‘What would a big bank do?’: The importance of due diligence around tech

While advisers are famously time-poor, founder of The Cyber Collective, Fraser Jack, has stressed the importance of doing thorough research prior to inputting any data into a program, if for no other reason than to defend against regulators in the event that something untoward does occur.

“Being able to document that, to say, we checked this, we checked that, we checked the other, we’re satisfied with this, we’re satisfied with that. I’m not satisfied with this, therefore, we won’t use them,” Jack said on The ifa Show.

“Making some sound decisions, because what I always say to clients of ours is, ‘What’s defendable,’ right? So, if something happens in that tool in the near future and you’re then in trouble for putting stuff into that tool, client information into that tool, and the regulator or whoever it might be might come to you and say, ‘Well, didn’t you check?’

“It’s not defendable to say, ‘Oh, I just assumed that they would.’ You’ve got to actually do the hard work at the beginning, spend the extra few hours and just make sure that you understand how that works, and then you come out with an informed decision.”

Furthermore, Jack said that firms also need to consider long-term data protection when implementing new technology as more sophisticated hacking technology means that the future protection of client data is not necessarily guaranteed.

“Whenever we’re putting data into a system, especially if it’s a new shiny toy and we haven’t done our due diligence on the actual product itself and thought about, do I really want to put my clients’ data into this tool?” he said.

“Have you done the research to see what security standards they’ll have and what they do with that data, both now and in the future?

“Because I think what we’re going to see and what we’re increasing to see in cyber security is that the retention of that information in the future becomes less and less secure as systems become more and more able to crack those encryptions.”

However, according to Jack, advice firms could use the big banks as a guide when choosing technology, as these large institutions have strict and thorough processes in place when it comes to vetting the systems they use, theoretically reducing the risk of incorporating unsafe technology into the advice firm.

“Most of the time when you’re looking at this, you’ve got to try and work out, what would the big bank do in this scenario? And maybe I should try that as well,” he said.

“The process for a bank taking on a new piece of software would be, it goes through a fairly heavy due diligence process through the procurement process.

“What security standards you have in place, how do you behave, where’s the data stored, where is it and what’s going to happen with it? And those questions are all asked of companies prior to having a relationship with a large organisation.”

To hear more from Fraser Jack, tune in here.