threesixty Drafts Template Security Policy for IFAs to Counter Fraud
threesixty, the fee-based IFA support services provider, has designed a template security policy to help IFAs establish measures to tackle fraudsters.
The policy is aimed specifically at small to medium sized IFAs and provides a basic overview of what security measures they need to take to protect both electronic data and paper records.
Phil Young, Partner at threesixty, commented: “Security has become an increasingly important issue this year because the Financial Services Authority is putting it higher on the priority list and every IFA needs to have appropriate measures in place. Many IFAs do have some security to a greater or lesser extent but this template policy provides them with a checklist of additional items they might consider, and, importantly, a means of documenting their policy.
“Any IFA firm with a policy already in place could use ours as a checklist to ensure everything is covered. It includes a section on physical security as well as data – there is a lot of discussion around encrypting laptops but not all businesses verify everyone walking in through the door.”
Core to the policy is a suggested approach for authenticating the identity of a client before information is given by telephone. This has been an area of particular concern to the FSA following a number of identity fraud cases.
The policy outline includes a Client Authentification Form with a series of questions similar to telephone banking systems. The Form was produced by the Adviser Forum (managed by the Financial Technology Research Centre), in collaboration with a number of distributors and product providers. Firms without ready access to a client database for quick reference to client authentication details, may well decide not to provide information by telephone in future.
The template also includes links to relevant pages on www.getsafeonline.org, which includes further guidance on security, including recommended (and often free) software solutions for issues such as encryption.
A key reason for IFAs to formalise their security policy in a document is to inform staff and managers of their obligatory requirements for protecting technology and information assets and how these requirements can be met. The policy also provides a set of standards from which to work from when setting up and auditing internal systems and processes for compliance with the policy.
Policies may be used in conjunction with disaster recovery plans, business continuity plans, staff handbooks, access rights policy, appropriate use policy and other documents appropriate to a business.
threesixty clients can access the template policy for free via the website, www.threesixtyservices.co.uk.