New contributor and perma-worrywart The Engineer is back with a new concern: how to survive system meltdowns or other malicious goings-on at your financial services provider.
These days, my biggest financial worry isn’t losing my money in the markets.
It’s losing access to it altogether.
Beyond investment risk, my concerns range from technology failures through corruption, cockups and business failures, right up to the overthrow of governments and the collapse of society. (Yet somehow, I sleep soundly at night.)
That’s quite a spectrum, so I’ll leave the zombie apocalypse for another day.
From power failures to hack attacks to system meltdowns
For now I’ll focus on something much more mundane but also far more likely than the walking dead swamping Clapham: losing access to my investments because of an operational or technology failure.
How can trouble at your financial services provider fail thee?
Let me count the ways.
Glitches
System hiccups and upgrade mishaps causing a few hours outage are common at investment platforms (and everywhere else) but they are rarely a cause for panic.
It might even be a good thing for some of us. You could go out and play in the sunshine for a while rather than sitting inside hitting refresh on your portfolio valuation.
Migrations
System migrations can sometimes cause longer outages.
In 2018, both the Aviva investment platform and TSB Bank suffered painful transitions to new technology. In each case, whilst the full outage only lasted around a week, some customers struggled for a lot longer.
If you’re living off your investments then that sort of lockout could sting.
Cyber attack
Then there are cyber attacks.
Earlier this year, both M&S and Jaguar were hit by ransomware attacks that knocked out key systems for around six weeks. For retailers, that’s painful. For an investment platform it could be terminal.
Financial services companies have no tangible product. All they do is move data around. If investors no longer trust the company to look after their data, then the business is effectively dead.
Personally, I’ll admit that life wasn’t easy without my online orders for M&S Oscietra Caviar, but I suspect having no access to my money would be tougher.
What’s the worst that could happen?
It can surely only be a matter of time before a big financial firm is hit by a major cyber attack. (Indeed I’ve heard unsubstantiated rumours that it’s already happened, but allegedly the consequences were so scary that the hackers were paid off.)
I doubt investor data records would vanish entirely – that would require a monumental series of cascading failures – but it’s quite easy to imagine an outage running into months.
With the reputational fallout, the firm might just throw in the towel. Once in receivership everything would slow to a glacial pace. You might not see your money for years.
My emergency cash wouldn’t touch the sides of that sort of funding gap.
Shouldn’t somebody do something?
The industry is far from blind to the risks.
In the last few years, the FCA has pushed for better operational resilience and information security. All the trade bodies seem to have specialised working groups on best practice and the platforms themselves generally seem engaged.
So we can all relax, right? Well, no.
Which platforms should we avoid?
I can’t give you a list of the safe platforms and the dodgy ones. That’s partly because Monevator doesn’t seem keen on being sued, but mostly because in my experience none are perfect and none are terrible.
They all have rather more bits of string and Sellotape holding things together than you might hope, but invariably they also have some good people trying to do the right thing.
Some practical steps we can take
A few simple precautions:
- Keep records. Save a recent statement. It’s unlikely your provider will lose all data. But equally, it doesn’t take much effort to click save on a PDF. Just in case.
- Choose big companies. Deep-pocketed parents are less likely to abandon a damaged subsidiary.
- Invest through multiple platforms. Losing access to half or a third of your money would be alarming. But it would be a whole lot less alarming than losing access to all of it.
However, diversifying across platforms isn’t as straightforward as it sounds.
Eggs and baskets
Let’s say that after reading this article you are overcome by anxiety. With an abundance of caution, you spread your investments across four platforms: Vanguard, AJ Bell, Barclays Smart Investor, and Aviva.
Unfortunately, all your investment eggs would still be in the same technology basket: FNZ.
FNZ is the biggest technology provider in the UK platform market. It runs the underlying systems for many household names. So even if your assets are spread across different brands, they may all share the same machinery.
Note: I’m definitely not saying there’s anything wrong with FNZ. Indeed it’s clearly doing something right.
But if the goal is to reduce systemic risk, you need to use entirely different systems.
Investment platforms don’t usually highlight which technology they run on, but you can find out. The easiest way is to ask your favourite AI chatbot. It will work it out by trawling through old supplier press releases announcing new clients.
Beyond platforms
It’s not just the investment platforms we depend on. There’s a whole network of other organisations that also need to be functioning for us to turn our investments back into hard cash.
Should we worry about the fund managers we use? And what about the transfer agent that handles trading for them?
Instinctively these feel like lesser risks. They don’t need a public-facing web presence to function, and so may be less susceptible to attack.
Still, a risk.
How deep does the rabbit hole go?
We could go deeper and unearth yet more organisations to worry about.
What about the fund accountants and the payment services? What caterers do these organisations use? What if they all get food poisoning at the same time?
But there’s a time to stop digging for even the most paranoid investor.
Time to decide
I pretty much live off my money now and consequently tend to worry about these things more.
I use multiple platforms with different technology and invest with multiple fund managers (who coincidentally use different transfer agents but that wasn’t deliberate).
Of course, this isn’t just about cyber attacks. There are other reasons to spread your investments around – such as the regulatory compensation limits – but it’s good to understand these risks to help work out the best approach.
There’s no perfect answer, only whatever helps you sleep at night. Once you have an approach that works for you, stop stressing and move on to something else.
Keep records, use stable companies, spread your risk – and then relax.
Peaceful dreams!
Good article and not sensationalist. I will follow your advice and download my latest statements.
I have recently started to keep more ready cash “just in case”, having got out of the habit of having about £10.
I think it’s worth double-checking any savings are within the (new) £120k FSCS limit, ensuring savings spread across multiple banks are not part of the same group, such as RBS and Nat West.
Thanks for this. Interesting and important.
I use Interactive Investor for my SIPP and iWeb (now Scottish Widows) for my ISA. ChatGPT (first time user!) tells me both use proprietary in-house developed systems.
If accurate, not sure if this is reassuring or not.
Correct me if I’m wrong but the 120k FSCS limit applies to cash only right?
Since the funds and equities etc that one owns in a SIPP or ISA will be reclaimed if there is any issue with the platform provider as the fund provider is not the one that has any issue? As long as you can prove that you have the fund, stock etc in your fund by providing statements etc…
Thanks for this, it’s good to be paranoid to a certain extent!
I’ve been happy to use three platforms precisely because I always thought that if one ‘broke down’, I would still have access to another. However, I never thought to check the backend systems used by each platform.
Anyway, AI says all three (AJ Bell, HL and Freetrade) are different, with only AJ Bell using the mentioned FNZ.
However, I think all have hosting/data on various ‘Clouds’ so what happens if the clouds break down?
So useful @TI and extremely timely – Interactive Investor has currently locked multiple users including me out of their accounts after some sort of internal glitch. Mine followed adding a SIPP to the account and according to customer service I am not the only one. This occurred on Monday and still no access.
#5 AndyJ
[Gulp] just started diversifying my platforms by opening an ii SIPP!
I’d welcome being able to see this kind of info tabulated.
In response to “not 100% sure”
FSCS protects your broker against the problem of shortfalls. Ie, what happens when your broker does not have the assets they are supposed to have.
Welcome @The Engineer, and thank you for an excellent and thoughtful debut piece.
I kind of think that if the dreaded ‘event’ comes it will be a solar flare (inevitable sooner or later, see Carrington Event) or a ‘harvest’ data now, crack encryption later hack, possibly using quantum computing and Shor’s algorithm.
It certainly looks like there are good job opportunities going in trying to migrate systems (first and foremost financial systems) to post quantum cryptography (/PQC):
https://youtu.be/QFyWSN7UzfA?si=w9dk5mpOHJ-g8goI
My general assumption is that the high impact risk that most people are least prepared for (and most reluctant to discuss) is the one which is actually most likely to (eventually) eventuate.
BTW like @TI’s use of the label perma-worrywart. It’s ab important calling being a worrywart!
@ Andy J (5)…..ceo…richard.wilson@ii.co.uk
Not forgetting a roll of banknotes in case the tills don’t work. Those 16 rolls of toilet paper aren’t going to buy themselves….
“my concerns range from technology failures through corruption, cockups and business failures, right up to the overthrow of governments and the collapse of society”
It would actually be quite interesting to see a discussion of reasoning about the likelihood of severe problems being caused by events like these. It would be relevant for wondering how big a market crash does it really make sense to worry about, and how feasible is it actually to achieve security through investing alone.
This definitely resonates with me.
I was recently very fortunate to be specially selected by Vanguard to have my account frozen while additional Know Your Customer and Anti Money Laundering checks were undertaken. So far Vanguard have sat on my documents (their 2 page questionnaire and a 3 page letter of supporting evidence) for 6 weeks now. Apparently, after chasing I was told I am at the “final stages” of the checking by customer services, but I think that’s probably made up as AML processes can be pretty secretive even within an organisation. No idea when I will regain access.
Anyway, as I’m in drawdown, I’m very pleased that I’m using multiple platforms and I have some funds in cash!
Maybe an extra column in the broker table, ‘group’?
Good article and the elbow jog to download statements is timely.
I noticed Interactive Investor were delighted to inform me that my platform fees were going up by 25%. Clearly Abdn’s failure in the active asset management business have will now be paid for by fleecing retail custody clients.
Good to see coverage of some of the risks facing investors.
Of course the elephants in the room are the twin threats from the climate crisis and biodiversity loss. I very much look forward to a future article from The Engineer.
@The Engineer – thanks for an interesting and balanced article.
@Vic sorry to hear your ii fees have increased. I was surprised to receive an email from ii informing me that my monthly fee will decrease from £21.99 to £14.99. I have a sip and an isa with them. The one free trade per month isn’t changing.
@Paul 7
But surely that would not happen? Unless the broker is not buying the stock/ etf for you and is using the funds for something else? Or they have not registered your purchase and ownership. Otherwise there should be no issue – there will be an equivalent amount of the stock/ etf registered with them?
I seem to be getting more letters directly to me from the funds that I own – thus showing that my direct ownership is registered.
@A50S — There has been at least one case in the past where investors were threatened with not getting all their money back, even after a broker failure where the accounts were segretated:
https://monevator.com/even-brokers-can-fail-you/
Note: I don’t know how that story ultimately ended. But I wouldn’t like it if all of my assets were there!
And then there’s the potential for fraud/crime itself.
My motto:
https://monevator.com/assume-every-investment-can-fail-you/
@DrexL #16
In the spirit of the article I’m definitely keeping my SIPP and ISA’s on different platforms. The saving isn’t worth the brain damage for me.
I’m surprised nobody has mentioned sea bed cable cutting as a definite risk to asset access. Seems the country is unsurprisingly undefended against this.
In that event I guess we’d all be Musk Starlink fans though I’m far from an expert there.
Did anybody notice also that during the Tariff Tantrum that retail is plum last in line to get access to trade? All of my accounts were useless to trade anything for a number of days.
@weenie #4 “so what happens if the clouds break down?” It starts raining? Sorry. Most platforms will use one of the two behemoth cloud service providers. So yes it’s a risk. But it’s commodity stuff and they’ll have an established plan on how to recover with a different provider. So I think only a small risk of a long outage.
@PeterR #11 I was planning an article on corruption and cock-ups and whether we can rely on CASS but it gets harder to say anything helpful as you move further along the list to civilisation breakdown. Though I do have some good tips on taking out a zombie.
@Onion #12 I’ve also been caught in the AML source of funds trap. Positively Kafkaesque. Another one on my list to explore.
@John Edwards #15 Climate crisis, biodiversity loss. On the list 🙂
@TE Maybe civilisational breakdown is rather tricky to be helpful about, but another that comes to mind that it may be possible to analyse is the risk of government appropriation of assets eg based on historical occurrences.
@PeteR (21)
Government confiscation of assets is one of the topics covered in the short book ‘Deep Risk: How History Informs Portfolio Design’ by William Bernstein.
Halifax, iWeb and Lloyds Sharedealing (which are all the same platform) don’t even support two-factor authentication, which is ridiculous in this day and age. I moved away from Halifax for that reason.
Responding to “about 50% sure”
Assets have gone missing for one reason or another. see Wealthtek and Beaufort Securities for example.
When you hold assets in an ISA or SIPP they aren’t registered in your name, they’re registered in your brokers name, if they exist at all!
@DavidV (#22):
Which IIRC he suggests an interstellar spaceship as the only “practical” mitigation; although that may originate from another of his books!
Thanks @The Engineer a a lot of this resonated with me. I knew Aviva and Vanguard used FNZ but not AJ Bell.
@Vic Mackey #19 – I was locked out of Vanguard on the Monday morning after “liberation day” was going to use my ISA allowance to buy the dip but ended up doing SIPP reinvestment on HL instead. So that’s another reason to spread your cash spread around different platforms.
If we are going down the rabbit hole don’t forget custody. Nearly all brokers get a third party to hold investments on behalf of their clients. So if the goal is diversifying away from a single point of failure it feels like knowing who your broker/platform is using for custody services would be worthwhile.
And if you hold shares in your own name not via a platform then there’s the share registry’s. Most shares are dematerialised but it seems to be the same names popping up (Computershare, Equiniti – at least among the shares is the companies that I/the clan own directly). You can always go old school and get a paper share certificate, but then you’ve got to look after it!
Imagine being locked out of a spread betting account when you need to close out a losing trade!
@DavidV @Al Cam – thanks, will look at Bernstein’s writing.
Re mitigation and space ships – understanding the magnitude of these risks is not just about avoiding them, but also they may influence other decisions around risk. For example, say there were a practically-unavoidable ~10% assessed probability of severe financial loss from various causes, then it may affect the degree it seems worth reducing the probability of portfolio failure due to financial market volatility from e.g. ~10% to ~1% (where much discussion around safe withdrawal rates is focussed) – the latter may be overvalued if other risks are neglected. Also, it may raise the assessed value of diversifying beyond trying to live solely off investments e.g. maintaining the ability to earn some income from employment, which would seem like a potential way to mitigate wealth confiscation risks for people young enough.
Interactive Invester have a lot of my assets. I have never opened an account with Interactive Invester.
Sometimes the ground just shifts under your feet as one broker acquires business from another.
Hold a month’s expenses in cash in your household safe place. Small denominations.
Keep six months of expenses in local gold coins in your safe place.
Keep a five-litre canister of petrol or diesel in a well-ventilated place. Keep petrol away from sources of ignition.
If you have a licence, keep a shotgun and cartridges in you gun safe.
Great article – I do worry about these things. But I’m a bit sceptical about the value of downloading statements. Is that really going to help? What is the broker going to say? “All our systems are down so I can’t verify who you are, but I see you have a digital image showing a balance of £1m for the person you claim to be. If you give me some bank account details, I’ll get that balance transferred now. Oh wait, I can’t – all our systems are down.”
Serious question, though – how will a PDF statement help?
@Invariant – You’re right – if systems go down you won’t get any money whatever you have. And in any circumstances a PDF won’t prove anything – too easily doctored. But when the systems recover – or in the worst case when the receiver gets in touch a year or so later – at least a PDF will tell you what you should have. And it will be a starting point for the argument if they tell you something different. I’m going to keep mine.
@TE – You’ve got me thinking now. How does (or would) the FSCS protection on cash be managed in any scenario where the bank in question couldn’t produce evidence of what balances everyone had within the timeframe they promise to compensate people (which I think is quite short)?
I was going to suggest that maybe there was a market opportunity for an independent digital vault service where people could regularly lodge copies of documentation. It wouldn’t be perfect but would be much harder to forge/dispute regular statements that had been stored without any expectation of them being needed. But then I thought surely the regulators, auditor etc. have thought of this already.
I have pointed to this post before, and called it essential reading. IIRC the post has some real world lessons from platform failure, see: https://fireandwide.com/asset-liquidity/
Prompted by this useful discussion I decided to look into de risking my near-total dependence on a single platform – only to discover that funds in drawdown can’t be split up between different platforms, due to HMRC rules.
As I have withdrawn my full tax free entitlement, the drawdown account holds a large percentage of my portfolio. I am still waiting to hear if the small residue in my SIPP can be moved or if it has to stay with the drawdown account.
I will move the ISAs that now hold my tax free cash but it is not as much risk-spreading as I was hoping for. Something to think about perhaps for those being tempted by inducements to consolidate pensions into a single platform.
I’m an IT security specialist and I wasted over a decade in a bank where I was almost the only person interested in having the bank follow its own security policy. (Can’t tell you which bank – they’ve already complained about my writing online.)
There are a lot of reasons why organisations get terrible security. These include it involves a lot of work and people high in organisations value quick fixes with no subtle details. Also managers are reluctant to pass on the scale of any problem so they find other things do do that are easier to talk about and you can get into a culture of pretend security.
@Helen (#35):
Yup, partial transfer of drawdown accounts is generally verboten!
Not sure how many people know that, but definitely worth highlighting this potentially significant limitation. The use of qualifiers, such as “generally”, does make me wonder if there is some form of work-around. Anybody know any more?
Wow, it seems you’re right, a partial transfer of a drawdown fund isn’t allowed. That seems crazy. I’m stuck with many eggs in one basket with Fidelity till 55, as I don’t want to lose my rights to withdraw at that age, but then once i’ve put it into drawdown I will be stuck with a SIPP worth at least £750k that I won’t be able to split between providers. 🙁
I suppose when I’m 55 and about to crystalise it, I should split it into a fund of £1,073,100 and put anything else in a separate one.
@Paul,
AIUI, you can split uncrystallised assets in SIPPs but only if you can find providers prepared to do that and watch out for costs/delays/mechanism (in-specie or via cash) etc too.
I’d rather not. My uncrystallised assets have a protected pension age, and I’d be worried about that getting successfully transferred over to a new provider.