Financial advice businesses are increasingly leveraging technology to yield economic gains and operational efficiencies. However, progress in technology introduces complexity associated with managing client data and information. Although a business’s personal information policy should provide a strong framework, grey areas can emerge during implementation, requiring advisers to balance legitimate business needs with the responsibility towards clients’ data privacy.
In our annual ethics webinar, Discretionary Product Operations manager Derwina Morar hosted Zamani Ngidi, senior client manager for Cyber Solutions at Aon South Africa, alongside Allan Gray representatives, including legal adviser Felicia Hlophe, head of Retail Client Services Faizil Jakoet, and head of Retail Operations Jonathan Turner. The group shared practical advice on how to implement ethical considerations alongside legislated frameworks in data management. Watch the 42-minute recording of the panel discussion and read the key learnings below.
Key learnings
Simplify complex policy for effective implementation
While personal information protection policies are crucial, their effectiveness relies on successful implementation. When discussing Allan Gray’s approach, Jonathan Turner emphasised the importance of ensuring that relevant members of the organisation understand the underlying principles of the policies being implemented. He explained that grasping the essence of the policy can enhance the quality of decision-making.
Provide clear ethical guidelines to help navigate grey areas
Aligning staff around ethical issues can be challenging due to varying backgrounds and perspectives. However, a uniform approach is important to build trust with clients and mitigate risks related to data ethics. Felicia Hlophe outlined four key principles as useful guidelines:
The first principle is accountability. Ensuring individuals within the organisation understand that they cannot transfer or avoid their responsibility to uphold client data privacy and that maintaining clients’ best interests is everyone’s responsibility. Secondly, she explained that security safeguards, such as legislated policies, need to be applied according to the organisation’s unique circumstances. It is important to continuously assess the effectiveness of the policies being implemented. The third principle looks at purpose specification and ensuring that there is always a clear and lawful purpose for processing client data. Lastly, Hlophe spoke to the importance of transparency, explaining that both clients and staff members must have clarity on the company’s approach to data management.
Prioritise client safety over short-term discomfort
As cyber threats become more sophisticated, there is increasing pressure to remain vigilant and forward-thinking when it comes to clients’ data safety. When data management measures are adapted, there is the potential for clients to feel inconvenienced by the required changes, creating a level of service friction. In such cases, it is tempting to choose ‘’keeping the peace’’ over making the necessary changes. Faizil Jakoet explained that safety must take precedence over short-term discomfort. Implementing measures such as multifactor authentication and ensuring the accuracy of client data have become non-negotiable.
Zamani Ngidi added that it is important to educate and communicate effectively with clients about how these changes can protect their interests. This can enhance cooperation by cultivating mutual understanding.
Staff members in advice firms are not spared from additional administrative tasks, especially in the critical area of email security, where cyber threats lurk in daily operations. Zamani suggested not only having well-documented policies but also regular stress testing to ensure that the organisation can demonstrate comprehensive preparedness. He explained the significance of authentication measures on sensitive documentation, robust password controls and the inclusion of vulnerability scanning to monitor potential fraudulent use of the organisation's domain or similar aliases.
Place client interests at the centre
Navigating the everchanging landscape of technological advancement can make data management feel like a moving target. However, continuously viewing situations from the client’s perspective can enhance your ability to cut out the noise and focus on what matters most for your client and your business. This client-centred approach ensures that your business’s actions remain aligned not only with legal frameworks but also with ethical principles.