New contributor and perma-worrywart The Engineer is back with a new concern: how to survive system meltdowns or other malicious goings-on at your financial services provider.
These days, my biggest financial worry isn’t losing my money in the markets.
It’s losing access to it altogether.
Beyond investment risk, my concerns range from technology failures through corruption, cockups and business failures, right up to the overthrow of governments and the collapse of society. (Yet somehow, I sleep soundly at night.)
That’s quite a spectrum, so I’ll leave the zombie apocalypse for another day.
From power failures to hack attacks to system meltdowns
For now I’ll focus on something much more mundane but also far more likely than the walking dead swamping Clapham: losing access to my investments because of an operational or technology failure.
How can trouble at your financial services provider fail thee?
Let me count the ways.
Glitches
System hiccups and upgrade mishaps causing a few hours outage are common at investment platforms (and everywhere else) but they are rarely a cause for panic.
It might even be a good thing for some of us. You could go out and play in the sunshine for a while rather than sitting inside hitting refresh on your portfolio valuation.
Migrations
System migrations can sometimes cause longer outages.
In 2018, both the Aviva investment platform and TSB Bank suffered painful transitions to new technology. In each case, whilst the full outage only lasted around a week, some customers struggled for a lot longer.
If you’re living off your investments then that sort of lockout could sting.
Cyber attack
Then there are cyber attacks.
Earlier this year, both M&S and Jaguar were hit by ransomware attacks that knocked out key systems for around six weeks. For retailers, that’s painful. For an investment platform it could be terminal.
Financial services companies have no tangible product. All they do is move data around. If investors no longer trust the company to look after their data, then the business is effectively dead.
Personally, I’ll admit that life wasn’t easy without my online orders for M&S Oscietra Caviar, but I suspect having no access to my money would be tougher.
What’s the worst that could happen?
It can surely only be a matter of time before a big financial firm is hit by a major cyber attack. (Indeed I’ve heard unsubstantiated rumours that it’s already happened, but allegedly the consequences were so scary that the hackers were paid off.)
I doubt investor data records would vanish entirely – that would require a monumental series of cascading failures – but it’s quite easy to imagine an outage running into months.
With the reputational fallout, the firm might just throw in the towel. Once in receivership everything would slow to a glacial pace. You might not see your money for years.
My emergency cash wouldn’t touch the sides of that sort of funding gap.
Shouldn’t somebody do something?
The industry is far from blind to the risks.
In the last few years, the FCA has pushed for better operational resilience and information security. All the trade bodies seem to have specialised working groups on best practice and the platforms themselves generally seem engaged.
So we can all relax, right? Well, no.
Which platforms should we avoid?
I can’t give you a list of the safe platforms and the dodgy ones. That’s partly because Monevator doesn’t seem keen on being sued, but mostly because in my experience none are perfect and none are terrible.
They all have rather more bits of string and Sellotape holding things together than you might hope, but invariably they also have some good people trying to do the right thing.
Some practical steps we can take
A few simple precautions:
- Keep records. Save a recent statement. It’s unlikely your provider will lose all data. But equally, it doesn’t take much effort to click save on a PDF. Just in case.
- Choose big companies. Deep-pocketed parents are less likely to abandon a damaged subsidiary.
- Invest through multiple platforms. Losing access to half or a third of your money would be alarming. But it would be a whole lot less alarming than losing access to all of it.
However, diversifying across platforms isn’t as straightforward as it sounds.
Eggs and baskets
Let’s say that after reading this article you are overcome by anxiety. With an abundance of caution, you spread your investments across four platforms: Vanguard, AJ Bell, Barclays Smart Investor, and Aviva.
Unfortunately, all your investment eggs would still be in the same technology basket: FNZ.
FNZ is the biggest technology provider in the UK platform market. It runs the underlying systems for many household names. So even if your assets are spread across different brands, they may all share the same machinery.
Note: I’m definitely not saying there’s anything wrong with FNZ. Indeed it’s clearly doing something right.
But if the goal is to reduce systemic risk, you need to use entirely different systems.
Investment platforms don’t usually highlight which technology they run on, but you can find out. The easiest way is to ask your favourite AI chatbot. It will work it out by trawling through old supplier press releases announcing new clients.
Beyond platforms
It’s not just the investment platforms we depend on. There’s a whole network of other organisations that also need to be functioning for us to turn our investments back into hard cash.
Should we worry about the fund managers we use? And what about the transfer agent that handles trading for them?
Instinctively these feel like lesser risks. They don’t need a public-facing web presence to function, and so may be less susceptible to attack.
Still, a risk.
How deep does the rabbit hole go?
We could go deeper and unearth yet more organisations to worry about.
What about the fund accountants and the payment services? What caterers do these organisations use? What if they all get food poisoning at the same time?
But there’s a time to stop digging for even the most paranoid investor.
Time to decide
I pretty much live off my money now and consequently tend to worry about these things more.
I use multiple platforms with different technology and invest with multiple fund managers (who coincidentally use different transfer agents but that wasn’t deliberate).
Of course, this isn’t just about cyber attacks. There are other reasons to spread your investments around – such as the regulatory compensation limits – but it’s good to understand these risks to help work out the best approach.
There’s no perfect answer, only whatever helps you sleep at night. Once you have an approach that works for you, stop stressing and move on to something else.
Keep records, use stable companies, spread your risk – and then relax.
Peaceful dreams!
Good article and not sensationalist. I will follow your advice and download my latest statements.
I have recently started to keep more ready cash “just in case”, having got out of the habit of having about £10.
I think it’s worth double-checking any savings are within the (new) £120k FSCS limit, ensuring savings spread across multiple banks are not part of the same group, such as RBS and Nat West.