

S 4 11 18 25

S 5 12 19 26

29 Compliance Conference, London

September

October

4 11 18 25

5 12 19 26

6 13 20 27

7 14 21 28

F 1 8 15 22 29

S 2 9 16 23 30

S 3 10 17 24

6 Fintech Conference, London 12 Associate Members Update, London 13 MiFID II Conference â&#x20AC;&#x201C; Part 2, London

December

November

2 9 16 23 30

3 10 17 24 31

4 11 18 25

5 12 19 26

6 13 20 27

7 14 21 28

S 1 8 15 22 29 7 8

Women in Wealth Forum, London

January 2018

4 11 18 25

5 12 19 26

6 13 20 27

7 14 21 28

F 1 8 15 22 29

S 2 9 16 23 30

S 3 10 17 24 31

M 1 8 15 22 29

T 2 9 16 23 30

W 3 10 17 24 31

6 13 20 27

7 14 21 28

W 1 8 15 22 29

CEO Dinner, London Annual Summit, London

February T 4 11 18 25

F 5 12 19 26

S 6 13 20 27

S 7 14 21 28

5 12 19 26

6 13 20 27

7 14 21 28

T 1 8 15 22 29

W 2 9 16 23 30

T 1 8 15 22

F 2 9 16 23

S 3 10 17 24

S 4 11 18 25

T 3 10 17 24 31

F 4 11 18 25

S 5 12 19 26

S 6 13 20 27

25 Financial Crime Conference, London

March

April

5 12 19 26

6 13 20 27

7 14 21 28

T 1 8 15 22 29

F 2 9 16 23 30

S 3 10 17 24 31

S 4 11 18 25

8 Women in Wealth, London 12 Associate Members Update, London 13 Financial Adviser Dinner

May

2 9 16 23 30

3 10 17 24

4 11 18 25

5 12 19 26

6 13 20 27

7 14 21 28

S 1 8 15 22 29

M 7 14 21 28

26 Investment Conference

All dates and events are subject to change. These dates do not include briefings.

35 35

MSCI: Introducing Your New Private Investor Index Series On March 1st 2017, index and analytics firm MSCI became the sole provider of data for the WMA’s Private Investor Index Series, following an agreement announced in September 2016. MSCI brings the series not just new data, but something else increasingly important to wealth managers: investable, liquid benchmarks that attempt to better reflect how modern, multi-asset class portfolios are being managed. The WMA indices – the U.K.’s oldest private-investment price series – were launched two decades ago to provide the first common benchmarks by which investors could size up the performance of competing wealth managers. (The series’ balanced, income and growth indices date from 1997; its conservative and global growth indices from 2011.) Each of the five indices tracks a multi-asset strategy with corresponding risk/reward profiles by adjusting the weightings of their constituent asset classes, which under MSCI will continue to span the full range of equities, bonds, real estate, cash and alternatives. With the exception of global growth, all now include a broader weighting to fixed income, including gilts, corporate and inflation-linked bonds. MSCI offers a WMA data module with 10-years of rolling history for the original three indices, and history since inception for the remaining two newer ones, so that they can be put into use immediately for past performance benchmarking. The five WMA indices are in fact indices of 10 sub-indices, eight of them representing conventional equity and fixed-income assets – the MSCI UK Investable Market Index and the Market iBoxx Sterling Gilts Index, to name a couple. But two of the 10 bring something new to PIMFA members seeking transparency in the traditionally opaque and illiquid realms of real estate and alternative investments. 36

MSCI WMA Private Private Investor Investor Conservative Income Index Index

Private Investor Growth Index

Private Private Investor Investor Balance Global Index Growth Index Asset Class Proxy Index

Asset Class INTERNATIONAL EQUITIES

13.5%

20.0%

37.5%

30.0%

MSCI ALL COUNTRY WORLD (ACWI) EX-UK

UK EQUITIES

19.0%

32.5%

40.0%

32.5%

MSCI UNITED KINGDOM IMI

GOVERNMENT BONDS

10.0%

5.0%

2.5%

5.0%

MARKIT IBOXX GBP GILTS

CORPORATE BONDS

25.0%

17.5%

5.0%

10.0%

MARKIT IBOXX GBP CORPORATES

INFLATIONLINKED BONDS

5.0%

2.5%

0.0%

2.5%

MARKIT IBOXX UK GILT INFL-LINKED

CASH

5.0%

2.5%

5.0%

CASH EQUIVALENT (GBP 1W LIBOR-1%)

REAL ESTATE

5.0%

MSCI UK IMI LIQUID REAL ESTATE

ALTERNATIVES

17.5%

12.5%

7.5%

EMERGING WORLD EQUITIES

10.0%

MSCI EMERGING MARKETS

DEVELOPED WORLD EQUITES

90.0%

MSCI WORLD

TOTAL

MSCI WORLD DMF 50% + 1W LIBOR (GBP) 50%

10.0%

100%

39 39

Real Estate: A Better Match In working with the PIMFA’s Private Investor Indices Committee and working group, one goal was to identify a real-estate index that was replicable and priced daily, and that more closely represented the performance of the underlying asset that wealth managers typically invest in. The MSCI UK IMI Liquid Real Estate Index aims to create a risk/return profile that through liquid instruments mimics the performance of direct commercial property investments that wealth managers tend to manage.

That’s a departure from the traditional approach, which typically uses real-estate investment trusts (REITS) as a proxy for the asset class. However, these stocklike, mostly listed securities show a high correlation to equity and marked volatility (because their constituents can be highly leveraged). This creates a mismatch between the risk profile of the benchmark and that of portfolio holdings.

Alternatives: An “Alternative” Approach To create a proxy index for the “Alternatives” asset class first required defining “alternative”, a term that outside of traditional stocks and bonds could mean almost anything – including hedge funds, commodities, infrastructure, structured products and collectibles - many of them illiquid and/or non-investable. Rather than attempt to cobble together a non-replicable index comprised of such a broad basket, the Indices Committee selected MSCI’s Custom Alternatives subindex comprised of 50% cash (represented by the 1-week, sterling-denominated Libor) and 50% the MSCI World Diversified Multiple Factor Index, which includes large and mid-cap stocks from 23 developed markets. This approach aims to replicate the risk/return profile that you might expect from a broad basket of alternatives while avoiding a messy composite that would not meet accepted standards for a proper benchmark index. 41

Looking Ahead MSCI are pleased to have this opportunity to work with PIMFA and its member firms and look forward to receiving feedback from the wealth management community on potential new projects. We encourage PIMFA member firms to ingage with the indicies commitee, in ongoing processes and MSCI, to maintain the relavence of the MSCI WMA Private Investor Index Series for member firms and their clients. Further information about the MSCI WMA Private Investor Index Series is available below: Steve Kowal, MSCI www.msci.com/wma www.pimfa.co.uk/private-investor-indices

PIMFA Financial Advice Market In Numbers Report: Key Findings

Sales By Product Type 2016 13% ISAs/OEICS/Inv Trusts

Protection

Other/Donâ&#x20AC;&#x2122;t know

13% Commission on non-inestment business

Post RDR Initial adviser charge/fee

41%

Bonds

16%

Income Sources 2016

11% Pre RDR Investment Business

Annuities & Drawndown

63% Pensions

31% Post RDR Initial adviser charge/fee

Advising Staff

Profit 1000

25,000

800

24,500 24,000 23,500

600

22,500

400

23,000 22,000 21,500

200

20,500

21,000

2013

2014

2015

2016

2013

2014

2015

2016

Revenue 5000 4000 3000 2000 1000 0

2013

2014

2015

2016

How Intelligence Sharing Can Help You Detect and Prevent Financial Crime Financial Crime is costing the UK economy £193 billion a year Limited financial crime intelligence sharing is contributing to the significant losses suffered by financial institutions (FIs) and their clients. The Home Office’s Impact Assessment on Information Sharing states;

Financial profit is the driver for almost all serious and organised crime, and other lowerlevel acquisitive crime. The UK drugs trade is estimated to generate revenues of nearly £4bn each year and HMRC estimate that over £5bn was lost to attacks against the tax system in 2012/13. Criminals launder their money – moving, using and hiding the proceeds of crime – to fund their lifestyles and to reinvest in their criminal enterprises. The best available estimate of the amounts laundered globally are equivalent to 2.7% of global GDP, or US$1.6 trillion in 2009, while the National Crime Agency assesses that billions of pounds of proceeds of international corruption are laundered into or through the UK. This threatens the integrity and reputation of our financial markets.

What is Financial Intelligence? It is important to note the difference between information and financial intelligence. Information is raw data whilst intelligence is data that has been analysed, evaluated and processed into intelligence. An entity leaves a footprint of information wherever there is interaction. In situations where such interaction appears suspicious value and significance is attributed. Information is created through interaction between an entity and an organisation which forms the basis of intelligence. Legislation exists to ensure such information is held for a correct purpose and that the duty of confidentiality is strictly complied with. This is often perceived as an obstacle to certain intelligence sharing due to fear of an unwitting breach of regulation. Trust in another organisation to handle the intelligence within the basis it was shared is another legitimate concern. Financial intelligence is the key to the investigation of crime, prosecution and subsequent asset recovery. The initial stage of investigation involves bringing related but isolated facts into proximity of each other as in the vast majority of cases a conclusion only becomes possible once financial information from separate sources is combined. According to independent research financial institutions hold massive amounts of valuable intelligence, however, only 5% is used to combat illicit financial activities. Shared information and â&#x20AC;&#x2DC;big dataâ&#x20AC;&#x2122; create an opportunity for those engaged in the investigation of financial crime to leverage quality intelligence.

Is It legal To Share Intelligence? Schedules 2 and 3 of the Data Protection Act (DPA) explain the basis for processing personal data in the appropriate circumstances. These also allow for intelligence sharing where FIs have a legitimate interest in preventing financial crime and legal obligations to protect their customers from it.

The Criminal Finances Bill Will Further Encourage Intelligence Sharing The bill which recently received royal assent is designed to: â&#x20AC;˘ Encourage greater data and information sharing from the reporting sector, leading to more insightful suspicious activity reports (SARs) available to law enforcement. â&#x20AC;˘ Allow the private sector to take measures to better protect themselves from money laundering. â&#x20AC;˘ Provide investigations with better information, leading to improved anti money laundering and terrorist finance outcomes. Provisions in the new Financial Crimes legislation will give FIs greater legal protection when they work together on financial crime cases and share evidence. This enables FIs to jointly prepare evidence in advance of a SAR submission and is a major step towards enabling direct cooperation between FIs where appropriate.

53 53

What next? Conventional information sharing hubs invite member firms to submit a package of intelligence which is then made available to all other participants. This behaves as a deterrent to sharing information about specific individuals for fear of litigation except where the individual is a convicted fraudster. In contrast, a scenario involving data matching about individuals/companies already identified through the course of the investigation process can address such concerns. By connecting the relevant FIs in this way their litigation risk is mitigated because they have already independently initiated their own investigations involving the matched data. Therefore, intelligence sharing is facilitated through the matching of entity data on existing cases. Under the current legislation FI to FI intelligence sharing about specific entities and attached cases is already justified with this method. Sharing data leads to a more informed intelligence picture which in turn results in better prevention and detection of financial crime and increases in asset retrieval. Criminals, their Networks and Victims can be identified accurately and more comprehensively by linking currently disparate cases and individuals through data matching. Individuals who have been affected by fraud can be better protected and provided with preventative advice based on historical fraud attempts. FIs can conduct their investigations in a leaner and more efficient way by reducing duplicated investigative effort and adopting a more cohesive approach to investigations. Intelligence gaps are filled resulting in significant cost savings and reduced losses for FIs and customers whilst at the same time improving public perception of the participating organisations.

Central Intelligence Connector (CIC) Financial Crime Intelligence Ltd (FCI) has developed the CIC platform to enable both internal and FI to FI intelligence sharing. The key difference with CIC is that encrypted data is only made transparent when a critical data match occurs between two or more cases. FIs are able to initially record their cases in CIC and then collaborate at their own discretion by creating Investigation Groups which are fully audited, governed and controlled. FCI does not retain any sensitive data and participating firms remain in control of their own data at all times. CIC strictly adheres to Data Protection Act principles. Christopher Anderson, Financial Crime Intelligence (FCI), www.fciltd.co.uk

54 54

FINTECH CONFERENCE 2017

6th September 2017 London Stock Exchange London