The cyber attack on Optus has focussed the minds of millions of Australians on the implications of a loss of private data and identity fraud more than any other hack. Optus revealed that data exposed included customer names, dates of birth, phone numbers, email addresses, home addresses and driver’s licence or passport numbers.
In its Financial Stability Review this week, the Reserve Bank highlighted the risks to financial stability from cyber attacks:
"There have been further high-profile cyber incidents in recent months, including the recent Optus data breach. A significant cyber event could undermine confidence in the financial system and have systemic implications. Financial institutions, governments and financial regulators continue to work together to enhance the resilience of the financial system to cyber risks."
While most of the attention has gone on telcos and banks, clients of many funds and brokers and administrators provide a significant amount of personal data with little regard for how their details are protected. Many processes still require a paper-based application form and personal identification and certification, despite the advances in the areas of fintech, regtech, roboadvice, AI, machine learning and blockchain.
Surely we can do better, and 'tokenisation' offers promise for a more efficient future. But first ...
A painful and costly application process
Over the last couple of months, I have witnessed a family member become increasingly frustrated with what should be a straightforward account-opening process. Following the sale of a house, the family wanted to invest the substantial proceeds in term deposits, and their accountant recommended an aggregation site that offers accounts from many banks. There is an incentive to split the money into $250,000 lots to gain the government guarantee under the Financial Claims Scheme.
After completing the paperwork of wet signatures, certification of copies by authorised agents and posting in the documents, follow up emails and phone calls were eventually answered with a confession that the paperwork had 'disappeared'. They were short-staffed and struggling to handle new accounts. The whole process started again and eventually the account was set up, and following further delays in accepting the fund transfers, the money was finally invested.
The accountant admitted many of his clients had experienced similar problems. The lost interest was in the thousands of dollars as the money sat in the transaction account of a major bank paying nothing.
We've been here before
Four years ago, Chris Cuffe wrote an article called 'Investing complexity is a massive industry failing'. I doubt whether Chris expected little would change for many years when he said:
"I have too many other priorities to be bothered filling out lengthy application forms. Yet I want to invest with some fund managers who only offer their products through unlisted managed funds with application processes which have changed little in 20 years. Sigh! Here comes the slog.
Section 1, Type of Investor, Individual must fill in sections 2 and 5. Trust or super fund, such as an SMSF, fill in sections 2, 4 and 5. Each different type of applicant fills in different sections. Is it the section for an Individual or an Individual Trustee? What if there are two trustees? OK, let’s take a guess ...
Identify both trustees, including Tax File Numbers (TFN). Then it says, “You must attach certified copies of documents to this application form.” Is that all documents? Choose Option A, or Option B Category 1 PLUS Option B Category 2 as forms of identification. Who are the beneficial owners? Which TFN does it mean? Identify them as well. Then identify the SMSF itself, including a certified copy of an 80-page trust deed. What! Is that the entire document or the cover page, and is it every page that needs certifying? And do they need any deed amendments too or just the original deed? ..."
Surely, we've come a long way from that?
The frustrations were obvious at a recent Connect Forum arranged by Calastone, which processes around 95% of managed fund transactions in Australia. Annick Donat, CEO of Clime Investment Management, speaking on a panel session, said:
"What keeps me awake at night? How do we get off this merry-go-round? This industry is highly regulated, but not to its benefit, not to anyone's benefit in the value chain or the ecosystem. And I sit here in three decades, and we're having the same conversation that we were having three decades ago. We've changed nothing, nothing at all. We've created more friction, not less. And we're supposed to be an advancing industry looking after people other people's money."
Harvey Kalman, Group Chairman of MSC Group, said the current set up was regulation-centric, not client-centric. To compete with other investment opportunities, the investor’s decision and its implementation had to be achievable through a series of simple taps on a keyboard or other devices.
"What has been frustrating me for a long, long time, is the fact that we are still paper-orientated even if we think we're not paper-orientated. Having just filled out an application form for one of the nonprofits that I chair and I have to actually sign my name and then scan it and fax it back, and then get a call back from Macquarie Bank saying, "Please repeat all the information that you put onto your application form" and the telegraphic transfer tells me that we need something to solve this problem. By asking people to keep on repeating the data and re-identifying themselves – whether the fund is a complex structure or a simple one – we’re not allowing unlisted managed funds to compete."
What is tokenisation and how might it work?
The Calastone forum addressed key questions on digital transformation and tokens:
- Can tokenisation usher in a new collective investment model built on next-generation infrastructure?
- How can we better connect with tomorrow’s investors?
The mix of challenge and opportunity was set out when Ross Fox, Calastone’s Head of APAC, stressed the need for the industry to act before it was ‘pushed into disruption’ like the music, media or retail industries before it. Edward Glyn, Head of Global Markets at Calastone, said the traditional managed fund structure ‘is not a recipe for success in a rapidly-advancing digital age’. There are too many different participants playing a part for the supply chain. It is slow, costly, highly fragmented, difficult to service and certainly not ‘value-centric’. Little had changed since the first managed fund in 1924.
In contrast, tokenisation – where a fund is represented digitally on distributed ledger technology (DLT) infrastructure – gives all players, from asset managers, distributors and platforms to the many different service providers, access and input within a single, technical ecosystem. Tokenisation converts something of value into a digital token on a blockchain application.
In 2019, Calastone launched a DLT-enabled distributed market infrastructure (DMI) and they hope to power collective investment products in a DLT-based platform covering the entire fund value chain.
Tokenisation also paves the way for innovative products that would not otherwise be viable. Examples include customised or personalised strategies giving differing exposures to a basket of assets, including private markets, illiquid and other non-traditional assets. The fractionalisation capabilities of tokenisation may further democratise wealth management by allowing people to access high-value assets previously out of their reach.
Younger generations demand investing is easier
Tokenisation can play a part in bringing the industry closer to a new generation of investors who demand a fully digital investment experience. These investors want a user experience on par with that offered by lifestyle apps – one that is easy to set up, allows instant purchases with clear and fair pricing, and offers the transparency to see whether the underlying investments align with their values.
Calastone argued that the industry must do its own disrupting before others step in. A major uplift in investor experience is required, take the regulator along on industry-wide automation.
Calastone's Chief Technology Officer, Adam Belding, provides more detail in this article on making tokenisation a reality.
"By representing the ownership of any asset, or pool of assets – for example, a portfolio of shares or a physical piece of art – as digital tokens, investors could have more efficient access to a broader range of investment solutions."
The implications of the Optus hack
There seems potential for the intense political and regulatory focus created by the Optus saga to go one of two ways regarding tokenisation:
- Accelerate the move to tokens as a solution to identity theft, etc, OR
- Impair the move to tokens because regulators will impose new laws which make innovation even more difficult.
Adam Belding gave me this response on the dichotomy:
“Tokens are by their nature more integrated into a security architecture, leveraging distributed ledger technology to operate. For example, Microsoft’s Confidential Consortium Framework, which we are leveraging to operate DLT at scale, has strong protections in built against system corruption, data leakage, and tampering. With this in mind, financial services could look to DLT-enabled tokens to enhance their resilience and the positive reaction from regulators around the world towards token-based collective investments could accelerate that process.”
Either way, investors need a more efficient way to identify themselves for account opening, encouraging more competition when it is easier to transfer between product providers, safe in the knowledge the personal details cannot be stolen. And throw away those paper application forms.
Graham Hand is Editor-at-Large at Firstlinks and attended the Connect Forum as a guest of Calastone. This article is general information only.
Some tips from the Commonwealth Bank website (Firstlinks has not checked these services and readers should make their own enquiries).
If you’re concerned your ID may have already been compromised
IDCARE is an independent organisation that provides free support to individuals impacted by fraud or scams. You can contact IDCARE by calling 1800 595 160.
SavvyShield makes it easy to temporarily ban access to your credit report if you think your identity has been compromised. In the event someone tries to apply for credit under your name, the application will be blocked. You will need to download the Credit Savvy app and verify your identity to sign up to the service, or log in if you are an existing customer.