Crossing the PDPA Landscape: A Reflective Guide for Financial Advisors from an Ex Financial Advisor

By Shaun Jarmen, Industry Development Manager, Straits Interactive

As someone who has spent almost 10 years of his career in the financial advisory industry, I find that the level of importance and responsibility that Financial Advisor Representatives (FARs) have in the lives of their clients are often understated.

FARs, in fact, carry a unique responsibility when it comes to managing their clients’ sensitive personal and financial information. In this regard, the Singapore Personal Data Protection Act (PDPA) provides a crucial framework that guides how we collect, use, and share this data. 

Take for instance, a recent case involving Dennis Ngian, a former financial advisor who shared client information with two other advisors without obtaining explicit permission from his clients. The Personal Data Protection Commission (PDPC) deemed this action unauthorised, being in breach of the PDPA's Consent and Notification Obligations. The PDPA’s guidelines are clear: advisors must always obtain client consent before disclosing their data to any third party. For all FARs, this breach was a cautionary tale of the import of transparency and careful data management in our profession. Compliance with the PDPA isn't just a legal obligation; it’s a way of demonstrating respect for our clients’ privacy and reinforcing the trust they place in them.

Key Takeaways for Financial Advisors

Taking into account the PDPC’s findings from this particular case, here are several practical lessons we can all learn from and apply in our own practices:

1. The Importance of Consent: Obtaining explicit client consent before sharing their personal information must be prioritised, even if it’s with another advisor. The PDPA’s Consent Obligation is more than just a rule to abide by—it’s a way to ensure our clients have full control over their information.

2. Independent Advisors are Still Subject to the PDPA: Many independent financial advisors may not realise they are still considered “organisations” under the PDPA, and are, thus, subject to the same stringent privacy standards as larger firms. This means that regardless of our employment status, we must treat all client data as if we were directly regulated.

3. Personal Responsibility: Whether we work for a firm or independently, each of us bears personal responsibility for protecting our clients’ data and obtaining their consent before sharing it. Every advisor-client relationship is based on trust, and honouring that trust requires vigilance in managing data properly.

4. Transitioning Between Firms: For those of us moving between firms or collaborating with other advisors, it’s essential to remember that client data protection must remain a top priority. We must ensure that data is only shared with proper consent and always in a secure manner.

Practical Tips for PDPA Compliance

To help us all maintain PDPA compliance and uphold our clients’ trust, here are a few actionable tips:

1. Document Client Consent: Keep clear and organised records of each client’s consent, so they’re fully informed about how their data may be used or shared.

2. Verify Data Sources: When receiving data from other advisors, it’s wise to perform due diligence and confirm that consent has been secured.

3. Secure Data Storage: Implement robust security measures, like data encryption and secure communication channels, to protect sensitive client information. In our digital world, this adds a much-needed layer of security.

Building Trust Through Compliance

Ultimately, our commitment to protecting client data not only ensures that we stay compliant with the PDPA but also helps us build deeper, lasting relationships with our clients. Clients who know that we prioritise their privacy and follow ethical data-handling practices are more likely to feel confident in our advice.

Beyond being a set of rules, the PDPA is a vital guide for all financial advisors aiming to practice responsible data management. By embracing PDPA principles like transparency, consent, and security, we can traverse the data protection landscape confidently and, most importantly, honour the trust our clients place in us every day.

We’ll be sharing more about this at our upcoming industry talk, “Is Your Firm Ready? PDPC Urges DPO Appointments Before September – Time for a PDPA Check!” on 22 November 2024. You may secure your spots here.