E-COMMUNICATIONS
JOURNAL EDITION #27
EFTS
ADVICE GUIDANCE
SUPPLY CHAIN
ONBOARDING
ERI DATA
CONSUMER DUTY
DORMANT ACCOUNTS
CYBER SECURITY
June 2024
BUILDING PERSONAL FINANCIAL FUTURES
MARKET COLOUR ON E-COMMUNICATIONS SURVEILLANCE
BUILDING PERSONAL FINANCIAL FUTURES
EXECUTIVE SUMMARY
• Firms’ communications surveillance capabilities are underperforming despite hefty investments in AI, machine learning, and voice analytics.
• Key issues facing monitoring programs:
- Disappointment with AI/ML models missing critical risks
- Outdated legacy voice surveillance tools requiring replacement
- New voice-to-text tools struggling with costs and poor non-English accuracy
- Testing reveals solutions hugely underperforming marketed capabilities
- Overwhelmed compliance teams lack resources for expanded scope
• The findings highlight major technological gaps, operational barriers, and resource constraints impeding comprehensive communications oversight.
• As regulatory scrutiny intensifies expectations, firms face pressure to achieve compliant surveillance. However, significant hurdles remain in this industry-wide capability transition.
Electronic communications surveillance is a critical compliance function for financial institutions, helping them monitor employee communications for potential misconduct or regulatory breaches. Given the very real risks of fines, coupled with the reputational damage from oversight failures, implementing effective monitoring capabilities is an existential priority for firms operating in today’s stringent regulatory climate.
However, our recent market research reveals that many financial institutions are struggling with the current state of surveillance technology and tools available. Despite investments in advanced systems powered by AI and machine learning, voice analytics and other cutting-edge capabilities, the solutions are not yet delivering what the practitioners say they need.
The research, which involved interviews with compliance leaders at 15 global and regional banks, uncovered several key findings:
1. Dissatisfaction with AI/ML models:
Practitioners expressed growing frustration that the AI and machine learning models used in many surveillance tools have not delivered the expected benefits. At least not yet. While these models can reduce alert volumes to some degree, they often fail to identify all the risks they are designed to detect, leaving compliance risks undetected. Part of the issue lies in unrealized expectations set by vendors overselling AI/ML capabilities. Financial firms were led to believe implementing these advanced technologies would provide a comprehensive solution for sifting through
massive data sets to pinpoint risk areas. However, the reality in practice is quite different.
2. Legacy voice surveillance tools falling short: Many institutions still rely on older, phonics-based voice surveillance tools that are now broadly viewed as outdated and ill-equipped to handle modern coms-surveillance needs. To address this technology gap, many are looking to move towards voice-to-text (V2T) transcription tools as the next step, but are facing significant challenges with the cost of this move as well as concerns about the quality and accuracy of the technology currently available.
3. Non-English Language accuracy
issues
with V2T: Those experimenting with V2T transcription tools are reporting poor translation accuracy. One bank using a market-leading transcription plus translation vendor said they were achieving around 80% accuracy for English but only 60% for Japanese. This low accuracy is observed across a range of non-English languages, both Asian and Latin-based languages were referenced, and is leading many to hold off on widespread deployment.
4. Resource-intensive testing and deployment: Moving to new surveillance tools requires rigorous testing and quality assurance before operational deployment can be approved. Institutions face significant hurdles in performing this testing, often lacking the resources and technical support needed to do so thoroughly. Testing can be time and labour-intensive, and several practitioners cited that after an intensive multi-month POC process, results were so disappointing compared to marketing promises that they chose not to deploy at all, post-trial.
5. Stretched compliance teams: Compounding the technical and operational hurdles already referenced, most participants raised concerns about bandwidth and their ability to ‘keep up’: static budgets, headcount pressure alongside
growing regulatory expectations and scrutiny is leaving many compliance teams struggling to manage the increasing volume and complexity of communications channels they need to monitor. This has left many teams feeling overwhelmed and under-resourced. Several commented that this imbalance between expanding channels and regulatory focus, against current resourcing and funding, is unsustainable.
The findings paint a picture of an industry function in transition, with institutions seeking to modernise their electronic communications surveillance capabilities but facing technological, organisational, and resource barriers along the way. Overcoming these hurdles will be crucial to ensuring effective surveillance and compliance.
EMILY WRIGHT, Consultant, Leaman Crellin ew@leamancrellin.co.uk
ADVICE GUIDANCE BOUNDARY REVIEW
BUILDING PERSONAL FINANCIAL FUTURES
INTRODUCTION
In December last year HM Treasury and the FCA published a joint Discussion Paper DP23/5 on the Advice Guidance Boundary Review. The Review is part of the Edinburgh Reforms, which are designed to take forward the Government’s ambition for the UK to be the world’s most innovative and competitive global financial centre. The consultation closed in February 2024. The Government’s objective in this area is that consumers get the help they want, at a time they need it, and at a cost that is affordable.
The FCA’s research has shown that only 8% of consumers had sought financial advice during the previous year, and that adults with more than £250,000 in investible assets were most likely to have received advice.
The FCA believes uncertainty about where regulated advice begins restricts how firms can support consumers in achieving their financial objectives. The Treasury and FCA have been examining the regulatory boundary between financial advice and other forms of support for some time. They recognise that the success of the proposals pivots on providing firms with greater certainty on the regulatory boundary and the Discussion Paper includes examples of situations in which firms could support customers without providing advice.
The Review is linked to other regulatory initiatives including the new retail disclosure framework, ISA simplification and the pensions dashboard. The Review relates to investment advice only and not insurance, mortgages, debt or giving up safeguarded pension benefits.
The Discussion Paper sets out high level proposals which HM Treasury and the FCA expect will evolve following feedback.
The Discussion Paper refers to the way in which support is delivered to consumers, and how new and emerging technologies, such as advanced data analytics, could enhance consumer experiences and outcomes. The Discussion Paper also notes that it will be necessary for firms and consumers to manage risk, rather than to eliminate it.
The Discussion Paper contains three high level proposals to close the advice gap, and asks for feedback on these:
• Further clarifying the boundary,
• Targeted support, and
• Simplified advice.
We discuss these proposals in more detail below.
FURTHER CLARIFYING THE BOUNDARY
The FCA has previously encouraged firms to be more robust in analysing where the advice guidance boundary falls, as seen in its Dear CEO letters on implementing the Consumer Duty (Life Insurance and Consumer Investments), and its clarificatory information published in August 2023.
The FCA is considering ways to enable firms to give more support to consumers without providing a personal recommendation. Building on the August 2023 boundary clarification document, the FCA notes that it intends to explore whether further guidance, or simplifying existing guidance, would help firms to provide consumers with greater levels of support by giving them more confidence to operate closer to the boundary. In appropriate cases the FCA could also consider rules mandating specific actions.
The FCA acknowledges that this proposal alone is unlikely to resolve the advice gap, given that it does not involve regulatory changes.
TARGETED SUPPORT
This would involve a new regulatory framework that enables firms to use limited information to suggest products or courses of action appropriate to the target market, with the Discussion Paper referring to “People like you”. The idea is that such support would not amount to a personal recommendation and could be offered without explicit charges. This would enable firms to broaden the support they can provide to consumers. Firms would need to disclose to consumers how they are paying, for example if in fact the support is subsidised through platform charges.
The Discussion Paper acknowledges that further legislative or regulatory change is likely to be necessary for this regime to operate with the proper protections in place.
It is expected that banks, insurers and platforms would be able to use their existing consumer data and product knowledge to offer targeted support as a new service to their customers.
The Discussion Paper refers to the example of ‘Investment Pathways’ which the FCA introduced in 2018 to support non-advised pension drawdown consumers, in particular the use of choice architecture and product governance rules.
An example of targeted support is assistance with wealth accumulation decisions, such as presenting alternative funds to a customer with a particular fund profile, based on limited data points.
SIMPLIFIED ADVICE
Simplified advice would be a new advice regime and constitute a limited form of advice. Firms would be able to deliver a simplified form of one-off advice, taking into account only relevant information about a specific consumer need. It would not involve analysing a consumer’s circumstances that are not directly relevant to that need. It would involve a personal recommendation. The idea is that involves different standards then current holistic advice.
CONSULT ON HOW TO PAY
The previous core advice regime proposed did not fly as the product range was considered too narrow and uncommercial being limited to the ISA limit.
An upper limit at £85K, which matches the FSCS’s investment advice compensation cap, is proposed. Pension decumulation products will be excluded.
The Discussion Paper presents some scenarios in which simplified advice may be appropriate – for example, a consumer with cash savings or an inheritance to invest or needing a one-off review of their investments as their attitude to risk has changed.
Under the simplified advice regime the firm would not need to undertake a full suitability assessment. The Discussion Paper proposes setting-out the information requirements a firm will need to gather to ensure suitability of the advice in Handbook rules. Training and Competence rules will be the same as for the provision of holistic advice.
The Discussion Paper recognises that upfront payments are a significant demand side barrier, and so it sought views in its consultation on how customers will pay for this service, without undermining the changes made in the Retail Distribution Review.
COMMENTARY
With attractive savings rates widely available at the moment, it is not clear that the FCA’s proposals will make a significant difference to the current market for investment support. Legislative changes could also take a considerable amount of time to implement.
GRANIA BAIRD, Partner, Farrer & Co
Grania.Baird@Farrer.co.uk
KATY RUDDELL, Senior Counsel, Farrer & Co
Katy.Ruddell@Farrer.co.uk
WHY ONBOARDING IS STILL LARGELY UNSOLVED
BUILDING PERSONAL FINANCIAL FUTURES
Clients appreciate having great onboarding; it’s the first thing they notice when they enter into a relationship. This is why a seamless onboarding is essential for any business that cares about their clients’ experience.
Developing software yourself will fulfil your requirements, but it can be risky and expensive. Figuring out the requirements for such software can be hard. Not only that, but it will probably require a lot of help from internal and external experts. Hence, it will most likely be very time-consuming. This further implies that only the largest asset and wealth managers will be able to do this. Even then, there is still risk that the developed software will underperform in the end.
Conversely, a cumbersome onboarding can leave a lasting negative impact. When there are too many loops, and wrong questions are asked, it slows down the whole onboarding journey. It also might make it look unprofessional.
Organisations that want to maintain a good client relationship will need to go beyond merely adhering to regulatory requirements for KYC, KYB and AML. Yet, despite the obvious importance of setting up efficient processes, many wealth managers still have subpar onboarding. Why is this so?
Let us delve deeper into this pressing topic.
COST PROHIBITIONS
One of the primary barriers to effective onboarding is the cost of implementing a suitable solution. Organisations usually have the choice between developing proprietary software and purchasing existing software; this is often a standard CRM platform. However, both choices have their limitations.
On the other hand, in theory, just buying an existing CRM software could be a good solution — but it needs to be configured correctly. Nevertheless, figuring out the correct configuration means getting all the requirements right, which can again be quite strenuous and time-consuming. Licences for CRM software are usually also not cheap. Purchasing a CRM system can solve parts of the problem, but you still need to meet all the requirements and know exactly what you need.
INADEQUATE TOOLS
There are many tools that say they can do onboarding, but they are not originally built for onboarding in the financial industry. They cannot solve the whole set of problems and aren’t made for handling interesting edge cases like trusts correctly. For example, a CRM system could seem like the right choice; however, a CRM was built for more static data structures, such as call logs or addresses. And when data structures need to be flexible to adapt for regulations, they will often fall short or require complex configuration to be compliant.
THE EMERGENCE OF TECHNOLOGICAL SOLUTIONS
NO-CODE REVOLUTION
Lately, no-code tools made waves because their agility and speed enable automating systems in what is called an agile process. Wealth managers can iteratively refine their onboarding processes; starting with a minimal solution, then testing it and then adapting it until it fulfils all requirements. In situations when you aren’t 100% sure what you need, this is usually a lot faster and gives better results.
EMPLOYING AI
In addition, AI can help put no-code definitions together, and figure out the optimal way to fulfil requirements such as: how to fill out forms and when to make a call to a third-party. An example of a platform that can do all this is Atfinity. It combines no-code for specifying requirements and calculating the optimal processes with an AI. Atfinity offers this for wealth managers and private banks in the UK and Switzerland, often automating even very complex processes in just a few weeks.
CONCLUSION
Onboarding is still a very big problem for many organisations worldwide. However, there are solutions that can help improve operational efficiency, user experience and overall employee satisfaction. Those organisations that prioritise automation and use the right software tools will have a better chance of thriving in the market and reaching their business goals. I encourage organisations struggling with their operational efficiency to look for suitable software solutions that could help them.
ALEXANDER BALZER, Co-Founder and CEO Afinity
ONGOING SERVICES LEADS CHARGE IN CONSUMER DUTY IMPLEMENTATION
BUILDING PERSONAL FINANCIAL FUTURES JOURNAL EDITION #27
The FCA’s review of advisers’ ongoing services marks its first significant use of the Duty within the advice sector. By focusing on the heart of this business model, the regulator is demonstrating how it intends to use the Duty to supervise financial advisers.
long list of Duty-enhanced expectations for firms. Then came its Dear CEO letter on retained interest on cash balances, with investment platforms and SIPP operators needing to respond to the FCA in short order on the action being taken. Now, we have its latest review on ongoing advisory services.
Twenty of the sector’s largest firms have been asked to complete a survey asking for information on:
• whether they reviewed their ongoing services as part of implementing the Consumer Duty
The FCA has said that it will use the results to determine whether and what further regulatory work in this area is necessary. So, it’s telling that two of the sector’s largest advice firms have already announced remedial activity linked to this topic.
WHY THE FCA IS FOCUSED ON ONGOING SERVICES
Nine months on from the implementation of the Consumer Duty, the FCA’s updated retail investment supervision strategy is being revealed with each new intervention. First came its robustly-worded wealth manager Dear CEO letter, with its long list of concerns – some old, some new – and an equally
• whether and what changes they made in response to that review
• whether they delivered ongoing services to clients as promised in the last seven years, and
• the number of clients whose fees were refunded where the review did not take place.
The FCA’s focus on financial advisers’ ongoing services should come as no surprise. Over a decade on from the Retail Distribution Review, ongoing advice models dominate the market and generate the majority of advice firm revenue. The design and delivery of ongoing services therefore have a significant impact on the quality of consumer outcomes.
Previous FCA work has also identified potential issues in this area. Its evaluation of the Retail Distribution Review highlighted concerns that some clients might be paying for a service they don’t need, as well as finding evidence of price clustering and weak competition. And its last portfolio strategy letter included a cautionary warning to firms that weren’t “adequately considering the relevance, nature and costs of these services for all their clients”.
It seems clear then that the implementation of the Consumer Duty has given the FCA a stronger basis on which to examine and, if necessary, act on this key part of the retail investment market.
HOW THIS AFFECTS FIRMS
It’s important for firms to consider the implications of the regulator’s focus on this area for their businesses. The following five questions provide a good starting point.
1) DO ALL MY CLIENTS NEED AN ONGOING SERVICE?
The FCA’s evaluation of the Retail Distribution Review found advice firms were placing more than 90 percent of new customers into ongoing advice arrangements. Its report highlighted concerns that firms might be recommending ongoing services as a ‘default option’, rather than justifying the service based on clients’ circumstances.
The FCA is also aware of the potential conflict of interest that lies beneath the surface of an
advisers’ decision to recommend ongoing versus transactional advice. The findings of its recent work on defined benefit pension transfer advice will no doubt have informed this, where the impact of ongoing service revenue on suitability was a key theme. This new review is likely to be looking for evidence of how firms determine whether an ongoing service is the right solution for clients, as well as how they manage the potential for ‘ongoing service bias’.
2) ARE MY CLIENTS IN THE RIGHT TYPE OF SERVICE FOR THEIR NEEDS AND OBJECTIVES?
Past FCA work has highlighted the risks from advice firms ‘shoehorning’ clients into solutions that don’t match their needs and objectives. The frequency and content of firms’ ongoing services are central to getting this right (or wrong).
Most firms serve clients with an array of investment needs and objectives: think, lowervalue clients early in their accumulation journey versus higher-value clients taking an income in retirement. The FCA is therefore likely to focus on whether, (and how,) firms have tailored their ongoing services to meet different client needs, as well as how they triage clients between the available service options, including consideration of alternatives where relevant.
3) ARE MY ONGOING SERVICES FAIRLY PRICED?
The Consumer Duty’s price and value requirements provide the FCA with an important new tool: the ability to challenge firms on whether ongoing services deliver value for money. This will enable the FCA to look at whether the fees firms are charging stack up against the financial and nonfinancial benefits clients are likely to get in return.
In the decade since RDR, many firms have adapted their charging models to try and ensure a closer fit between the price clients pay for an ongoing service and the benefits delivered. This has seen firms add features like fixed fees, tiered charges, time-based charging and fee caps to their charging models.
However, there are still firms with charging models that don’t have these features. And while fees based upon a fixed percentage of assets under advice are not inherently bad, they do increase the risk of poor value. This is especially the case where firms serve clients whose wealth levels and needs / objectives vary significantly.
Similar to the FCA’s work in other sectors, firms are likely to be asked to evidence how they have assessed that their ongoing services deliver fair value for all client groups. And if they have groups of clients paying many, many multiples more than others, they’re going to need to justify this approach.
4) ARE MY ONGOING SERVICES DELIVERED AS PROMISED?
Ongoing services can only deliver the expected benefits to clients if they take place as promised. The FCA is likely to focus not just on whether services take place, but also whether they take place to the agreed schedule.
Where services aren’t delivered, the regulator will want to know what action firms take in response. This could include whether firms contact clients to rearrange review meetings in a timely manner, how they manage the risk of poor client outcomes from service non-delivery and their approach to refunding fees, where relevant.
5) ARE MY ONGOING SERVICES DELIVERED WELL?
Finally, it’s important to ensure ongoing services are carried out well. Key areas to consider include whether all the features of the service are delivered, the suitability of any advice provided, whether necessary disclosures are given to clients, and whether any changes to the underlying investment solution are implemented accurately and on a timely basis.
MICHAEL LAWRENCE, Principal Consultant, Bovill mlawrence@bovill.com
CURRENT CYBER THREATS AND INSURANCE SOLUTIONS FOR THE INVESTMENT MANAGEMENT SECTOR
BUILDING PERSONAL FINANCIAL FUTURES
In today’s digital landscape, the investment management sector faces a barrage of cyber threats that can wreak havoc on businesses and their clients. With an average cost per claim hitting $1.2 million and a staggering 90% of cyber claims stemming from data breaches, the need for robust cybersecurity measures is more important than ever.
In this article, we will explore cyber security threats affecting investment management and the wider financial services sector, how businesses can protect their balance sheets with risk transfer solutions such as insurance and the risk management benefits that are now typically included within a cyber insurance policy.
THE GROWING CYBER THREAT
Cyber attacks against financial services are not only financially lucrative for perpetrators but also pose significant risks due to the sensitive financial and personal data handled by these firms. In fact, not only does the financial services sector experience the highest average cost per claim, but the sector is the most frequently targeted.
From network security breaches to social engineering fraud, the threats are multifaceted and constantly evolving. Cyber-attacks can be brought in various ways. Some of the most critical risks firms should attempt to stay ahead of the curve on include:
Network Security Liability
This encompasses costs incurred due to actual or alleged security failures by third parties, such as an intrusion of insured systems or unauthorised access to reprogramming of software.
Privacy Liability
As custodians of confidential client information, investment firms are susceptible to legal liability claims arising from breaches of privacy. Safeguarding this data is paramount to maintaining trust and integrity in the industry.
Social Engineering Fraud
Also known as Funds Transfer Fraud, hackers employ sophisticated tactics to impersonate key personnel within investment firms, tricking employees into divulging sensitive information, providing access to business systems or making unauthorised transactions.
We are seeing some pretty sophisticated fraudulent instructions, even using AI deep-fake technology to manipulate videos and dialogue of C-suite executives.
Ransomware
A type of crypto-virological malware, ransomware is a prevalent threat, encrypting files or systems and demanding payment for their release. The financial implications can be substantial, including loss of income and increased operational costs.
A cyber insurance policy can cover several subsequent losses as a result of ransomware deployment, including:
• Increased cost of working, including contracting an extortion manager or other security experts to support the incident response process.
• Income loss as a direct result of ransomware deployment.
• Contingent income loss, where a third party associated with the insured experiences a ransomware attack, consequently causing an indirect loss of income for the insured due to the inability of the outsourced service provider to function effectively.
Event Management
Modern cyber insurance policies offer more than just financial reimbursement.
A good Cyber insurance policy will include pre and post-breach risk management solutions, which are typically optional to take. These services may include:
• Cyber security awareness training and phishing simulations
• Infrastructure vulnerability scans
• Pentesting
• Incident response stress testing
• Cyber claims hotline which can be used for suspected and certain claims scenarios.
In many cases, using these optional value-added services can yield positive outcomes for your business. Insurers typically encourage their use, signalling a proactive stance towards risk management.
For businesses paying higher premiums, there is often the opportunity to designate their preferred cybersecurity firm within their policy, with the associated costs covered by insurers.
However, insurers often have established partnerships with specialist providers. Opting for these designated partners might enable insureds to lower their policy retention or self-insured excess.
Strengthening Cybersecurity Measures
In an era where cyber threats loom large, it is clear that investment firms must prioritise cybersecurity measures and risk transfer solutions like cyber insurance. By understanding the evolving threat and leveraging comprehensive insurance policies with robust risk management benefits, businesses can mitigate financial losses and safeguard their reputation.
Embracing proactive cybersecurity strategies is imperative for the longterm viability and success of investment management firms in today’s digital age. While no single solution will stop attacks altogether, firms should procure a comprehensive, specialist, standalone cyber insurance policy to complement strong internal cyber security controls and procedures.
Firms must recognise the additional benefits incorporated into a cyber insurance policy. However, it falls upon their insurance broker to ensure they are fully informed about the
comprehensive range of services they are acquiring. This underscores the significance of selecting a seasoned, specialist cyber broker whose expertise proves invaluable in navigating the complexities of cyber risk management.
Reach out today to Tom and Roxy, Cyber specialists at Consilium, for expert risk management and insurance advice.
TOM ABBOTTS, Associate Partner, Cyber, Tech & Fintech tom.abbotts@consiliumbroking.com
Partner, Professional & Executive Risk Solutions roxy.zeb@consiliumbroking.com
BUFFER, TAIL HEDGED OR COVERED CALL: HOW TO SELECT OPTIONS-BASED ETFS
The market is still nascent in Europe, but options are increasing
BUILDING PERSONAL FINANCIAL FUTURES
Options-based ETFs have established themselves as a popular trade among investors in the US due to their play as a volatility hedge in portfolios.
Their ability to generate income has proved popular during the post-COVID-19 volatility when fixed income failed to defend portfolios amid high correlations to equities.
In theory, these strategies give investors protection on the downside while enabling them to participate on the upside, although this is usually capped.
Recent market highs and the return of bonds as a yield-generating instrument have dampened demand for such strategies, but not before a selection of ETFs found their way to Europe.
Over the past 18 months, Global X, First Trust and JP Morgan Asset Management have all launched options-based ETFs in a variety of flavours, including covered call, buffer and tail-hedged strategies.
The ETFs have important nuances for investors to understand with factors such as timing and cost key considerations when selecting an options-based ETF.
COVERED CALL ETFS
Covered call ETFs aim to deliver a consistent income by investing in a portfolio of stocks and selling call options on a portion of those stocks.
The call option gives the buyers the right to buy the underlying stock at a specific price – known as a strike price – on or before a certain date. In exchange for selling the call option, the ETF receives a premium.
If the underlying stock does not reach the strike price by the agreed date the call option will expire worthless while the ETF keeps the premium.
If the underlying stock hits the strike price, the ETF will sell the stock at the approved price and will still keep the premium as income.
However, should the price of the underlying stock significantly increase before the deadline investors could miss out on any additional gains.
One of the first covered call ETFs to launch in Europe was the UBS ETF US Equity Defensive Covered Call SF UCITS ETF (SPXCC) and the UBS ETF Euro Equity Defensive Covered Call SF UCITS ETF (E50CC) in August 2020.
This was followed by the Global X Nasdaq 100 Covered Call UCITS ETF (QYLD) in November 2022 and the Global X S&P 500 Covered Call UCITS ETF (XYLU) in July last year.
A slightly different take on the strategy, JPMAM launched the active JPM Global Equity Premium Income UCITS ETF (JEPG) last December.
Despite covering different equity markets, JEPG could be considered a more consistent strategy, aiming to deliver an income of 7-9% a year with less volatility than its benchmark, the MSCI World index.
Global X and JPMAM’s ETFs have a one-month duration, however, JEPG ladders its call options by 20% each week in a bid to generate more upside.
Tax considerations should also be taken into account. Depending on the jurisdiction, premiums could be considered as income tax, often charged at a higher rate than capital gains tax.
Investors may also want to consider UBS AM’s range of covered call ETFs. However, the Swiss issuer’s offering have failed to gather much assets, despite offering a lower headline fee and strong performance versus their peers.
BUFFER ETFS
Buffer ETFs – also known as defined outcome ETFs – work in a slightly different way to covered call strategies and aim to offer investors a pre-defined set of outcomes over a defined period.
Modelled after pricier structured products, key to the protection they offer is the life cycles of the ETFs. These are typically 12 months, with the options expiring monthly or quarterly.
For example, a buffer ETF with a lifecycle from 1 March 2024 to 28 February 2025 could aim to limit the losses over the period to 10%, capping the upside at 15%.
Timing an investment over that lifecycle is imperative for investors. For fund selectors to get the most out of buffer ETFs they must invest right at the beginning of the roll period to access the full potential upside.
Even if the market has not moved below or past the cap, any market movements will alter the potential outcome of the ETF if it is purchased beyond the start date.
This is the natural feature of the options contracts underlying the ETFs and came to the fore earlier this year when Global X’s product range appeared to dislocate from the defined outcomes advertised.
Some issuers are addressing this by offering laddered products, allowing more flexibility for investors to exit and enter the products. First Trust, one of the largest providers in the space, offers this in the US but has yet to add to its European ETF suite. Buffer ETFs tend to be more expensive than other optionsbased strategies and also carry different risks.
The strategy is complex and investors will have to familiarise themselves with the product’s mechanics.
CHART 2: BUFFER AND TAIL-HEDGED ETFS LISTED IN EUROPE
Another subset of defined outcome products is tail-hedged ETFs. These are designed to protect portfolios following tail events, significant market sell-offs such as the Global Financial Crisis and the pandemic-induced decline of 2020.
For example, in the event the S&P 500 experienced a 35% sell-off, SPAH would limit the losses to 5% and protect against the other 30%.
It does this by buying out-of-the-money options with a lower strike price, meaning it will only offer protection once the market falls below the strike price from the time the investor enters the contract.
Investors must consider the premium cost of the recurring purchases of protective options, which means the ETFs will likely underperform during upward and sideways markets.
SELECTING A STRATEGY
All of the options-based ETFs could be considered suitable for investors looking to hedge against volatility and generate income.
Selecting between a covered call, buffer or tail-hedged ETF can depend on the outcome investors want to achieve. The income-generating ability of covered call ETFs could act as an alternative source to high yield bonds via a defensive equity allocation.
While buffer ETFs' upside is also capped, if timed correctly they could generate more upside. Meanwhile, for those anticipating a black swan event or are concerned about bubble-like risks, tail-hedged ETFs could be the solution.
Ultimately, investors must also take a view on whether the capped upside is something they are willing to give away, or whether they might consider a low volatility ETF as an alternative equity hedge.
Highlighting this, the S&P 500 index is up 10.6% so far this year while the MSCI World index has risen 8.4%, as at 5 April.
TOM ECKETT, Editor, ETF Stream. tom.eckett@etfstream.com
STRENGTHENING
BUILDING PERSONAL FINANCIAL FUTURES
In today’s globalised marketplace, supply chains are critical in a wide range of industries, ensuring the seamless flow of goods and services.
The finance sector is no exception, as financial supply chains rely on intricate networks to facilitate transactions, investments, and run the business.
However, as supply chains grow in complexity and have an increasing reliance on technology, the need for robust supply chain security has never been higher. Gartner predicts that by 2025, 45% of organisations worldwide will have experienced attacks on their software supply chains, marking a significant increase from 2021.
Why Supply Chain Security Matters in Finance
A recent report from IBM shows that the financial services exhibit one of the highest industry average costs per data breach at £5.3 million.
As well as substantial financial losses, breaches can also lead to operational disruptions, and considerable damage to a company’s reputation. Vulnerabilities
within financial systems can also result in regulatory noncompliance, loss of confidentiality, integrity, and availability, and even the loss of critical intellectual property.
Regulation
Financial sectors are also facing heightened scrutiny in supply chain risk due to the implementation of regulations such as the Digital Operational Resilience Act (DORA). DORA requires financial institutions to transform the way they conduct supply chain risk management (SCRM.)
Nonetheless, regardless of whether you are impacted by DORA, it is imperative to re-evaluate your supply chain security to mitigate any potential risks on your organisation.
This article will delve into key principles that organisations can implement.
Gain Insight into your Supply Chain
It is essential to map out the various entities, systems, and data flows within your supply chain to understand who handles your data, where it resides, who can access it, and its vulnerabilities. Assess each partner’s level of vulnerability, the extent of their access to your data, and the potential impact on your organisation if their security is compromised. Find out what their stance on security is and whether they have any security certifications such as Cyber Essentials or ISO 27001, as this shows that they take security seriously. Without visibility, protecting your assets becomes challenging.
Review the entire Supply Chain
Attackers often exploit vulnerabilities in the weakest links, such as small vendors or open-source communities, with far-reaching consequences. Even a minor security incident involving a small thirdparty supplier can have devastating effects on the entire supply chain. By compromising just one entity, attackers can trigger a chain reaction that destabilises the entire supply chain. Therefore, robust security measures, including effective management systems, are crucial for addressing both physical and cyber threats.
SaaS Platforms
It is important to review every single application your organisation is using especially SaaS platforms. A recent study by Wing showed that the number of applications used by organisations is typically 250% larger than what a basic and often-used query of the workspace reveals. This causes a huge supply chain risk as it means employees are using a lot of applications that probably no one knows about or managing the associated risk.
Anticipate Breaches
Despite robust preparations, security breaches are inevitable. Therefore, supply chain security best practices focus not only on prevention but also on preparation. An incident response plan should be a core component of your supply chain security programme, outlining roles and procedures for addressing security incidents promptly. Test and refine these procedures regularly to ensure readiness.
Security Involves People, Processes, and Knowledge
Security encompasses more than just technology; it involves people, processes, and knowledge. Many breaches result from human error, highlighting
the importance of robust cybersecurity practices throughout the financial supply chain. Also make sure your organisation has regular training on cyber hygiene best practice.
Ensure Seamless Integration of Physical and Cyber Security
Efforts to enhance physical and cyber security should be seamlessly integrated. Attackers can exploit gaps in physical security to launch cyberattacks and vice versa. Therefore, an holistic approach to security is essential.
Continuous Communication
As supply chain security is an ongoing challenge, close collaboration with partners is essential. Continuously monitor security risks, assess their severity, and collaborate on preventive measures throughout your partnership.
WHAT ARE THE MAIN SECURITY RISKS WITHIN A FINANCIAL SUPPLY CHAIN?:
Third-Party Vendors with Access
Suppliers, including cleaning services and software engineering firms, that have access to information systems, software code, or intellectual property pose significant risks. Conduct thorough due diligence on every one of your supply chain partners.
Poor Information Security Practices
Lower-tier suppliers with inadequate information security practices can introduce vulnerabilities into the financial supply chain. Organisations should assess suppliers’ security measures and offer guidance or support as needed.
Compromised Software or Hardware
Procuring software or hardware from suppliers with compromised products can jeopardise the entire supply chain. Rigorous testing and validation of software and hardware components are crucial to mitigate such risks.
Third-Party Data Storage
Risks associated with third-party data storage or data aggregators should not be overlooked. Consider location and jurisdictional factors that may affect regulatory compliance. Establish robust contracts and security standards for third-party data management.
Geopolitical Events
Shifts in international relations, political instability, or trade disputes can disrupt your supply chain suddenly. Stay informed about political developments in your supply ecosystem to adapt quickly to changes.
As supply chains continue to evolve and grow in complexity so must your approach to safeguard them.
It is important that you and your organisation stay informed, adapt to emerging threats, and implement rigorous security practices to protect the integrity and future of your financial supply chain.
KATIE BARNETT, Director of Cyber Security, info@torosolutions.co.uk
WHY ERI DATA IS PUTTING OUR INDUSTRY AND ITS INVESTORS AT RISK JOURNAL
BUILDING PERSONAL FINANCIAL FUTURES
Wealth management professionals have been telling us for some time about the challenges they face around Excess Reportable Income (ERI). ERI reporting is not a new requirement, but the pressure is building as more investors find themselves with a holding in an offshore reporting fund. One reason is the growing reliance on Managed Portfolio Service (MPS) solutions. When more advice firms were running their own models and picking their own funds, platforms responded based on individual demand. However, since then, MPS providers have been adding ranges to platforms in their droves in recent years, increasing offshore fund exposure.
If a reporting fund is held within a general investment account, the investor must report ERI as part of their tax return. While some investors are aware of their offshore position, some aren’t. If ERI information is missing or incorrect, they can be fined up to 200% of the tax due, plus interest and late payment penalties. We also know that HMRC is taking a tougher stance on offshore interests. Around 24,000 nudge letters were sent in the 2022/2023 tax year, an increase of 31% on the previous year. It claims to have recovered £526m in tax receipts from offshore initiatives since 2019 and overall, tax penalties have increased by 25% from £681m in 2021-22 to £851m in 2022-23, marking a record high.
Underlying the problem is the fact that comprehensive ERI information is extremely
hard to find. Investment funds aren’t required to provide it in a standardised way, and it isn’t always accessible on their website or may not be up to date. Even though the fund’s status is displayed on HMRC’s list of reporting funds, this information doesn’t flow down easily. Clearly, this scenario has to change as it poses a significant risk for investors, puts a strain on advisors, and causes negative consequences for platforms and DFMs.
Against this backdrop, we decided to commission a whitepaper from financial services consultancy the lang cat to understand how different industry players are being affected and, ultimately, what can be done about it.
What the platforms told us
Our report found that 93% of investment platforms offer offshore funds, yet only 52% offer ERI reporting as part of their tax packs. They realise that this gap is causing issues for investors, and it’s also having ramifications for their own business. From a consumer duty perspective, offering offshore funds to invest in, but being unable to satisfy ERI reporting requirements, could be seen as failing to serve their target market effectively. Furthermore, some advice firms choose not to use a platform if it can’t provide sufficient ERI data, so they are losing money. Clearly there is a competitive advantage for platforms that can support advisers and investors with ERI data. Many want to help but they still struggle to know how with the resources they have.
Insights from advisers
The amount of data generated by such a broad exposure to offshore funds is one of the hardest aspects for advisers to handle. Another hurdle is timeliness. The payment date for ERI is always six months after the accounting period end date for the fund, whenever in the year that may be. This six-month delay means that ERI data may cross two tax years in line with the legal requirements, and taxpayers don’t realise they have tax to pay on a complex investment until after the deadline for paying it. Alongside the timing issue, there’s inconsistency in how this data is presented.
As a result, many advisers are resorting to manual processes to get data directly from managers or fund factsheets, or using multiple platforms, some with ERI reporting, some without. This is a huge challenge for the big firms, never mind the small ones, and mistakes are becoming more common.
Investment choices are being limited
Many DFMs admitted that ERI is a factor in deciding where to run their models. In one example, the manager has access to a universe with 13 available UK domiciled funds and 189 offshore. Some 95% of the top performing funds are offshore reporting funds, but they were omitted because of the lack of consistent ERI reporting. The investment manager understandably wants as many funds to choose from as possible. But in reality, if reporting standards are poor or non-existent, firms would rather not include them in a portfolio than increase the administrative burden for staff and clients.
Where do we go from here?
While this issue doesn’t affect every investor - only those with unwrapped investments containing Offshore Reporting Funds (ORFs) where there is a potential tax implication – this is where we’re seeing significant growth, so industry reporting standards need to keep up.
Accurate ERI reporting is essential to ensure investors get the most out of tax efficiencies. It is also crucial to protect against the reputational damage of getting ERI reporting wrong. Better data means better reporting so we must work together across the industry to improve data access for all parties.
Neither platforms nor advisers are under a legal obligation to report on ERI and the responsibility remains with the investor. However, it's unreasonable to expect the average investor to understand all of the intricacies when the experts themselves can’t always get it right.
Industry professionals should be protecting investors from foreseeable harm as well as offering more choice. We can all choose to be accountable and look for ways to raise the topic up the agenda until the ERI data gap starts to get the attention it deserves and hopefully regulators take notice.
A joint push for transparency, consistency and clarity, makes ethical and financial sense all round. We’ve been operating on borrowed time when it comes to ERI, and that time is running out.
MICHAEL EDWARDS, Managing Director, Financial Software Ltd
info@financialsoftware.co.uk
THE NEED FOR EDUCATION ON DORMANT ACCOUNTS’
BUILDING PERSONAL FINANCIAL FUTURES
In the UK, an astounding £82.3 billion in assets lies dormant across a variety of financial products, from pensions and bank accounts to investments and insurance policies. This figure includes £64.75 billion in lost or dormant pensions, £4.5 billion in bank & building society accounts and substantial amounts in other financial instruments, affecting millions of accounts nationwide. The need for education on dormant accounts is critical, especially amidst the cost-of-living crisis. Furthermore, we are now nine months on from the implementation of the Consumer Duty Act, which mandates that financial companies prioritise the interests of their consumers by ensuring transparency and providing robust support. Despite this, Gretel’s research highlights a staggering 27 million accounts in the UK are lost or dormant, revealing a significant gap in consumer awareness and engagement.
This is not just a minor oversight but represents a substantial pool of financial resources that could significantly change individuals’ financial health and economic well-being. This vast amount of unclaimed money is not just a statistic; it represents countless opportunities for individuals to improve their financial situation. Unfortunately, awareness and action toward reclaiming these assets are low. Many individuals are either unaware of their existence or face challenges in tracking them down due to lost paperwork, forgotten details, or lack of knowledge about the process involved in reclaiming these assets.
Wealth management firms and financial advisors are in a unique position to address these challenges. Using their expertise, they can play a pivotal role in educating clients about the importance of keeping track of all financial assets and what to do with any lost and forgotten financial assets they find. This trusted relationship with their clients can help raise awareness of Britain’s lost billions and offer help in putting the money to good use, for example finding lost investments and reinvesting to optimise returns for the future.
Despite the significant amount of unclaimed money sitting in UK financial products, efforts by individuals themselves to reconnect with their lost
or dormant accounts remain insufficient. A strikingly low percentage of people have attempted to track down their lost accounts, with only 6% looking for lost bank accounts—a significant drop from 13% in 2022. This decrease underscores a growing issue: the complexity and difficulty of reclaiming assets without proper guidance and resources.
Moreover, the lack of information and recall among individuals about their dormant accounts is alarming. Only a third remember the name in which the account was registered, only a quarter can recall the address and similar proportions remember the provider name and account type. Fewer than one in five remember the account number or value and one in ten say they don’t recall any details. Additionally, only 15% believe they could find any associated paperwork and 13% remember little because someone else set up the account on their behalf.
At Gretel we believe that the Consumer Duty Act has not only re-emphasised the need for financial firms to ensure they act in the best interest of their clients, it also materially raises the bar by seeking to drive cultural change. Now is the time that as an industry we can all step up and help our clients address the dormant asset problem in the UK. This multi-billion-pound problem not only affects individual consumers but also has broader implications for the financial industry and society at large.
The positive impact of reclaiming dormant assets extends beyond individual financial relief; it contributes to the broader economy by ensuring these funds are put to productive use. Therefore, the role of financial advisors and wealth management firms is more critical than ever. By focusing on client education, offering personalized advice and supporting the recovery of dormant assets, they can make a significant difference in improving financial well-being and addressing broader economic challenges.
At Gretel we are committed to supporting and improving financial outcomes for consumers by facilitating a seamless connection between customers and financial companies, ensuring that individuals can easily reclaim what is rightfully theirs.
DUNCAN STEVENS, CEO, Gretel duncan.stevens@gretel.co.uk
PROTECTING DIRECTORS AND OFFICERS
AGAINST EVOLVING CYBER THREATS
BUILDING PERSONAL FINANCIAL FUTURES
Wealth managers are facing a growing and evolving cyber threat in 2024, fuelled by increasingly sophisticated cyber-attacks and the uptake of new technology. For directors and officers (D&Os) already grappling with an environment of increased scrutiny, these threats heighten the potential for litigation. Nevertheless, by proactively addressing cyber threats and leveraging the protective mantle of insurance, D&Os can navigate this turbulent risk landscape with confidence.
Cyber threats are mounting Rapid digital transformation has driven a proliferation of cyber threats in recent years, exposing wealth managers to unprecedented vulnerabilities. Cybercriminals are deploying increasingly sophisticated tactics which, if successful, are capable of inflicting considerable financial damage: the global average cost of a data breach was US $4.45 million, according to IBM’s 2023 Cost of a Data Breach Report
When it comes to evolving threats, one cyber threat has become particularly prevalent: ransomware attacks account for almost a quarter (24%) of all malicious attacks, according to IBM. Ransomware attackers operate by attempting to seize control of a target’s operational or personal data. Once achieved, the attackers will withhold access or threaten to expose data, until a fee is paid. Ransomware is not new, but it too continues to evolve. To improve their leverage in ransom negotiations, many attackers have begun practicing exfiltration – in which data is copied, transferred, or retrieved from a server without
authorization, which can then be published online. For firms, even those with extensive data back-ups, this raises the prospect of unwanted reputational harm and divulging valuable trade intellectual property.
Just as cyber actors pursue new means of attack, firms themselves are investing in evermore complex technology. Uptake of artificial intelligence (AI) continues apace, from machine learning algorithms to novel generative AI tools. As firms increasingly integrate these technologies into their existing systems, this may create new entry points for cyber criminals. Meanwhile, the ease of access to many AI tools, and their potential to process personal data, exacerbates the likelihood of a GDPR breach.
The global average cost of a data breach was US $4.45 million, according to IBM’s 2023 Cost of a Data Breach Report.
D&Os under greater scrutiny
Ultimately, responsibility for mitigating cyber threats rests with the C-suite. D&Os not only have to oversee the implementation of cyber defences, but must stay alive to emerging cyber risks.
Fail to do so, and the consequences may be severe. D&Os are already under scrutiny from investors and regulators who closely monitor corporate governance processes. Association with cybersecurity failures, cyber-attacks, or any form of data loss or theft may be considered a breach of directors’ duties, and could lead to lawsuits against management. Similarly, poor AI governance, as well as the risk that directors and officers may overstate or understate AI risks, threats, challenges, and opportunities – a practice known as “AI washing” – are all potential vulnerabilities.
A tightening regulatory environment for cyber and related threats is placing boards under yet more pressure. In the UK, firms are already bound by the terms of the UK GDPR, which requires them to report any notifiable personal data breach to the Information Commissioner’s Office (ICO) within 72 hours. Take longer, and they’ll need to give reasons, or could incur hefty fines – up to £8.7 million, or 2% of global turnover, whichever is higher.
In parallel, a flurry of regulatory activity has sought to increase transparency and amplify scrutiny of businesses’ use of AI. The EU AI Act, approved by the European Parliament earlier this year, sets out strict requirements for any
firm deploying AI, and will apply to any UK firms that deploy AI systems within the EU. The UK, meanwhile, has so-far adopted a so-called ‘proinnovation approach’, establishing a principlesbased framework for regulators to interpret and apply to AI within their remits.
D&Os are already under scrutiny from investors and regulators who closely monitor corporate governance processes.
Association with cybersecurity failures, cyber-attacks, or any form of data loss or theft may be considered a breach of directors’ duties, and could lead to lawsuits against management
In any case, non-compliance with existing or forthcoming legislation has the potential to inflict reputational harm on offending firms. Once again, D&Os may find themselves the target of regulatory investigations or shareholder lawsuits for their failure to adequately monitor and oversee a critical corporate function.
Safeguarding against cyber threats
To mitigate against cyber risk, it’s crucial that wealth managers take steps to bolster their cybersecurity protections. Core to this is the need for a comprehensive crisis management plan, to be executed in the event of an attack.
This typically includes a multi-layered approach of:
1. Preventative controls – e.g. hardware and software solutions; risk assessments; data backups; staff training and crisis testing
2. Detective controls – e.g. identifying affected systems and isolating them from the remainder of the network; taking the network offline or deploying defences to mitigate the spread; informing staff, clients, and other relevant stakeholders; capturing volatile memory contents from affected devices
3. Corrective controls – e.g. alerting key partners to assist with strategy; reporting the attack to insurance partners and law enforcement; deploying decryption tools; wiping and rebuilding systems, including resetting passwords and checking backups
In practice, a robust approach to cybersecurity relies on a series of individual protections, including multi-factor authentication (MFA), endpoint detection and response, and secure data backups. To be most effective, any crisis management plan should also be stresstested through simulated incident and table-top exercises.
Once established, wealth managers can use their plan to future proof themselves in critical areas of legal risk, data handling and security breaches. It will also help to ensure that the firm, as well as its directors and officers, are well-protected from any D&O or client liability claims, regulatory issues, or other financial implications.
Insurance protections
Proactive cybersecurity measures are essential, but they do not offer complete protection against cyber threats. Recognising this, firms are increasingly turning to cyber insurance as a critical safeguard against financial and reputational damage.
Cyber insurance is not a substitute for cyber security investment, but rather a parachute for when matters escalate out of control. Policies provide comprehensive protection, including pre-incident support, security breach costs, ransomware costs (including potential ransom payments) post-incident assistance, and coverage for business interruption.
Firms should also conduct a review of their current D&O programmes. This will ensure the appropriate limits are in place, and that any potentially problematic exclusions are either eliminated or narrowed where possible.
For more information, visit Lockton’s Cyber page, or contact:
MICHAEL LEA, Partner & Head of Management Liability, Lockton michael.lea@lockton.com
CARLO RAMADORO,SVP, Cyber and Technology, Lockton carlo.ramodoro@lockton.com
LAURA SKAANILD, Head of Global Financial Institutions, Lockton aura.skaanild@lockton.com
WOULD YOU LIKE TO CONTRIBUTE AN ARTICLE?
Alongside updates from PIMFA, the Journal includes several useful inputs from our associate member firms. These articles are an excellent opportunity to gain interesting insights into the wider industry and to learn more about PIMFA associate members. If you are an associate member and you are interested in contributing to future editions of the Journal then please contact:
Nigel Ross-Scott, Copywriting & Publications Manager (NigelRS@pimfa.co.uk)