Adviser fraud protection help launched

Fee-based IFA support firm threesixty has designed a template security policy to help financial advisers establish measures to tackle fraudsters.

It says the policy, aimed at small to medium sized IFAs, provides a basic overview of the necessary security measures required to protect both electronic data and paper records.

Phil Young, partner at threesixty, says: “Security has become an increasingly important issue this year because the Financial Services Authority is putting it higher on the priority list and every IFA needs to have appropriate measures in place.”

Although many IFAs have some security in place, threesixty says the template policy provides advisers with a checklist of additional items they might consider and a means of documenting their policy. It also includes a section on physical security as well as data.

“There is a lot of discussion around encrypting laptops but not all businesses verify everyone walking in through the door,” says Young.

Core to the policy is a suggested approach for authenticating the identity of a client before information is given by telephone, an area of particular concern to the FSA, following a number of identity fraud cases.

The policy outline, which is free to threesixty customers, includes a Client Authentification Form with a series of questions similar to that of telephone banking systems. The form was produced by Adviser Forum, managed by the Financial Technology Research Centre, in collaboration with a number of distributors and product providers.

Firms without ready access to a client database for quick reference to client authentication details may well decide not to provide information by telephone in future, says threesixty.

Links to relevant pages on www.getsafeonline.org is also included in the template as well as further guidance on safety, including recommended software solutions for issues such as encryption.

A key reason for IFAs to formalise their security policy in a document is so that staff and managers are aware of their obligatory requirements for protecting technology and information assets, says threesixty.

The policy provides a set of standards to work from when setting up and auditing internal systems, as well as processes for compliance with guidelines.

Threesixty says it can be used in conjunction with disaster recovery plans, staff handbooks, access rights policy and appropriate use policy. threesixty clients can access the template free at: www.threesixtyservices.co.uk