We make a living by what we get, We make a life by what we give.

Winston Churchill

Articles and opinion

This article was first published in The UK Wealth Technology Landscape Report, November 2020.

Rosalyn Breedy, Partner and Head of Financial Services at Wedlake Bell cautions that UK wealth managers should take time to consider the new legal risks that arise in making a move to full digitisation.

According to a 2018 McKinsey report the ability to generate value through digitisation will increasingly separate leaders and followers in North American asset management”.

According to Breedy, many UK wealth managers who are affected by a similar strategic imperative to achieve a reduction in costs and improvements in efficiency have over the last 18 months focused on outsourcing non-core IT and operations activities. However, one of the ironic outcomes of COVID-19 and the fast adoption of remote working has meant that UK wealth managers may now be more ready to consider the adoption of a fully digitised model.

“Wealth management is a service that traditionally relies on the personal approach and the delivery of bespoke offerings, privacy and security. Up until recently, many of the new technology offerings such as cloud, block chain, AI and robotics were resisted by UK wealth managers who are rightly ever anxious about their core function of protecting assets,” she says.

“Wealth managers globally are now starting to see how a strategic digital approach could help them to deliver a secure, mobile, scalable and customised client experience in addition to achieving the cost reductions and improvements in efficiency that have accompanied the outsourcing model”.

However, it is important that UK wealth managers pause to assess and evaluate the new legal and compliance risks peculiar to wealth management that arise in a fully digitised environment. The new legal and compliance risks basically fall into three categories:

First, management, reporting and protection of data whilst it is the case that UK wealth managers recently engaged in an extensive data management review in order to achieve GDPR compliance regarding the capture and storage of data. It is important that this exercise is reviewed from a cybersecurity view. Traditionally, wealth managers were not viewed to be as targeted as retail banks but that is changing, as a Norwegian state-owned private equity fund found out to its cost in May this year. The fund fell victim to a fraud which was caused by an advanced data breach. The fraudster used a mixture of manipulated and falsified information and managed to intervene in a lending transaction by impersonating the borrower.

Denial of service and phishing attacks are also areas of vulnerability for wealth managers. Also, as mobile clients move across borders with devices that can locate and evidence their whereabouts, might wealth managers be asked by tax authorities in the future to produce location data of client transactions?

Second, development and application of AI needs to be carefully monitored and managed. This is because AI-based decisions are not always transparent to even those that created them. AI-based decisions can be based on inaccurate data, be subject to bias, deliberate or unintended, and potentially result in discriminatory outcomes.

In addition, some applications of AI rely on machine self-learning and that can create issues as it may not be possible to control all possible outcomes.

Third, employee vulnerability. The boards of UK wealth managers will need to ensure that they have the requisite level of technological understanding to enable them to identify, monitor and mitigate digitisation risk as it evolves and to ensure that employees are trained and kept up to date accordingly.

Wealth managers have recently been focused on a number of regulatory changes such as the implementation of GDPR and the costs and fees disclosure regime in MIIFID II. In addition to understanding their duties with regard to the selection and monitoring of outsourcing partners, wealth managers may now need to pause and reflect on the additional legal and regulatory risks that follow from embracing a more digitised model.