I picked up a press release about a medium sized firm of Financial Advisors changing over from paper based to scanned images for storing their client files.

Independent financial advisors, IFS, standardise on Kodak’s ScanMate i1120 scanners to manage client files

* Financial Services Authority requires client paperwork to be stored indefinitely
* Moving away from paper storage to scanning documents removes huge potential commercial risk to IFS if files were lost, stolen or damaged
* 100 ScanMate i1120 scanners sold by BMI Solutions in company-wide roll out

August 29, 2008 - Eastman Kodak Company today announced that Independent Financial Services Limited (IFS), a nationwide firm of independent financial advisors, has purchased 100 ScanMate i1120 duplex scanners for its branches throughout the country as it deploys company-wide electronic document management software to deal with client files and shift away from paper storage. The scanners were sold by online reseller, BMI Solutions, in a deal worth almost £30,000.

A pretty big story for IFS but not likely to hit the front page of the tabloids.

This got me thinking about how IFS and other firms, who we entrust with our personal data, ensure that it is kept absolutely safe. Paper records are remarkably safe, except if they get burned. They are very difficult to steal (compared to a DVD image) although they are labour intensive to manage. Physical security is easy to understand and manage, we have been doing it for a very long time after all. Data Security is much more nebulous. With paper records we can know if they are missing - because they are not there. With electronic records (generally) we don’t know if an unauthorized copy has left our control. I have never heard of millions of paper records being stolen!

Barry Wycherley, IFS’ chairman, says, “As a FSA[1] regulated business, we’re ultimately responsible for the advice given to clients and this is documented in paperwork which has historically all been paper-based. While it has never happened, this leaves the business vulnerable to claims if files were damaged, lost or stolen and we couldn’t prove what advice was given. Equally, while the FSA has a series of principals about file storage, these are open to interpretation, and we wanted to move from a position of hopeful control to something more concrete.”

The most significant part of this quotation is “the FSA has a series of principals about file storage, and these are open to interpretation”. Barry has a real point here and is obviously concerned about protecting his client’s data. To help firm’s like Barry’s, I think the Financial Services Authority better start handing out some more concrete advice as well as implementing a governance structure that ensures security is maintained.

It is obvious that there are real benefits for clients and the financial services companies as the press release says, but at what risk?

The whole process of moving away from paper to a computer-based approach to file management has allowed IFS to improve organisational efficiency and remove paper cluttering its offices. Using all its scanner equipment, staff have already disposed of 30,000 historic files after they have been scanned, a workload equating to 18,000 scans per day over a 3 month period.

Today, advisors scan paperwork into client specific folders and this documentation is captured automatically on a weekly basis using a bespoke application called IFS DB Manager which in turn populates a Microsoft Office Access database solution based at the Stonehouse head office.

Wycherley says, “IFAs produce tons of documents from the first ‘fact finding’ stage where clients’ personal financial circumstances are assessed and recorded, to applications, ongoing evaluations and then management of commission statements. The business was swamped with paper and deploying scanners and, in future a group-wide electronic document management system, will allow us to streamline this.”

In summary if the UK Financial Services Authority (FSA) is really so out of touch that it does not mandate proper storage and handling of our confidential records, then it better get started. Firms like IFS will implement advanced systems to scan and digitize records but without clear advice and governance around implementation we will have data loss scandals.

Banks, Insurance Companies and other financial services firms in the past have always had the scale to have security departments and have always had clear guidelines about what had to be done.

As the technology becomes more affordable and smaller firms like IFS start to implement we are duty bound to ensure they have the best possible advice to help keep our data safe.