Archive by Author

FPPad Bits and Bytes for July 15

Posted on July 15, 2011 by in Bits & Bytes

I’m flying with the family to Portland, Oregon tomorrow for business and pleasure. I’ll be speaking to the FPA of Oregon & SW Washington on Wednesday and visiting with a technology provider on Thursday. Outside of those commitments we’ll be touring the natural wonders of Oregon and relishing in the temperate summer weather (in contrast to 14 days of 100+ degree temperatures we’ve experienced here in Dallas!).

[Photo used under Creative Commons from camknows]

Now on to this week’s stories of interest:

Interactive Advisory Software joins the horse race with VC funding, a new look, and new CEO from RIABiz.com

[You’ve probably never heard of IAS unless you’re a user. They ranked far below competing platforms in the 2010 Financial Planning Technology Survey, so will their refresh and new marketing initiatives result in larger adoption by RIAs?] Based out of Atlanta, Ga., Interactive Advisory Software is stepping out of its “hidden gem” history with new investment, a new CEO, and a brand new look.

Fidelity adds trading to WealthCentral Mobile from InvestmentNews.com

[I suspect advisers are not too inclined to submit trades in client accounts from mobile devices. But from a marketing perspective, saying your app supports mobile trading is a nice checkbox in the functionality matrix] Financial advisers on the WealthCentral platform can now add trading to the list of things they can do from their iPhones and later model Android smart phones.

Social Media Archiving Meets the Back Office – a Cloud Computing Solution for Registered Investment Advisors from Arkovi.com

[Anyone heard of WinWeb? It’s new to me, and I have no clue how well they serve the adviser marketplace.] Arkovi and WinWeb Announce Integrated Partnership Bringing CRM, Social Media Archiving and Operations into One Solution for Registered Investments Advisors.

Orion Welcomes Advance Capital from PRNewswire.com

[Orion, the popular web-based portfolio accounting and service bureau, keeps gaining users and assets reconciled through their platform] Orion Advisor Services, LLC, a comprehensive portfolio accounting service bureau, is pleased to welcome new client Advance Capital Management, Inc., a Broker-Dealer and Registered Investment Advisor with almost $2 billion in assets under management including its own proprietary funds. Advance Capital Management joins a rapidly expanding roster of premier investment firms to utilize Orion’s innovative back-office solutions.

Read this month’s column for Morningstar Advisor, Save Time, Reduce Errors with Text Expanders. You might benefit tremendously from using tools like TextExpander and PhraseExpress.

And if you’re convinced your clients aren’t texting, you need to read my post this week for Blueleaf, Your Clients Are Leaving You In The Dust.

FPPad Bits and Bytes for July 8

Posted on July 8, 2011 by in Bits & Bytes

I took advantage of the typical summer slowdown and spent most of the week on vacation. I’m back at FPPad headquarters for the next week and then off to Portland, OR to speak to the FPA of Oregon & SW Washington chapter on July 20. Drop on by if you can!

Now, on to this week’s stories of interest.

Fiserv purchase of CashEdge could affect account aggregation space from RIABiz.com

[CashEdge is one of those names that pops up every so often when discussing account aggregation. However, it’s an incomplete solution for advisers seeking reconciliation-ready data for held-away accounts. So I don’t see Fiserv’s acquisition of CashEdge for $465 million dramatically altering the account aggregation space] $465 million deal is mostly a payment processing technology-grab, according to ByAllAccounts.

Envestnet unbundles portfolio management software for RIAs and it won’t be a sideshow from RIABiz.com

[Envestnet is competing in the portfolio management software market with its Vantage product. Will it be powerful enough to compete with market dominators Advent and Schwab?] Envestnet has long been the undisputed leading platform for separate account managers, used by tens of thousands of advisors. The portfolio management software capability it provided, on the other hand, was always viewed as an add-on service.

The Relationship Manager from AdvisorOne.com

[Actifi’s Spenser Segal identifies the Achilles heel of poor CRM software implementation: people] Even though CRM systems have matured, with many systems built specifically for financial advisors, most firms are only scratching the surface when it comes to taking advantage of key features that are designed to help advisors grow their practices.

FPPad Bits and Bytes for July 1

Posted on July 1, 2011 by in Bits & Bytes

Originally I was going to forego this week’s Bits and Bytes, but a few articles popped up in the latter half of the week that are worth sharing.

I’m still on vacation through next week, so let’s move on to week’s stories of interest:

How one RIA is running his practice on a Mac and finding it totally doable from RIABiz.com

RIABiz’s Nevin Freeman highlights how one adviser, Sunit Bhalla of Ft. Collins, Colo.-based OakTree Financial Planning, has successfully centered his practice’s technology entirely around the Mac platform.

 

FPPad On Holiday Break; Enjoy the 4th!

Posted on June 29, 2011 by in General

I’m taking a long break for the holiday weekend, taking my son (he’s 2) to go camping with Grandma and Grandpa.

I’m traveling with my iPad and MiFi, so I’ll be in touch periodically to address your questions, comments, and requests.

I do plan on publishing a Bits and Bytes update this Friday.

See you next week!

FPPad Bits and Bytes for June 24

Posted on June 24, 2011 by in Bits & Bytes

I’ve been in 100% focus mode this week, working on new products and services for FPPad’s consulting business. eBooks are a part of that development, too, so if there’s a hot topic in which you’re interested (e.g. iPad for advisers, social media compliance, etc.), please let me know.

Here are this week’s stories of interest.

Advisers: How do you know when it’s time for an upgrade from InvesetmentNews.com

Financial advisers, whether solo practitioners or members of a multiperson firm, need to think regularly about whether their technology is keeping pace with their business needs. Experienced advisers and technology experts have plenty of advice and experiences to share.

Portfolio management, reporting spawning new players, products from InvestmentNews.com

[Davis Janowski had a busy week this week!] Advisers seeking portfolio management software have choices beyond venerable offerings such as Advent Axys and Schwab PortfolioCenter. Take, for example, the demonstrations of two portfolio management and reporting systems that I received last week: PowerAdvisor and Atom Align Cloud Service.

Review: How Redtail got hot fast among RIAs and how it plans to leapfrog itself from RIABiz.com

[I reviewed Redtail’s upcoming Project Leapfrog release in May’s Morningstar Advisor column, A Popular CRM Gets an Upgrade] Fondly named after CEO Brian McLaughlin’s red-tailed golden retriever (not the hawk or the beer), Redtail is a Sacramento-based company living the American dream.

LPL Financial Provides Advisor Access to Social Media from FA-Mag.com

[If you read this month’s Morningstar Advisor column, How to Make Social Media Compliance Automatic, then you already knew Erado was on LPL’s preferred vendor list. Now the deal is official.] LPL Financial becomes the latest independent broker-dealer to allow its advisors to use social media, signing a multiyear deal with Erado Message Control Solutions that will provide monitoring that meets Financial Industry Regulatory Authority requirements for review of online marketing, officials said Wednesday.

 

FPA and ActiFi Publish Document Management Software Technology Report

Posted on June 21, 2011 by in Software

In the latest edition of their technology report series, FPA and ActiFi today released the “FPA-ActiFi Adviser Technology Reports: Document Management Edition” highlighting eight different software solutions available to advisers. Solutions reviewed include the following:

  • CNG-Safe (CabinetNG)
  • Docupace
  • eFileCabinet
  • Grendel
  • Laserfiche
  • NetDocuments
  • Solution 360° (Interactive Advisory Software)
  • Worldox (Trumpet)

I had the privilege of contributing to this report and wrote the introductory notes on the advent of document management and the benefits of using mature document management systems.

Like all FPA-ActiFi technology reports, FPA members have free access to the comprehensive research. The report is also available for purchase by non-members for $495 through the FPA Research Center.

Bug Affects Dropbox Security: What Advisers Need To Know

Posted on June 21, 2011 by in Compliance, Software, Technology

Just last week I wrote a post addressing Dropbox and its use by financial advisers. It’s worth reading, but the summary is:

  • If you are regulated by FINRA, don’t use Dropbox (or any web-based service where you place client information) without the approval of your broker-dealer’s compliance department. Even after approval, document what your policies and procedures are to keep client information safe.
  • If you are regulated by the SEC or state as a registered investment adviser, document the steps you take to protect the security and confidentiality of customer information placed on web-based services such as Dropbox. You may optionally apply your own encryption to files saved in Dropbox to better protect them from unauthorized access.

So what happened over the weekend?

During system maintenance on Sunday, June 19, Dropbox introduced a bug into its authentication mechanism. Click here to read Dropbox’s explanation of the issue.

In summary, for a period of about four hours, correct passwords were not needed to log in and access Dropbox accounts. All that was required was a valid email address associated with an active account.

Make no mistake, this is a serious security issue.

Anyone who might have guessed an adviser’s email address (or even look it up on the adviser’s website) which happens to be used for a Dropbox account storing client files would have been able to access, view, download, et. al. those files without needing a valid password.

However, for advisers who encrypt or otherwise protect documents stored on Dropbox with access passwords, unauthorized access to the Dropbox account would not have yielded access to the contents of the files; only the file names would be visible (for password-protected documents).

The security lapse should never have happened, but it did. I said last week that adding an extra layer of security and/or encryption was optional. I feel I must be more specific in my recommendation of Dropbox.

If you choose to use Dropbox to store and share documents with client information, encrypt and/or password protect those documents prior to placing them in Dropbox.

Yes, this extra security makes sharing documents a bit more convoluted, as clients with whom you share files must remember the password required to access documents. But consider the alternative without the use of the extra layer of security in Sunday’s scenario.

And really, you shouldn’t have to apply your own security, but Dropbox isn’t touting their service for the enterprise market or regulated industries like financial services. They’re first and foremost a company providing a product for consumers. Should you choose to use Dropbox for client documents, take the necessary steps to better protect client information from unauthorized access.

Also, consider alternatives to Dropbox such as SugarSync, Carbonite, Egnyte, Wuala, and more. They’re worth investigating and performing your own due diligence.

Laserfiche Mobile for iPhone Now Available in Apple App Store

Posted on June 17, 2011 by in Software, Technology

Just a quick FYI for those of you who use Laserfiche for your document management system.

The Laserfiche app for iPhone is now available for download in the Apple App Store.

Most document management systems have a web access component allowing documents to be viewed through a standard web browser. But Laserfiche is the first among document management providers to financial advisers to publish a dedicated app for a mobile device.

Some key features in the mobile app include:

  • Search across all documents in the Laserfiche repository
  • Search just for text in a document, document names, document field information (i.e. metadata), or any combination of the three.
  • Add a document to Laserfiche using the iPhone camera or by uploading an image from the device’s photo library.

After playing around with the demo repository, the app is fairly quick in its search function across included documents, though the demo repository is not terribly large.

Document previews are available for Microsoft Word documents by simply tapping on the document listing. To view PDF files, one must first swipe across the filename, then tap a document icon to open the export menu, then select either “Send as e-mail” or “View electronic document.” Once the PDF is downloaded, it can be exported to other apps compatible with PDF files, including iBooks, Goodreader, Dropbox, and more.

Nevertheless, I found the PDF preview process quite convoluted. It takes one swipe and three taps to view the file. Given the popularity of PDF files in a paperless office, this user interface in the Laserfiche app deserves to be simplified.

I like what I see in this app, but here are some enhancements I’d like to see in the near future:

  • iPad compatibility to take advantage of the significantly larger screen
  • Ability to limit or exclude searches in repositories. For example, I just want to see all documents matching “1040” in my client John Smith’s folder
  • Keyword search option while viewing supported files so users can find words and phrases inside a document. Today users can only perform keyword searches from the main search window.
  • An app passcode upon launching. Client files contain sensitive information, so should an iPhone be lost or compromised, it would be nice to require one additional passcode (in addition to the master device passcode) to be entered when subsequently launching the app.

Are you a Laserfiche user? Do you think you’ll make use of the new iPhone app? Why or why not?

FPPad Bits and Bytes for June 17

Posted on June 17, 2011 by in Bits & Bytes

Now that summer is here (where it won’t go below 75 degrees here in Dallas for another two months), the typical slowdown is upon us. I’m taking the opportunity to focus on several projects that I put off this spring and build up a library of topics for future blog posts and columns.

So is there something you’re dying to learn about in the financial adviser technology world? Perhaps a vendor tool or web-based productivity plugin? Contact me and let me know. I get my best content from advisers like you.

Now on to this week’s stories of interest:

An adviser dives into video stream from InvestmentNews.com

Davis Janowski had a hard time tracking down advisers using video and screen sharing software with clients and prospects. But when he identified one, he learned of the many ways this technology is helping one adviser grow his business.

What one big RIA has to say about its switch from Advent Axys to Advent Portfolio Exchange from RIABiz.com

How much better is APX over Axys, and it is good enough for a firm to want to stay on Advent’s platform? Read about one firm’s process of evaluating their options and APX conversion experience.

Think your millionaire clients aren’t e-media savvy? Think again from InvestmentNews.com

[Bill’s note: You shouldn’t be surprised by the results in Fidelity’s survey. The question is, what are you doing to deliver service to clients over their preferred media?] According to a Fidelity Investments survey released today, 85% of millionaires use or are willing to use electronic media, such as e-mail, social-media sites and text messaging, compared with only 43% of financial advisers and brokers.

SEI Quick Poll: 1 in 4 Top Financial Advisors Use Electronic Tablets for Client and Prospect Meetings from Marketwire.com

According to a survey of 150 top financial advisors at SEI’s National Strategic Advisor Conference in May, one in four respondents indicated they currently use electronic tablets for client and prospect meetings. Additionally, nearly half (46 percent) of advisors are thinking about using electronic tablets for work.

Securities America Jumps on the Social Media Bandwagon from RegisteredRep.com

[Socialware will be Securities America’s compliance technology solution] During its National Conference in Orlando, Fla., this week, independent broker/dealer Securities America announced its new social media program, which will allow all of its 1,800 reps to access and post content on Facebook, LinkedIn and Twitter in mid-July, said Leia Farmer, deputy chief compliance officer.

 

Dropbox for Financial Advisers: Is it Safe? Secure?

Posted on June 15, 2011 by in Compliance, Software, Technology

Update 6/21/2011: A bug affected Dropbox’s password authentication mechanism on June 19. Read my follow up post on what advisers need to know about the compromised security.

Financial advisers want to know: is Dropbox, the simple and convenient file storage service, safe and secure? The answer to that question may not be so clear.

Is Dropbox safe and secure?

Can I store and share client documents on Dropbox?

I get asked these questions about Dropbox, a simple and convenient file storage service based in the cloud, quite often at conferences and while consulting with financial advisers.

I’ve discussed Dropbox several times on FPPad (see The iPad for Financial Advisers and Wealth Managers, A Real Life Example of Productivity Tips in Action, and Dropbox Featured in Forbes; Tools Should “Just Work”), but have not specifically addressed security characteristics of the service as they apply to financial advisers and registered representatives.

Frankly, Dropbox’s security attributes of have been a moving target as of late. That’s not necessarily a bad thing for the wildly-popular service, used by more than 25 million people, but it is important that advisers take a close look at how Dropbox communicates regarding its security.

Is It Secure?

I won’t rehash the details of recent controversy over Dropbox’s changes to its statements on security here, but I do want to direct you to a resource that I feel fairly addresses the situation.

Over at TechRepublic, IT consultant Michael Kassner posted an interview with ChenLi Wang of Dropbox’s Business Operations. Read Kassner’s post to gain perspective on Dropbox’s changes to its security statements and how they apply to its users. Click the link below to read it first, then come back and continue reading this post.

TechRepublic: Dropbox: Convenient? Absolutely, but is it secure?

Security Discussion

Flickr: Grey Wind

Now that you have some background on the issue, let’s address security from the financial adviser’s perspective.

Without question, financial advisers collect and maintain personally identifiable information (PII) on clients in order to deliver financial advisory services. Both FINRA and the SEC have requirements in place that FINRA member firms and registered advisers must follow. SEC Regulation S-P, Privacy of Consumer Financial Information, is the primary rule by which advisers must abide to address the protection of client information and records.

With respect to Dropbox, what must advisers do to abide by the requirements?

If you operate under FINRA, you must first ask your broker-dealer’s compliance department what your options are when considering the use of cloud-based applications, including Dropbox. It’s likely your broker-dealer has performed due diligence on a select number of providers which likely include vendors of cloud-based CRM, portfolio management software, financial planning, and document management applications.

Empirically, some broker-dealers have approved the use of services like Dropbox for their registered representatives, while others prohibit its use. So I cannot provide specific guidance for those of you affiliated with a broker-dealer; check with them first.

If you are an SEC or state-registered investment adviser, you must have written policies and procedures in place that address the steps you follow to protect client information. If you elect to use Dropbox, document the steps you take that are designed to (taken directly from Reg S-P):

(i) insure the security and confidentiality of customer records and information;

(ii) protect against any anticipated threats or hazards to the security or integrity of customer records and information; and

(iii) protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.

From Kassner’s post highlighted earlier, Dropbox acknowledges that, in “rare circumstances,” a “small number of employees” are able to access user data according to the provisions in Dropbox’s privacy policy (e.g., when legally required to do so). Aside from the rare circumstances, Dropbox’s Wang went on to say:

We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and electronic security measures to protect user information from unauthorized access.

So let me challenge you, the adviser, with this question: What steps do you have in place to insure the security of client information stored on other web-based services? Have you performed similar due diligence on your CRM provider, online financial planning software, or even your online e-newsletter service? If you feel those services adequately protect the security of client information, how does that align with your confidence in Dropbox’s ability to provide similar protection?

Encryption

Before concluding this post, let’s briefly address the option of using additional encryption. To better protect client information, records can be encrypted using third-party applications before they’re transferred to web-based services like Dropbox (though I know of no methods advisers can use to encrypt client data stored in, say, web-based CRM. Does that make it more vulnerable?).

Remember, Dropbox stated, “all files stored on Dropbox servers are encrypted (AES 256).” Is it necessary to add yet another layer of encryption to files stored on Dropbox? Perhaps. If additional encryption is applied to documents stored on Dropbox, even if the “small number” of Dropbox employees access files legally under “rare circumstances,” all they will see are encrypted files with no meaningful data.

So, yes, the use of third-party encryption such as TrueCrypt, SecretSync, and others mentioned in Kassner’s post, does add an additional layer of obfuscation to protect against information access by Dropbox employees. But does that mean it is required to comply with regulatory requirements?

I believe the answer is no.

Files are already stored encrypted on Dropbox. There’s a reasonable expectation that the files will remain protected from unauthorized access. Assuming select Dropbox employees do access stored files, citing the legal requirement to do so, that access is likely to be authorized, as it is in response to a request from law enforcement. If this were to happen to you, you probably would have more to be concerned about than Dropbox decrypting your files and providing them to law enforcement.

Best Practices

Let me close with what I believe to be best practices for the use of cloud-based storage services, including Dropbox.

If you’re a FINRA member, check with your broker-dealer’s compliance department before using any web-based service. Obtain approval before storing any client information on such services. Also, document your policies and procedures regarding the steps you take to protect client data when using web-based applications.

If you’re an independent registered investment adviser, document the policies and procedures you employ to protect client data when using any web-based service. For added protection, you may optionally apply third-party encryption where applicable, but I believe it is not a requirement to comply with SEC Regulation S-P rules.

Do you have practical information with respect to these best practices? Perhaps your broker-dealer has raised issues on web-based services that are not included here. Please leave comments and feedback below to help clarify what advisers need to do to protect client data stored in cloud-based services.

 

Full Disclosure: I use Dropbox every day; it significantly simplifies my life. I store both personal and company files on the service. However, I am neither SEC or state-registered nor am I a FINRA member.

For those files that contain private or sensitive information, like social security numbers and bank account numbers, I add individual file password protection. All of these files are in PDF format, so I use Adobe Acrobat to encrypt all document contents with 256-bit AES and require a password to open the document.

Even Adobe PDF document passwords are not a 100% guarantee against unauthorized access. No password-based security system is. But with a combination of mixed case, numbers, and punctuation, the time required to apply a brute-force attack to crack the password may deter unauthorized users from an attempt, and instead seek out more vulnerable targets for an attack. I feel that this level of protection is adequate for my personal situation and acknowledge that the benefits of using web-based services like Dropbox are compelling enough to accept the risk trade-off. Your situation may dictate different considerations.