Self-regulatory organization finds firm failed to ensure client information confidentiality during onboarding process
The Mutual Fund Dealers Association of Canada (MFDA) has fined Wealthsimple Advisor Services, Inc. $100,000 for failures in its onboarding processes.
In a settlement agreement dated October 31, the MFDA said that in 2019, Wealthsimple Advisor Services, which is an affiliate of Wealthsimple Technologies Inc. (WSTI), was soliciting approved persons to transfer their registrations and books from other MFDA members and investment dealers they were registered with.
Wealthsimple Advisor Services implemented an onboarding process where approved persons provided WSTI with information regarding their clients at other dealers. The process allowed information to be stored on a cloud-based portal maintained by WSTI even before the approved persons were registered with Wealthsimple Advisor Services.
The onboarding process included inputting confidential client information, such as clients’ names, social insurance numbers, email addresses, and account numbers onto the WSTI portal.
Wealthsimple Advisor Services maintains that the portal is secure. Nevertheless, it failed to ensure that clients had consented to provide their information to WSTI prior to the onboarding process.
“Between February and August 2019, as part of the Onboarding Process, 20 Approved Persons, including 19 Approved Persons registered with other MFDA Members, provided WSTI with Client Information pertaining to a total of approximately 2,990 clients,” the MFDA said.
The MFDA also said that between April 1 and May 27, 2019, Wealthsimple Advisor Services failed to implement controls and supervision over its onboarding process by “failing to prevent staff of an affiliated company from viewing and accessing the system of another MFDA Member.”
An approved person who wanted to join Wealthsimple Advisor Services was having technical difficulties with the onboarding process, and asked another approved person registered with a different MFDA member for help.
“The Other Member was not aware of [the activities] and at no time did the Other Member provide consent to WSTI or any other parties affiliated with the Respondent to access or view the contents of [its customer relationship management system],” the MFDA said.
“The Respondent thereby compromised the confidentiality of the Client Information that was contained in the System,” it said.