How does T212 make sure it does not lose the records about which ETFs I own?

Per my understanding, T212 is the only entity which knows about me (it has identifiable information, like the details of the national id card) and, for example, the ETFs the I bought.

If my understanding is correct and T212 is the only entity holding this information, then what happens if somehow T212 loses the records regarding my personal details and the ETFs I bought?

For example, a cyber attack could delete these records from the T212 servers. While it might sound like SF scenario, it actually happened to very big online businesses (email companies, retails, crypto, etc). They faced critical security breaches which end up with customers losing their data.

Does T212 is really the sole entity hold these critical records which connect the identifiable customer to his\her ETFs?
What kind of regulations does T212 need to comply to in order to assure the records do not get lost or they are 100% recoverable in case T212 loses them? I assume they have data backups, but, from a digital/online security point of view, what it would really be better if T212 is not the only entity which holds this information.

Here are some excerpts from the Terms of Service I am already aware of:

12.11. We may hold your money and the money of other Clients in the same Client Bank Account (omnibus account). In this case we are able to identify your money through our back office and accounting system.

13.8. Your Investments will be registered in the same name as those of other clients (pooled together with other clients’ Investments in an omnibus co-mingled custody account, like with like). This means that Investments will not necessarily be immediately identifiable by way of separate certificates. If we or our third-party nominee were to become insolvent there may be delays in identifying individual assets, and possibly an increased risk of loss if there should be a shortfall because additional time will be needed to identify the assets held for specific clients. In addition, in the event of an unreconciled shortfall caused by the default of a custodian, you may share proportionately in that shortfall.

Note, I am not talking about the security of the ETFs, I’m aware they are kept by Interactive Brokers. What I’m talking about is the security of records which prove I’m the person which owns the ETFs..

Also, I know T212 already sends email statements for every ETF I buy, and that I can ask T212 to send a share certificate which I can keep in my email. But I don’t see how that could help in the eventuality T212 loses the records. Will T212 reconcile the records by just asking everyone to forwards those emails? :slight_smile:

Of course, this concern is not about T212 only, same is for any other brokers. But I’m interested to know what T212 does in this respect.

2 Likes

In short:
CASS and COBS rules
Daily reconciliation if held electronically (which they are - in Nominee/Custody)
“3-way-reconciliation” between client-bank-nominee also

(but, yes, at the VERY extreme end IF T212 magically found all servers were attacked AND deleted AND they had no backup… D’oh!)

2 Likes

I wish it happens to my bank, perhaps I will not have to pay back my loans.

2 Likes

“CASS and COBS rules”, very interesting, thank you.

Several questions raise in my mind, for example, do these apply to only the T212 UK or does it apply to T212 in other countries as well?

Also, I’m not sure how exactly these regulations work, I mean some can be actual requirements which brokers must implement, while others are just recommendations, so it’s more like up to the broker.

To be clear, once again, I am not concerned about the security of ETFs itself, which is clearly regulated (the omnibus account), what I am concerned is about the eventual need of the reconciliation of my identity to the ETF I bought. This critical information is a digital record stored somewhere on some T212 servers and my feeling is it’s up to the broker (T212) to really make sure they do the right thing to keep it safe(ready to be restored from a backup) and secured.

1 Like

Yep. CASS and COBS.
Schedule 1 = Recording Keeping / Safekeeping
MiFID II also kicks in with it “storing backups on durable mediums” rule.
There is nothing I can say to actually soothe your soul as your “what if” is entirely valid (if statistically only 0.001% likely to ever happen).
In the unlikely event that it does – what we (at numerous other brokers) used to do was have several Disaster Recovery sites with backup servers creating backups of all records (cash, stock, account, personal) intraday.

2 Likes

Btw, I know it is for EU customers, but after Brexit, UK is still using/applying it?

You overestimate the British Government. :joy:

They just copy and pasted the regulatory word document and tried to carry on as normal.

2 Likes

Disaster recovery and backup is very easy to implement. The risk is with the security. This is the part where I am more concerned with.
I wonder, from a security point of view, does T212 (and again, same concern is for other brokers as well) have certifications and security audit?
I wish T212 (and any online business in fact) talk more and advertise more their efforts for making sure the users data (and money in the case of a broker) is safe.

You need to understand or trust the regulators that audit firms they approve to offer financial services in your market in this regard.

2 Likes