Security
10/01/2024
We appreciate the personal and confidential nature of the information we are required to hold on your behalf. Alongside managing your investments with the utmost care, we take your personal privacy and the confidentiality of your data equally seriously. We are often asked about the steps we have taken to ensure our high standards are met, the core principles of which we have outlined below.
Should you have any questions about how we manage your accounts at Killik & Co please do not hesitate to get in touch by sending us an email or calling us at +44 (0) 20 7337 0400
How secure are your money and shares?
How are money and shares in my killik account protected in the event of a Killik failure?
Killik & Co does not hold your money and shares itself, preferring to concentrate on what we are good at, which is advising on and managing client portfolios. Our activities are limited to acting as agent for our clients. We do not engage in riskier business such as principal trading, or in activities that could create conflicts of interest with our clients. We give the task of holding client money and assets to a much larger custodian firm, called Platform Securities LLP.
To what extent are client assets protected from a killik failure by the fact that they are held by platform securities llp, the custodian? or does this just mean that the risk event is transferred from killik failure to a platform securities failure?
What risk there is lies in a possible failure of Platform Securities rather than in Killik & Co. However, a Platform Securities failure is highly unlikely and using them as our custodian serves to mitigate risk rather than simply transfer it.
Who are platform securities?
Platform Securities LLP is owned by FIS Global. With a long history deeply rooted in the financial services sector, FIS is the world’s largest global provider dedicated to banking and payments technologies and employs more than 53,000 people serving more than 20,000 institutions in over 130 countries and its technology powers billions of transactions annually that move over $9 trillion around the globe. FIS regularly tops the annual FinTech 100 list, is 425 on the Fortune 500 and is a member of Standard & Poor’s 500 Index. As of November 2017, FIS is rated at investment grade by Fitch, Standard & Poors and Moody’s. FIS is a listed company (NYSE: FIS) and has published accounts available at www.fisglobal.com.
How can i be confident in the financial strength of Killik & Co and platform securities?
We are regulated by the Financial Conduct Authority (FCA). As such, we are required to report full details of our capital on a quarterly basis to ensure that we are adequately funded to continue in business. We are capitalized far in excess of the regulatory requirement.
Every year Platform Securities is audited for financial strength, as well as compliance with the client money and asset rules. In addition, they go through a further annual audit of their systems and controls, resulting in an Assurance report on internal controls (AAF). Both external audits are conducted by major accountancy firms.
We also conduct our own annual review to check that Platform Securities have adequate procedures in place to ensure client money and assets are segregated and fully accounted for.
Where can i get more information about the financial strength of killik & co and platform securities?
Platform Securities is owned by FIS, which is a listed company (NYSE: FIS) and has published accounts available at www.fisglobal.com. Both Killik & Co and Platform Securities are required by regulation to publish certain details of their capital requirements on an annual basis in what is termed a “Pillar 3” disclosure. The disclosures for both companies are freely available online.
Are Killik making any representations to the fca and government about restoring the protective ring fence around retail investor client money in light of the beaufort securities collapse?
We believe that by using a much larger custodian firm, we are providing a high level of protection for our clients. However, we are as disturbed as all investors are by the revelation that Administrators can take ringfenced client money and assets to pay for their fees. We are pursuing this matter by means of our membership of the board of our industry body, PIMFA [1]
Security measures in the mykillik portal
Keeping Our Clients Data Safe
Safeguarding our clients personal and financial data is the highest priority for us, particularly in the current climate of increased cyber-crime. Our web and App provided service, myKillik, is an obvious point of potential vulnerability. The security design principles that we have embedded in myKillik for web and app users are laid out below.
These principles take into account:
current technical best practice. This is a fast-developing area and Killik & Co clients using other service provider portals will have almost certainly experienced recent changes to and a tightening of security features;
consultations on the pattern of use and preferences of our clients.
The main features of our design are as follows:
- Passwordless sign in. The very high level of protection provided by the Killik Client Code and One-Time password codes (OTP) allows us to dispense with a separate user determined password. This results in a quicker and easier login experience. Evolving industry standards (including guidance from Microsoft and others) favours this. It removes the risks associated with writing down, sharing, forgetting and resetting passwords. Passwords are a major vulnerability as users reuse passwords and are able to share them with others. Passwords are the biggest attack vector and are responsible for a significant percentage of breaches. They also lead to attacks such as credentials stuffing, corporate account takeover, and brute force attacks. Killik & Co acknowledge that we are early adopters with this approach, but we expect passwordless authentication on portals to become standard practice;
- 2 Factor Authentication (2FA). The myKillik mobile application uses 2FA and this technique is now widely adopted in our industry and involves the first factor of authentication being passwordless and the second factor using either PIN or biometrics, such as fingerprint or facial identification;
Web application privacy PIN lock and unlock. This provides protection for users who are temporarily away from their screen and have not logged out (particularly important in any public environment or workplace), avoiding the need to go through authentication if accessing their myKillik account multiple times a day . This enables clients who access the site multiple times a day to have a secure locked view if they are away from their screen for a period of time with quick and secure re-entry access through use of PIN. This allows a user to set a PIN and to configure their own automatic time out, activating the privacy lock.
We have considered and incorporated these features with great care and believe they are both progressive and aligned to our client’s required experience. We have reviewed them against industry and technology best practice and will continue to do so, adjusting as necessary based on the level of data provided by the myKillik portal and its functions.
It should also be noted that Killik & Co regularly commission ‘penetration tests’ against our technology and communications (including the myKillik portal and App) and have a clean bill of health. Penetration tests ensure the security of the site and App are of a high standard and not vulnerable to attack. These tests are completed by an independent third party.
We would welcome your feedback and are happy to answer questions on myKillik and the security arrangements. We can provide further information on the features mentioned above (and industry qualification of our approach). This can be arranged through your adviser.
Sign up to our newsletter
Sign up to receive the latest news from Killik & Co, including our Market Update and Killik Explains educational videos, and be one of the first to hear about upcoming events and webinars. You can unsubscribe at any time and learn how we use your data in our Privacy Policy.