Client confidentiality in Singapore in the age of cybercrime

Singapore’s wealth management industry needs to beef up its cyberdefences if it is to remain trustworthy

For any credible corporate services provider, client confidentiality is non-negotiable, and is arguably one of the most (if not THE most) important aspects of our job. Corporate service providers and wealth managers are required to hold a huge amount of sensitive personal data on their clients, such as lifestyle, wealth details, personal circumstances, as this helps build a proper picture of the client’s risk appetite, and ensures the actions we take are suitable for the client.

While complying with anti-money laundering (AML) and counter terrorist finance (CTF) regulations, the industry strives to ensure information is kept secret and confidential—trust is an essential competitive advantage, and should this be lost, a company’s reputation is unlikely to recover.

However, no matter how trustworthy, experienced, and discreet a wealth manager or corporate service provider is, if this data can be hacked digitally and published to the world, then the entire system is undermined.

Cybercrime is now firmly at the forefront of the public consciousness, thanks to the WannaCry ransomware that spread around the world, crippling computers, hospitals, companies, and other services. This type of crime creates disruption, can sow chaos, damages brands, and costs money.

According to Steve Langan, Chief Executive at Hiscox Insurance, cybercrime cost the global economy over US$450b in 2016, and some project this to hit US$2t by 2019. This does not include the added costs associated with the various protective measures firms are forced to invest in, as well as insurance.

Asia is one of the fastest-growing regions in the world, and one of the most vulnerable to cyberattacks, with numerous poorly defended banks and companies. Additionally, Asia is becoming a hub for cybercriminals, with 90% of Asia-Pacific banks and companies reporting an attack of some form in 2016, according to a survey by LogRhythm.

The monetary cost does matter, but for Singapore’s wealth management and corporate service provider industry, all cyberdefence strategies and defences should focus on the need to preserve client confidentiality.

No longer is a vault, and lock and key good enough, firms need to invest in IT systems, online security, firewalls, and dedicated cybersecurity personnel. Regular internal staff training needs to take place and employees need to recognise compromised e-mails and attachments, with alert systems put in place. Importantly, we need to educate our clients, and work with them on a common-sense approach to keeping their information safe.

While large companies have traditionally been targeted by hackers and leakers, smaller financial services firms are firmly in their crosshairs—few had heard of Mossack Fonseca until their data breach in 2016. According to latest figures, Singapore’s Assets Under Management (AUM) industry is worth S$2.6t (as of December 2015), supported by a large wealth management industry, yet with competition from Hong Kong and other jurisdictions, a downturn in the industry could have a significant impact. Experience, discretion, and knowledge matter in this industry; now it is time to add cybersecurity to the list.