Editor's note: Rob Seidman is offering manager at Watson Financial Services at IBM. He started his career as a financial engineer at Algorithmics, a financial risk management company that was one of the first major FinTech firms, established over 30 years ago. The company was acquired by IBM in 2011, and Rob was present pre- and post-acquisition. After leaving IBM in 2013, Rob worked as a quantitative strategist at Quantifi and later as a senior presales consultant for S&P Capital IQ. In March 2016, Rob returned to IBM. His responsibilities are split between development, product management, and sales to bring financial services solutions to the cloud. The following is based on an interview with him.  
 

Rely On Counterparties To Secure Systems And Data Or Tackle Cybersecurity In-house?

Technology moves exponentially—not only in managing wealth, but overall. To keep up with the savviness of people who might have malicious intent, an exponential increase in a firm’s focus on keeping them out is required. But a question remains: What is your value proposition as a wealth management firm?

“I think at some point a firm needs to get introspective and ask themselves – are we trying to help people manage their money, or we trying to be a cybersecurity firm? Usually, trying to do both can stretch your resources thin if you want to achieve both to their fullest extent.”

Seidman sees an eventual shift toward standardization and letting those who specialize in it take care of cybersecurity. There are increasingly more IaaS products managed by teams of people whose sole responsibility is to make sure that these products are secure, compliant, and always up and running.

“Trying to manage cybersecurity yourself – something often perpendicular to your core competencies – seems imprudent in retrospect. Let the experts take care of what they’re best at, and focus on what you’re best at.”

Data Security Has No Borders

The role of data in wealthtech companies’ cybersecurity is an overriding concern. There is a lag in the financial service industry due to the extra-sensitive nature of data. Whether it’s on a third-floor on-premise server, or it’s externally stored on a third-party file system, it’s still data that needs to be protected and safeguarded. In this regard, regulatory compliance comes into action.

Many of wealthtech’s core business models involve satisfying financial regulation, which is not the same as technology compliance and regulation. If one manages physical hardware as well as the persons and processes around it, the first thing one has to ensure is ISO compliance. With the advent of GDPR, which protects and defines how companies need to treat European clients’ personally identifying information, there’s now a tremendous amount of work across the entire technology and software center to serve clients.

“The technology doesn’t necessarily care about geographic borders. Anyone who has a global client base or wants to do any business in Europe winds up having to make their entire global infrastructure GDPR compliant.”

Seidman says GDPR assures clients that the company is doing things not only in a regulatory correct way but also in a morally correct way. Having to meet GDPR’s capabilities cannot be physically transferred outside of the borders, which brings the cloud back down to earth.

“You have to respect the borders of a country like Switzerland, for example. Often data that you want to store on Swiss clients has to reside on Swiss servers, so it’s an extra layer of complexity from the data management perspective.”

It’s worth noting that in addition to GDPR, there’s a handful of regulations around data residency in specific countries across Europe. Because of this, making an infrastructure able to adhere to all such regulations is crucial if one wants to expand business.

The Bottom Line