Register For Our Mailing List

Register to receive our free weekly newsletter including editorials.

Home / 479

Will tokens fix Optus hacks and investment paperwork?

The cyber attack on Optus has focussed the minds of millions of Australians on the implications of a loss of private data and identity fraud more than any other hack. Optus revealed that data exposed included customer names, dates of birth, phone numbers, email addresses, home addresses and driver’s licence or passport numbers.

In its Financial Stability Review this week, the Reserve Bank highlighted the risks to financial stability from cyber attacks:

"There have been further high-profile cyber incidents in recent months, including the recent Optus data breach. A significant cyber event could undermine confidence in the financial system and have systemic implications. Financial institutions, governments and financial regulators continue to work together to enhance the resilience of the financial system to cyber risks."

While most of the attention has gone on telcos and banks, clients of many funds and brokers and administrators provide a significant amount of personal data with little regard for how their details are protected. Many processes still require a paper-based application form and personal identification and certification, despite the advances in the areas of fintech, regtech, roboadvice, AI, machine learning and blockchain.

Surely we can do better, and 'tokenisation' offers promise for a more efficient future. But first ...

A painful and costly application process

Over the last couple of months, I have witnessed a family member become increasingly frustrated with what should be a straightforward account-opening process. Following the sale of a house, the family wanted to invest the substantial proceeds in term deposits, and their accountant recommended an aggregation site that offers accounts from many banks. There is an incentive to split the money into $250,000 lots to gain the government guarantee under the Financial Claims Scheme.

After completing the paperwork of wet signatures, certification of copies by authorised agents and posting in the documents, follow up emails and phone calls were eventually answered with a confession that the paperwork had 'disappeared'. They were short-staffed and struggling to handle new accounts. The whole process started again and eventually the account was set up, and following further delays in accepting the fund transfers, the money was finally invested.

The accountant admitted many of his clients had experienced similar problems. The lost interest was in the thousands of dollars as the money sat in the transaction account of a major bank paying nothing.

We've been here before

Four years ago, Chris Cuffe wrote an article called 'Investing complexity is a massive industry failing'. I doubt whether Chris expected little would change for many years when he said:

"I have too many other priorities to be bothered filling out lengthy application forms. Yet I want to invest with some fund managers who only offer their products through unlisted managed funds with application processes which have changed little in 20 years. Sigh! Here comes the slog.

Section 1, Type of Investor, Individual must fill in sections 2 and 5. Trust or super fund, such as an SMSF, fill in sections 2, 4 and 5. Each different type of applicant fills in different sections. Is it the section for an Individual or an Individual Trustee? What if there are two trustees? OK, let’s take a guess ...

Identify both trustees, including Tax File Numbers (TFN). Then it says, “You must attach certified copies of documents to this application form.” Is that all documents? Choose Option A, or Option B Category 1 PLUS Option B Category 2 as forms of identification. Who are the beneficial owners? Which TFN does it mean? Identify them as well. Then identify the SMSF itself, including a certified copy of an 80-page trust deed. What! Is that the entire document or the cover page, and is it every page that needs certifying? And do they need any deed amendments too or just the original deed? ..."

Surely, we've come a long way from that?

The frustrations were obvious at a recent Connect Forum arranged by Calastone, which processes around 95% of managed fund transactions in Australia. Annick Donat, CEO of Clime Investment Management, speaking on a panel session, said:

"What keeps me awake at night? How do we get off this merry-go-round? This industry is highly regulated, but not to its benefit, not to anyone's benefit in the value chain or the ecosystem. And I sit here in three decades, and we're having the same conversation that we were having three decades ago. We've changed nothing, nothing at all. We've created more friction, not less. And we're supposed to be an advancing industry looking after people other people's money." 

Harvey Kalman, Group Chairman of MSC Group, said the current set up was regulation-centric, not client-centric. To compete with other investment opportunities, the investor’s decision and its implementation had to be achievable through a series of simple taps on a keyboard or other devices.

"What has been frustrating me for a long, long time, is the fact that we are still paper-orientated even if we think we're not paper-orientated. Having just filled out an application form for one of the nonprofits that I chair and I have to actually sign my name and then scan it and fax it back, and then get a call back from Macquarie Bank saying, "Please repeat all the information that you put onto your application form" and the telegraphic transfer tells me that we need something to solve this problem. By asking people to keep on repeating the data and re-identifying themselves – whether the fund is a complex structure or a simple one – we’re not allowing unlisted managed funds to compete."

What is tokenisation and how might it work?

The Calastone forum addressed key questions on digital transformation and tokens:

  • Can tokenisation usher in a new collective investment model built on next-generation infrastructure?
  • How can we better connect with tomorrow’s investors?

The mix of challenge and opportunity was set out when Ross Fox, Calastone’s Head of APAC, stressed the need for the industry to act before it was ‘pushed into disruption’ like the music, media or retail industries before it. Edward Glyn, Head of Global Markets at Calastone, said the traditional managed fund structure ‘is not a recipe for success in a rapidly-advancing digital age’. There are too many different participants playing a part for the supply chain. It is slow, costly, highly fragmented, difficult to service and certainly not ‘value-centric’. Little had changed since the first managed fund in 1924.

In contrast, tokenisation – where a fund is represented digitally on distributed ledger technology (DLT) infrastructure – gives all players, from asset managers, distributors and platforms to the many different service providers, access and input within a single, technical ecosystem. Tokenisation converts something of value into a digital token on a blockchain application.

In 2019, Calastone launched a DLT-enabled distributed market infrastructure (DMI) and they hope to power collective investment products in a DLT-based platform covering the entire fund value chain.

Tokenisation also paves the way for innovative products that would not otherwise be viable. Examples include customised or personalised strategies giving differing exposures to a basket of assets, including private markets, illiquid and other non-traditional assets. The fractionalisation capabilities of tokenisation may further democratise wealth management by allowing people to access high-value assets previously out of their reach.

Younger generations demand investing is easier

Tokenisation can play a part in bringing the industry closer to a new generation of investors who demand a fully digital investment experience. These investors want a user experience on par with that offered by lifestyle apps – one that is easy to set up, allows instant purchases with clear and fair pricing, and offers the transparency to see whether the underlying investments align with their values.

Calastone argued that the industry must do its own disrupting before others step in. A major uplift in investor experience is required, take the regulator along on industry-wide automation. 

Calastone's Chief Technology Officer, Adam Belding, provides more detail in this article on making tokenisation a reality.

"By representing the ownership of any asset, or pool of assets – for example, a portfolio of shares or a physical piece of art – as digital tokens, investors could have more efficient access to a broader range of investment solutions."

The implications of the Optus hack

There seems potential for the intense political and regulatory focus created by the Optus saga to go one of two ways regarding tokenisation:

  1. Accelerate the move to tokens as a solution to identity theft, etc, OR
  2. Impair the move to tokens because regulators will impose new laws which make innovation even more difficult.

Adam Belding gave me this response on the dichotomy:

“Tokens are by their nature more integrated into a security architecture, leveraging distributed ledger technology to operate. For example, Microsoft’s Confidential Consortium Framework, which we are leveraging to operate DLT at scale, has strong protections in built against system corruption, data leakage, and tampering. With this in mind, financial services could look to DLT-enabled tokens to enhance their resilience and the positive reaction from regulators around the world towards token-based collective investments could accelerate that process.”

Either way, investors need a more efficient way to identify themselves for account opening, encouraging more competition when it is easier to transfer between product providers, safe in the knowledge the personal details cannot be stolen. And throw away those paper application forms. 

 

Graham Hand is Editor-at-Large at Firstlinks and attended the Connect Forum as a guest of Calastone. This article is general information only.

Some tips from the Commonwealth Bank website (Firstlinks has not checked these services and readers should make their own enquiries).

If you’re concerned your ID may have already been compromised

IDCARE is an independent organisation that provides free support to individuals impacted by fraud or scams. You can contact IDCARE by calling 1800 595 160

SavvyShield makes it easy to temporarily ban access to your credit report if you think your identity has been compromised. In the event someone tries to apply for credit under your name, the application will be blocked. You will need to download the Credit Savvy app and verify your identity to sign up to the service, or log in if you are an existing customer.

 

12 Comments
George
October 23, 2022

Tried to open a TD with one of the smaller banks and even with an existing account still required all the form filling and Id proof and certification. But the real problem was their data had mixed up my first and second names so when I provided the details for the TD , they claimed that my names were different ....so had to fill out more forms with more details and more certifications.......
I withdrew the lot and went elsewhere.....

Dudley
October 23, 2022

I have noticed that both bank staff and customers (ie self) have been de-skilled relative to before CoVID. Both need to transact more slowly to avoid mistakes.

John
October 15, 2022

Considering everyone has gone digital this is probably not possible but worth reflecting on. Any database of this nature should be totally isolated from any internet connection whatsoever. Best way is an 'air-gap'.

Property investor using TDs
October 14, 2022

I did the same thing (investing property sale proceeds in term deposits, staggered to generate cash for progress payments on a new building and spread across several institutions to get the governmentguarantee on each TD).
Some banks make it hard. Their Know Your Client processes are difficult. But some were easy. Thorough but easy. So we went with them. The easy ones were Macquarie, Judo and Gateway. There may be others but if you need 3 then go with them.

Kevin
October 14, 2022

Tell me about it,it will be the death of me.Once a year I have to pay interest in advance on a margin loan,mission impossible.
Say $100K @ 6%.Easy.E mails are sent out late by the bank.Letters arrive after the date that action needs to be taken.E mails I send to the bank are not bounced back to me.The bank denies they have received them.E mails I send are bounced back to me,the bank denies they have problems with their systems.
One instruction I have bill paid $6K into the margin loan to pay the IOA.Do it,how is it possible this instruction cannot be followed or carried out.
Every year,it never ends.I think I have gone to the banking ombudsman 4 times with it now.Awarded costs for the stress and time it takes for me to try to get them to transfer money between accounts.

I tell them I will go into the local branch,they can scan,send E mails etc.I do that.Call them the next morning ,all good.?

No we have received nothing,when are you going into the branch to do what you said you would do.I have been in,I did exactly what I said I would do.I have a receipt from the branch,I insisted they give me one for proof. You haven't been into the branch ,we have received nothing.

The annual report from the bank tells me they pay around $1.6 billion in restitution,they will try to improve their systems,they have to improve their systems. Pigs will be flying from Australia to Europe in 5 minutes before the bank can get simple things right.

Ken
October 13, 2022

A timely article. This week I wanted to make a withdrawal from an unlisted managed fund specialising in Australian shares. I went to the website, logged in, and looked for "withdraw funds". Nothing. I rang them, and they directed me to a place on the site where I could download a paper form, which I then had to fill in, sign, scan, and email to them. Three days later, I had the funds. Compare that to a listed LIC or ETF and why would leave funds in an unlisted entity?

michael
October 17, 2022

I have avoided unlisted funds for this reason, & stuck with listed entities. Once you have created the stock trading ability, some of which are very easy these days, no more hassle.

For this reason I don't see myself going down a blockchain token pathway. The fund operators just need to join a system that already exists & works, not start a new one.

Andrew Smith
October 12, 2022

Is this not dealing with symptoms across various sectors versus adopting data privacy laws that make organisatiins and businesses responsible in protecting data customers' personal data?

Australia did not and does not need to reinvent the wheel when the EU GDPR is already in operation, and has been replicated by the UK post Brexit by simply replacing EU institution names with the UK's equivalents.

GDPR's seven principles are: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality (security); and accountability.

Further, Australia will have issues if it endeavours to avoid supranational agreements and organisations, e..g by tinkering at the edges, due to the 'Brussels Effect' on supply chains and in this case, can apply to non EU businesses.

Dudley
October 12, 2022

"aggregation sites that offers accounts from many banks ... split the money into $250,000 lots to gain the government guarantees under the Financial Claims Scheme." Which Term Deposit aggregation organisation in Australia offers $250,000 government guaranteed Temp Deposits? The ones I know offer to take money and create Term Deposits in various Authorised Deposit-taking Institutions. They offer only a deposit confirmation note as proof of deposit. The deposits can not be independently confirmed by logging in to the ADI to check or statement directly from the ADI. Nor does the ADI send a Term Deposit Certificate directly to the owner of the deposit. The deposit owner knows has no proof independent of the aggregator that the deposit is with an ADI or covered by a government guarantee. For that reason, I do not use them. The account application process could be very easily made very much simpler through existing technology using digital packages of certified documents much as is currently done with paper packages. Create once, send to many at many times. I suspect that ADIs do not want processes which reduce the effort of opening accounts as they want to make it difficult for existing 'captive' customers to open competing accounts.

AlanB
October 12, 2022

I question the need for, value of and complexity of applying for a Director's Identification Number, which all company and SMSF directors are supposed to personally apply for before 30 Nov. The government already has our names, dates of birth, passport numbers, TFN, ACN, ABN... but has now imposed the requirement that company directors also have a DIN, supposedly to deter phoenixing. To get one you firstly have to prove your identity to government though submission/verification of your identity. Were we consulted or was there any debate? Remember the outcry over an Australia card? (Sorry if off topic but something I think worthy of raising in the context of increasing investment complexity and frustration.)

Peter B
October 15, 2022

Agree. The process is ridiculous and you don’t even get a formal document of proof at the end. When will organisations get serious about form design and content?

Mart
October 12, 2022

Graham - this is exactly what a Blockchain setup facilitates ! In fact it looks like one of the "killer apps" !!

 

Leave a Comment:


RELATED ARTICLES

Investing complexity is a massive industry failing

What poker can teach us about investing

Know your fund types and structures – an acronym odyssey

banner

Sponsors

© 2024 Morningstar, Inc. All rights reserved.

Disclaimer
The data, research and opinions provided here are for information purposes; are not an offer to buy or sell a security; and are not warranted to be correct, complete or accurate. Morningstar, its affiliates, and third-party content providers are not responsible for any investment decisions, damages or losses resulting from, or related to, the data and analyses or their use. To the extent any content is general advice, it has been prepared for clients of Morningstar Australasia Pty Ltd (ABN: 95 090 665 544, AFSL: 240892), without reference to your financial objectives, situation or needs. For more information refer to our Financial Services Guide. You should consider the advice in light of these matters and if applicable, the relevant Product Disclosure Statement before making any decision to invest. Past performance does not necessarily indicate a financial product’s future performance. To obtain advice tailored to your situation, contact a professional financial adviser. Articles are current as at date of publication.
This website contains information and opinions provided by third parties. Inclusion of this information does not necessarily represent Morningstar’s positions, strategies or opinions and should not be considered an endorsement by Morningstar.