Wealth management is more than just helping clients grow and maintain their wealth, it’s also about building trust. And with the rise of artificial intelligence (AI) and digital currency platforms, that trust is only as strong as your firm’s digital defenses.
Below are the four most pressing data privacy concerns keeping forward-thinking advisors up at night, what you should be watching for, and ways to defend your clients’ data.
- The AI Safe-Use Rule
Public AI models are like sponges. Feed a standard, non-enterprise version of an AI tool sensitive client details—tax IDs, net worth statements, or health history—and that data may be used to train future models, and inadvertently leak private data into the public domain.
What to do:
Verify the Environment: Never input Personally Identifiable Information (PII) or sensitive financial data into a “Free” or “Public” AI model.
Use Enterprise Only: Use only the firm-approved, System and Organization Controls (SOC) 2-compliant AI tools. Ensure “Training Mode” is toggled OFF in settings. This is a voluntary, American Institute of Certified Public Accountants (AICPA)-developed standard for service providers to manage customer data securely, focusing on five trust service criteria: security, availability, processing integrity, confidentiality, and privacySOC 2 compliance.
Anonymize Inputs: If using AI for portfolio analysis, refer to clients as “Client A” rather than by their legal name.
- The New Fraud: Deepfakes & “Pig-Butchering”
Social engineering has evolved far beyond those “Nigerian Prince” emails that permeated the 2000s. Now, deepfake audio and so-called “pig butchering” (building a relationship with clients to eventually drain their accounts) are the most recent tactics scammers use.
What to do:
Mandatory Verbal Verification: Every outbound wire or transfer request must be confirmed via a live phone call to a number already on file—even if the email or “voice note” sounds perfect.
The “Secret Phrase” Protocol: Encourage high-net-worth clients to establish a non-digital “safeword” for emergency authorizations.
Deepfake Awareness: Be skeptical of “urgent” requests from clients claiming to be in a crisis. If they sound slightly “robotic” or the cadence is off, hang up and call them back.
- Third-Party Leakage: The Weakest Link
You might have a digital fortress, but what about your Customer Relationship Management (CRM) tool, your recordkeeper, or your cloud storage provider? Third-party leakage is the risk that your data is compromised because their security failed. For example, a CRM data breach can expose your entire book of business in seconds, regardless of how strong your local office password is.
What to do:
Annual Audit: Review the SOC 2 Type II reports of your CRM, cloud storage, and recordkeepers once a year.
Least Privilege Access: Ensure staff members only have access to the specific third-party tools required for their direct role.
- The “Digital Shadow”: Ghosts of Data Past
Privacy is about what you’re doing now and what you did 10 years ago. This “Digital Shadow” includes:
- Unencrypted PDFs of statements sitting in “Sent” folders.
- Legacy client data on old hard drives.
- Outdated spreadsheets on shared company drives.
What to do:
The “Sent” Folder Purge: Clear out attachments from your “Sent” folder that are older than 90 days. If it’s important, it should be in the CRM/DMS, not your email.
Encrypted Delivery Only: Never send tax returns, SSNs, or account numbers via standard email. Use the secure client portal exclusively.
Decommissioning Hardware: Ensure any replaced laptops or tablets are professionally wiped and certified before disposal.
The Bottom Line
Data privacy protects your clients and your reputation and requires constant vigilance.
Partner Kimberley Cronin is an accomplished attorney and a member of the firm’s Corporate Practice Group, providing expert legal counsel and representation to established companies, start-ups, and individuals nationwide. For more than two decades, she has delivered cutting-edge, tailored legal advice to financial advisors, registered investment advisory firms, and broker-dealers operating in the financial services industry, and can help solve the most complex legal issues.
Messner Reeves LLP’s banking and finance practice is here for you.
If your firm has experienced a data breach in the past, or simply wants to ensure your practices measure up to the latest regulations and minimize risk, our attorneys have the counsel, experience and know-how to help.
From industry-specific compliance obligations, and complex and general transactional matters, to regulatory and dispute resolution activities, our attorneys work collaboratively with you to address any litigation, state or federal regulatory concerns, and other legal matters.
Learn more about our Banking & Financial Services practice.
