Company News

BlackRock Exposes Confidential Data on Thousands of Advisers on iShares Site

BlackRock Inc., the world’s largest asset manager, inadvertently posted confidential information about thousands of financial adviser clients on its website.

The data appeared in three spreadsheets, linked on one of the New York-based company’s web pages dedicated to its iShares exchange-traded funds. The documents included names and email addresses of financial advisers who buy BlackRock’s ETFs on behalf of customers. They also appeared to show the assets under management each adviser had in the firm’s iShares ETFs.

The links were dated Dec. 5, 2018, but it’s unclear how long they were public. The documents were seen by Bloomberg and removed Friday. BlackRock, which oversees assets of almost $6 trillion, is the world’s largest issuer of ETFs.

One of the spreadsheets appears to list more than 12,000 entries of advisers and their sales representatives at BlackRock. On another, the advisers were categorized in a variety of ways such as “dabblers” or “power users.” A column noted their “Club Level” including the “Patriots Club” or “Directors Club.”

Pledging Review

“We are conducting a full review of the matter,” spokesman Brian Beades said in a statement Friday. “The inadvertent and temporary posting of the information relates to two distribution partners serving independent advisers and does not include any of their underlying client information.”

Securing data is known to keep Wall Street leaders awake at night. But most often, senior executives cite a fear of hackers, which has prompted some of the nation’s biggest banks to pour upwards of $1 billion a year into cybersecurity. It’s one area where financial firms set aside bitter rivalries, sharing tips and collaborating on projects to ensure the public remains confident in the industry -- and that it never suffers a catastrophic loss.

But even data breaches that don’t expose client assets risk reputational harm.

In 2014, JPMorgan Chase & Co. suffered one of the industry’s largest losses of information, estimating at the time that hackers had accessed contact information on more than 80 million clients. Chief Executive Officer Jamie Dimon vowed to increase the bank’s security budget and embarked on a hiring spree to build out those operations for what he called “a permanent battle.” He has repeatedly updated investors on those efforts in annual letters.

Firms can’t avoid breaches entirely, but they can react to them in a way that rebuilds trust, said John Reed Stark, who focused on internet crimes while working in the Securities and Exchange Commission’s enforcement division and now runs a cybersecurity consulting business.

“Data security incidents are inevitable,” he said after the incident at BlackRock. “The most important thing in this kind of situation is about the response from the firm, and whether they’re communicating accurately about what happened.”

WhatsApp messaging between RMs and clients raising compliance concerns

WhatsApp messaging between RMs and clients raising compliance concerns

Asia’s HNWIs are using smartphone apps to communicate with relationship managers, and bankers areresponding. This is causing problems for private banks, which must revisit their digital client communication channels, especially as regulators clamp down on investment suitability processes.

Do private banking apps need trading functionalities?

Do private banking apps need trading functionalities?

A growing number of private banks in the region believe that it is necessary for them to include trading functionalities in their mobile apps. Clients apparently demand it and the ability to trade will only enhance the overall digital experience, so they say. Indeed, many private banks offer this functionality at a premium.

Bond trading workflows still “very inefficient” at private banks, say external tech specialists

“Relationship managers rely on phone and email to share information in documents that take time for the banks to prepare manually,” said Vincent Caldeira, a former Bank of Singapore tech head and co-founder of Singapore-based fintech startup Bondlinc. “The process is also very inefficient.”