SIFMA rolls out new guidelines on data protection
NAPLES, Florida -- Industry trade group SIFMA unveiled new guidelines on data aggregation to ensure private client information remains safe and secure.
"Ideally, this will initiate a lot of conversations, between advisors and clients, and between our member firms and third parties," says Lisa Kidd Hunt, executive vice president of business initiatives at Charles Schwab and chairwoman of SIFMA.
The move comes as high-profile data breaches and unauthorized sharing of data with third parties have affected tens of millions of Americans. Facebook CEO Mark Zuckerberg faced questioning before members of Congress this week over his company's sharing of data with third parties. Cambridge Analytica, a political data firm hired by the Trump campaign in 2016, allegedly gained access to private information on more than 50 million Facebook users.
Similar high-profile incidents prompted SIFMA to review how client data its member firms collect is protected and potentially used by third parties. In some cases, clients have been using third-party applications to aggregate their financial data, but they aren't aware of how much access they have consented to give such third-party applications or how their data is being used.
"I think we all do it. We don't read [user] agreements and we provide information that we trust is protected. So I think enabling people to make informed decisions is critical," says Hunt, who spoke to reporters at SIFMA's annual private client conference.
The use of such applications is understandable, Hunt adds. They can simplify complicated financial lives. But they aren't necessarily subject to the same regulations as banks and broker-dealers.
"I think there is a lack of consumer education around when they engage in this activity what else is going on there," she says.
The trade group's guidelines highlight four principles for its members, which include some of the largest wealth management firms in the business: access, security and responsibility, transparency and permission, and scope of access and use.
SIFMA executives emphasize that they're data protection initiative is self-driven, rather than prompted by regulators.
"We want to be out front, and say this is an issue that people need to be aware of," CEO Ken Bentsen says.
Of course, getting clients and even industry participants engaged around complex technological issues can be challenging, SIFMA executives acknowledge.
But the organization has long-term plans to empower firms to educate clients and collaborate with each other. And the consequences of a data breach at just one firm could imperil the entire industry.
"There is no competitive advantage to be the only firm engaged in data protection," Hunt says.