Compliant Document Storage for RIAs: What You Need to Know
Share this
Compliant cloud document storage, or storage of data in general, is a hot topic right now. There's not a lot of guidance being provided by the SEC or state regulators in regards to actual, concrete rules around what advisors need to do in order to ensure their documents are stored in a compliant manner.
The best that we have right now? FINRA has released some rules around the idea that they prefer documents be stored behind a 256-bit encryption format. But this was created by FINRA, and it's not a hard and fast rule -- so it doesn't necessarily apply to SEC- or state-registered firms, and at this point it's unclear how it might apply.
There are a few things you can be doing to ensure that, as a financial advisor, you're being smart with your data. We want to be compliant and we also want to be sure we're not hacked and client-sensitive data is being stolen out of our systems. You never want to be the one to make a phone call to a client to tell them their identity was stolen thanks to a hack at your office.
Creating a Secure System for Your Compliant Document Storage
There are three layers of security that we need to consider. The first is how documents are actually stored on your computer and other devices. This also applies to servers, but most tech-savvy financial advisors use the cloud for storage. We discuss why cloud storage makes more sense in our free ebook, The Virtual Advisor.
The second layer is the transmission of data, which refers to the process of moving information from local storage to the cloud or moving files back and forth between you and your clients. The third is the actual cloud storage solution.
So how do you protect all these levels?
Secure Your Devices
The first step to take is to secure all your devices. Whenever you're logging into your computer systems, you always want to have a very secure password on your computer.
You want to be sure other people can't pick up your laptop and easily access information and documents on it -- which means making sure anytime your computer times out or goes into sleep mode, it requires a password when you return to actively using it (rather than just requiring a password when it's booted up from being shut down).
Use Encryption Software
Next, use encrption software on your computer so that if someone does hack the initial layer -- the documents actually being stored on your devices -- that they're not able to fully access your hard drive.
For PC users, you can check out BitLocker Drive Encryption to do this. If you use any devices running iOS, you can use OS X. Alternatively, Symantec offers a solution that works for both Windows and Apple operating systems.
Don't forget about mobile devices, too. Many of us link Google Drive, Dropbox, and of course our emails to our phones, so they need to be secured like your computer. Make sure you set up a PIN to protect your information -- but also note that this can be hacked through brute force.
To protect against this, you need the ability to remotely wipe data from your phone. For both Android and iOS, you can use Lookout. (If you're an Apple user, you can also set up Find My Phone.)
Secure the Transmission of Data
This is an area where many financial advisors can get into trouble. In order to secure transmission of data, you need to start by using a secure Internet connection. The Internet you use at your home or office is most likely just fine -- the issue usually comes when you're on a public, unsecured WiFi network.
Many folks will go and sit at the local coffee shop and upload documents to the cloud or handle email. It seems harmless, but the problem is that these networks are extremely easy to hack. Essentially, a middle schooler could hack the network and gain access to your data.
There are a lot of "spoofing" opportunities here, which means someone could set up a wireless network called, for example, "Starbucks3" and make it look legitimate. If you're not signing onto the real network Starbucks is providing for free and sign onto a fake network instead, a hacker can literally scrape any data you transmit over that wireless connection.
To secure the transmission of your data, you should avoid unsecured public networks. You can use a jetpack or mobile hotspot instead to avoid these issues. All of the major cellular carries offer these, and they turn 3G and 4G mobile data into a WiFi network that your computer can connect to. Many smartphones come with the capability to create mobile hotspots.
You can also get PrivateWiFi, which allows you to set up your own virtual private network (or VPN. You can then connect to the Internet remotely with a secure connection.
Another issue to be aware of when using your computer and connecting to the Internet: your choice in browser. Use a browser such as Google Chrome, which comes with a lot of built-in secure features to ensure the encrypted transmission of data.
And anytime you're sending sensitive information online, you want to check that the web address says "https." Http is the standard, and the extra s indicates the URL is secure.
Secure Your Documents Once They're in the Cloud
This is the area where many advisors -- and compliance experts -- are concerned, because there are different levels of encryption that each individual system uses. For example, Google Drive stores data with a 128-bit encryption, which is significantly better than the previous standard of 56-bit. However, it's not as secure as 256-bit, which is what FINRA has recommended as the new standard.
With this information, you have a couple of options. If you use Google Drive or Dropbox and prefer to continue using these programs, you can sign up for a separate program called Boxcryptor. It's very inexpensive -- $50 per year for a personal license, or $100 per year for business. (Individual advisors may be able to use the personal license; you only need the business license if you have staff members.)
Boxcryptor encrypts documents on your computer before you send them up to the cloud. The advantage here is that neither Dropbox nor Google Drive will be able to see anything about those documents you're storing in those cloud systems because of the encryption on them.
This is a way to ensure you can store all your documents using a cloud-based storage system. You can also share access on encrypted documents. You can set up folders where your clients can upload documents and they'll be automatically encrypted, too. It's very easy to use.
Another option is to simply move away from storage solutions like Drive or Dropbox and use a system like ComConnect File Sync. SpiderOak is another solution that offers built-in encryption.
Additional Recommendations for Working with Sensitive Documents
Here are a few additional tips to try when setting up compliant document storage for your RIA:
-
Always use 2-step authentication
-
Set up very secure security questions, or randomize your answers just like you can randomize password characters and numbers
Compliant document storage is a topic that we'll continue to revisit and seek to understand in the future. With the pace at which technology grows, we -- as an industry -- will constantly need to find new solutions, better security, and ways to remain both compliant and proactive about keeping files safe.
If you have additional questions on this topic, the go-to expert in this area is Blane Warrene. You can visit his site at BlaneWarrene.com or connect with him on Twitter @blano.
Share this
- Advisor Posts (420)
- Fee-only advisor (364)
- Advice (302)
- Blog (297)
- Independent Financial Advisor (191)
- Fee-for-service Financial Planning (133)
- Business Development (125)
- Running a Firm (107)
- Marketing (94)
- What Would Arlene Say (WWAS) (81)
- Practice Management (77)
- Training (76)
- Firm Ownership (75)
- Executive Coaching (70)
- Business (69)
- Business Coach (68)
- Building a Firm (64)
- Compliance (63)
- Financial Planning Firm (63)
- Growing Your Firm (61)
- Financial Advisors (56)
- XYPN LIVE (53)
- RIA Marketing (50)
- From XYPN Members (47)
- RIA Compliance (47)
- Starting a Firm (47)
- Technology (44)
- Fee-only Financial Planning (39)
- Advisors (38)
- Entrepreneurship (38)
- Marketing Your Firm (38)
- Prospecting (36)
- Conference (35)
- XY Tax Solutions (XYTS) (34)
- Tax Planning (32)
- Interviews and Case Studies (31)
- Investment Management (31)
- Marketing Strategy (30)
- Growing Business (29)
- Launching a firm (28)
- XY Investment Solutions (XYIS) (27)
- Tax Preparation (26)
- Business Owner (25)
- Business Strategy (25)
- Managing a Firm (24)
- Team Building (23)
- Marketing Funnel (22)
- Diversity (21)
- Annual Conference (20)
- Getting Clients (20)
- Sales (20)
- Small Business Owner (20)
- Social Media (20)
- Financial Planning Conference (19)
- Marketing Resources (18)
- Business Model (17)
- Chief Compliance Officer (COO) (17)
- Client Relationships (17)
- Content Marketing (17)
- Financial Planners (17)
- From XYIS (17)
- Hiring (16)
- Independent Financial Planner (16)
- Niche Marketing (16)
- Setting Goals (16)
- Tax Savings (16)
- Website Development (16)
- XYPN News (16)
- Business Vision (15)
- Sales Process (15)
- Business Growth (14)
- Email Marketing (14)
- Financial Advice (14)
- Networking (14)
- Media (13)
- Press Mentions (13)
- RIA (13)
- Tax (13)
- XYPN (13)
- Advertising (12)
- Goals (12)
- Assets Under Management (AUM) (11)
- First Year (11)
- Investing (11)
- Next Generation Financial Planning (11)
- Niche (11)
- RIA Owner (11)
- Sales Pipeline (11)
- Current Events (10)
- Filing Taxes (10)
- Financial Coaching (10)
- Taxes (10)
- Year-End Tax Planning (10)
- Advisor Success (9)
- Client Management (9)
- Fintech (9)
- Inbound Marketing (9)
- Communication (8)
- How to be a Financial Advisor (8)
- SEC (8)
- Study Group (8)
- Time Management (8)
- XYPN Membership (8)
- Branding (7)
- Digital Content (7)
- Financial Planning Fees (7)
- Financial Planning Process (7)
- Lessons (7)
- Mental Health (7)
- Pricing Models (7)
- RIA Registration (7)
- Virtual Advisor (7)
- Business Plan (6)
- From Our Advisors (6)
- Growth (6)
- Mentorship (6)
- Motivation (6)
- Risk and Investing (6)
- Tax Season (6)
- Abundance Mentality (5)
- Advisor Website (5)
- Automation (5)
- Behavioral Finance (5)
- Client Experience (5)
- Client Service Model (5)
- Clients (5)
- Connection (5)
- Filing Status (5)
- Financial Planning (5)
- Inclusion (5)
- Investment Planner (5)
- Marketing Plan (5)
- Michael Kitces (5)
- Outsourced Tax Services (5)
- Processes (5)
- Racism (5)
- Real Financial Planning (5)
- Retirement (5)
- S Corpration (5)
- Support System (5)
- TAMP (5)
- Tax Return (5)
- Transitioning Advisor (5)
- Wealth (5)
- Bear Market (4)
- Broker-Dealers (4)
- CFP Certification (4)
- College Planning (4)
- Continuing Education (4)
- Independent RIA (4)
- Lead nurturing (4)
- Marketing Coaching (4)
- Money Management (4)
- Online Marketing (4)
- Outsourcing (4)
- Professional Development (4)
- Scaling Firms (4)
- Search Engine Optimization (SEO) (4)
- Selling a Firm (4)
- Small Business (4)
- Succession Plans (4)
- Tax Forms (4)
- Transitioning Clients (4)
- Virtual Meetings & Events (4)
- XYPN Radio (4)
- Year-End (4)
- AdvisorTech Expo (3)
- Annual Review Process (3)
- Budgeting (3)
- Client Avatars (3)
- Community (3)
- Company Culture (3)
- ESG Investing (3)
- Emotional Decisions (3)
- Engagement (3)
- Fiduciary (3)
- Financial Life Planning (3)
- Getting Leads (3)
- Google Analytics (3)
- How to be a Successful Entrepreneur (3)
- IRA (3)
- Industry Trends (3)
- Initial Sales Call (3)
- Life planning (3)
- Lifestyle practice (3)
- Market Volatility (3)
- Membership (3)
- Monthly Retainer Model (3)
- Paid Marketing (3)
- Partnership (3)
- Pricing (3)
- RIA Audit (3)
- Recordkeeping (3)
- Risk Assessment (3)
- Scaling Up (3)
- Staying Relevant (3)
- Tax Extension (3)
- Tax Firm (3)
- Tech Stack (3)
- Unhappy Clients (3)
- Value Proposition (3)
- Wellness (3)
- Work Life Balance (3)
- Workplace Issues (3)
- Advice-Only Planning (2)
- Benchmarking Study (2)
- Certified Public Accountant (CPA) (2)
- Changemaker (2)
- Charity (2)
- Coaching (2)
- Community Property (2)
- Conflict Management (2)
- Design (2)
- Differentiation (2)
- Employee Benefits (2)
- Entrepreneurial Operating System (EOS) (2)
- Exchange-Traded Funds (ETF) (2)
- FINRA (2)
- Feminism (2)
- Finding Your Why (2)
- George Kinder (2)
- Graphic design (2)
- Growing Income (2)
- Health Care (2)
- Ideal Clients (2)
- Inflation (2)
- Investment Adviser Representative (IAR) (2)
- Key performance indicator (KPI) (2)
- Keynote (2)
- Learning (2)
- Local Meet-ups (2)
- Market Downturn (2)
- Mastermind Group (2)
- Members (2)
- Monthly Subscription Model (2)
- Negative Rates (2)
- Organization (2)
- Outsourced Asset Management (2)
- Personality Types (2)
- Portfolio Management (2)
- Productivity (2)
- Psychology (2)
- Recommended Reading (2)
- Registered Representative (2)
- Registration (2)
- Restricted Stock Units (RSU) (2)
- Scott Snider (2)
- Solo Advisor (2)
- Start Ups (2)
- State Registration (2)
- Stock Options (2)
- Target Market (2)
- Tax Refund (2)
- Team Communication (2)
- Value of Financial Planning (2)
- Video Production (2)
- Virtual Assistant (2)
- Virtual Paraplanner (2)
- Yields (2)
- Accounting (1)
- Advisory Board (1)
- Analogies (1)
- Anti-harassment (1)
- Arlene Moss (1)
- Assistant (1)
- Behavior Gap (1)
- Bonds (1)
- Books and Records (1)
- Broker Protocol (1)
- Broker Recruiting (1)
- Bull Market (1)
- Buying a Firm (1)
- Career Changers (1)
- Careers (1)
- Carl Richards (1)
- Carolyn Dalle-Molle (1)
- Cassandra Worthy (1)
- Charitable Donations (1)
- Charitable Giving (1)
- Childcare (1)
- Compassion (1)
- Consulting (1)
- Consumerism (1)
- Continuity Plan (1)
- Creatives (1)
- Credit (1)
- Cryptocurrency (1)
- Custodians (1)
- Custody Rule (1)
- Dan Sullivan (1)
- Definitions (1)
- Designations (1)
- Direct Indexing (1)
- Disasters (1)
- Dr. Sean Stephenson (1)
- Earn More (1)
- Education (1)
- Elizabeth Dunn (1)
- Enrolled Agent (EA) (1)
- Entity Election (1)
- Entrepreneur Myth (1)
- Equity (1)
- Event Planning (1)
- Events (1)
- Family (1)
- Fee-Based Financial Planning (1)
- Fidelity (1)
- FinTech Winner (1)
- Finance (1)
- Financial Freedom (1)
- Financial Goals (1)
- Financial Life Management (1)
- Financial Planning Platform (1)
- Financial Preparedness (1)
- Financial Wellness (1)
- Form 8606 (1)
- Form 8915-E (1)
- Form ADV (1)
- Gen X (1)
- Gen Y (1)
- Google Search Ads (1)
- Graduates (1)
- Grief (1)
- Guide (1)
- How I Did It series (1)
- How to Budget (1)
- Human Resources (HR) (1)
- Impact Investing (1)
- Impostor Syndrome (1)
- International financial planning (1)
- Interns (1)
- Introverts (1)
- Investor Policy Statement (IPS) (1)
- Job burnout (1)
- Job description (1)
- Job posting (1)
- LLC (1)
- Lead conversion (1)
- Lending (1)
- Liquidating your business (1)
- Loans (1)
- Merging Practices (1)
- Michael Gerber (1)
- Miguel Gomez (1)
- Millennials (1)
- Mission (1)
- Moira Somers (1)
- Moving Forward (1)
- New Planner Recruiting (1)
- NextGen (1)
- NextGen Clients (1)
- Online Courses (1)
- Orion (1)
- Part Time (1)
- Paying Yourself (1)
- Paystub (1)
- Perfectionism (1)
- Professionals (1)
- Project Management (1)
- Projecting Returns (1)
- Purpose (1)
- Quarterly Estimated Payments (1)
- ROI (1)
- Recession (1)
- Recruiting (1)
- Referrals (1)
- Regulators (1)
- Reinvention (1)
- Relationships (1)
- Remote (1)
- Required Minimum Distributions (RMD) (1)
- Retreats (1)
- Risk Management (1)
- Roth Conversations (1)
- Roth IRA (1)
- SEC Regulation S-P (1)
- Sabbatical (1)
- Saying No (1)
- Scaling (1)
- Schedule Management (1)
- Schwab (1)
- Sean Stephenson (1)
- Sequence Risk (1)
- Slow Season (1)
- Socially Responsible Investing (SRI) (1)
- Spending (1)
- Stop Saying Should (1)
- Strategy (1)
- Supervisory Procedures (1)
- Supporting Clients (1)
- Systems (1)
- Target Audience (1)
- Teamwork (1)
- Terms (1)
- Tim Maurer (1)
- To-Do List (1)
- Total Return Approach (1)
- Traditional IRA (1)
- Transitions (1)
- Virtual (1)
- Vulnerability (1)
- WRAP Programs (1)
- Women (1)
- XY Learning Center (XYLC) (1)
Subscribe by email
You May Also Like
These Related Stories

What Advisors Need to Know about Solicitor Referral Arrangements

Investment Management Options for Registered Investment Advisors
