With cyber attacks on the rise and data security regulations placing a greater burden on investment advisors, how can a wealth management firm affordably maintain the IT infrastructure and specialized staff necessary for survival? When the leaders of Fidelity Investments asked themselves that question, the answer was clear. They decided to outsource their IT function and convert to a cloud-based platform.
A Cloud-Based Solution for Fidelity Investments
Fidelity’s cloud-based virtual desktop solution offers its advisors remote access to the entire suite of Fidelity business tools and applications via desktop, laptop, tablet, and smartphone. The innovative platform also features centralized document storage in the cloud, which gives advisors the capability to access all of their documents and email anywhere, anytime.
In order to implement its cloud conversion and maintain the virtual desktop solution, Fidelity contracted with a cloud outsourcing company. Fidelity’s arrangement with its IT vendor gives Fidelity’s RIAs the opportunity to contract directly with the vendor; advisors have the ability to bundle or customize services with a subscription-based pricing model at a discounted rate.
Without the need for in-house servers and dedicated IT staff, financial advisors can avoid costly periodic upgrades and control their IT budgets. In addition, Fidelity’s RIAs can eliminate IT headaches by using the dedicated support personnel of their IT contractor.
The advantages of Fidelity’s cloud conversion are not limited to increased profitability and productivity, as advanced security is the hallmark of Fidelity’s cloud-based platform. Among the services provided by Fidelity’s IT contractor are antivirus, unlimited dual site replicated email storage, and replicated file storage.
Cybersecurity Requirements of Investment Advisors
With the SEC shifting its focus to cybersecurity, investment advisors have an ever-increasing data security burden. Federal security laws require registered investment advisors to establish and implement written policies and procedures that will provide reasonable protection of their clients’ records and information.
The stakes couldn’t be higher, as failure to comply with SEC regulations can result in federal charges against RIAs. In September 2015, a St. Louis-based investment advisor settled SEC charges related to a failure to establish required cybersecurity policies and procedures. The SEC discovered the lack of compliance following a security breach that compromised the personally identifiable information of thousands of the investment firm’s clients. Even though nothing indicates that any of the firm’s clients suffered financial harm as a result of the cyber attack, the SEC formally censured the RIA and ordered the firm to pay a $75,000 penalty.
FINRA is also cracking down on RIAs that fail to meet the required data security and privacy practices. In its 2016 Regulatory and Examination Priorities Letter, FINRA stated that it will focus on firms’ supervision and risk management related to their technology infrastructure, cybersecurity, technology management, and data quality and governance.
In 2015, FINRA punished a financial firm for failing to encrypt confidential client data on a lost laptop computer that contained confidential financial and personal information of more than 350,000 clients. Although none of the firm’s clients suffered identity theft as a result of the security breach, FINRA censured the firm and instituted a fine of $225,000.
Fidelity’s Cloud Conversion and Data Security
When Fidelity launched its cloud-based platform, the company reduced operational costs and complexity while simultaneously increasing system security and stability. Fidelity’s virtual desktop solution features intrusion detection and prevention, as well as two factor authentication. Access control to Fidelity’s platform is permission-based, and all data is highly encrypted.
In addition, Fidelity’s cloud-based solution offers enhanced business continuity capabilities and advanced disaster recovery. Fidelity’s system utilizes a primary data center and a secondary data center, and they are connected with a high-availability configuration. Using dual data centers enables replication of the server data, which includes the operating system, all applications, the database, and data.
RIAs and Cloud Outsourcing
As a wealth management firm, Fidelity is subject to a specific set of standards regarding cybersecurity and data protection, but many IT contractors are not familiar with SEC and FINRA regulations. Therefore, Fidelity utilized the services of a cloud outsourcing company that specializes in wealth management software.
Matching the accomplishments of Fidelity’s innovative platform is possible for any RIA, and choosing a reputable information technology company that has investment-sector experience is essential. An RIA should select an IT vendor that has the ability to help broker-dealers overcome the challenges specific to firm growth, as well as the expertise to implement the business-continuity and disaster-recovery plans required for regulatory compliance. Computing no longer has to be confined to the office, and a quality cloud platform can enable any RIA to innovate for success.
OS33: A Winning Platform
The precise platform Fidelity chose to base their cloud infrastructure on is known as OS33. ITSG is an OS33 certified delivery partner, and is adept at transitioning businesses from traditional IT infrastructure or other solutions to a full cloud system built on OS33. For more information, take a look at our Total Cloud page, or give us a call at 484.443.4000 for a consultation.