Can a single advisor handle it all?

So far in 2013, there has been a lot of discussion about the potential for “one-stop-shopping” either through advisors or through certain financial institutions. This begs a basic question in my mind – can any one advisor or any one FI properly handle all of the financial matters for a client?

From the perspective of the FIs, they would like the public to believe that they can, in fact, handle everything through in-house advisors or a team of advisors. Does this claim stand-up in the cold light of day? I suggest not. Financial planning, in all of it’s complexities and forms, is based on a close personal relationship between the client and the advisor(s) involved. FIs suffer from a few issues in this regard including lack of continuity, perceptions of conflicts of interest in products and services recommended – predominantly in-house or house-labelled generic products – lack of objectivity also springs to mind.

So what about the individual advisor? Currently we have two versions of this creature on the loose – the independent group (the largest in numbers) and the closely-tied (or career) advisors that represent one company (maybe with one or two strategic alliances to flesh-out their potential offering). I will offer some comments on the latter here. Everyone knows that no one company – regardless of size and breadth of offering – can be all things to all people at all times. Assuming that you accept this premise, the ability of the closely-tied advisor to hande all matters is obviously seriously impaired as is their ability to claim to offer independent and objective advice on all matters financial.

So what about the independent advisor? Can they fill these gaps? Again, I have to say no. While the vast majority of these advisors seem to stress their ability and talents in this area, at best they make broad-brush attempts – albeit very well meaning – but still fundamentally lack the knowledge and full product and service suite.

Is there a solution? I believe the answer here is YES. I believe the answer is what I call “strike teams”. Stay tuned for my next blog where is hare this concept in more detail! Cheers

Fiduciary duty – a long time overdue

As most Canadian readers will know, the concept of mandating that certain advisors have a legally binding fiduciary duty to their clients has been gaining strength recently. Long overdue in my opinion!

Ignoring fancy legal words, a fiduciary duty or responsibility is to put the interests of the client FIRST, before the interests of the advisor. While for professional advisors this should be self-evident (and has always been part of my personal standard of integrity), regulators seem to feel the need to add more regulatory teeth to this issue.

So far, the impetus in Canada has come from the CSA (no – not the Canadian Standards Organisation – The Canadian Securities Administrators) which is a policy group consisting of the top Securities Regulators in each Province and Territory – and yes this includes Québec. They provide policy direction to Provincial Regulators and try and make the rules consistent across the country. There is a parallel insurance industry group called the CCIR (the Canadian Council of Insurance Regulators) which functions in the same manner as the CSA for the life and general insurance industries. I am going to presume that the folks on the CCIR are paying close attention to the work of their colleagues on the CSA and we can expect further action on the insurance side of the Canadian money world soon. Good stuff! HOWEVER, there is a problem from my perspective – what about the rest of the financial community??

What about banks, trust companies, credit unions, caisse populaires? How about household financing companies, mortgage lenders and brokers and payday lenders? What about vehicle dealers and their financing arms? Have people considered the furniture and appliance dealers and their lending practices? Even issuers of credit cards should be subject to this duty – some could argue they are the biggest offenders of not putting the interest of the client or customer ahead of their own! What about MLM businesses that require an “investment” by new “distributors” before they can play the game? Who is considering this issue beyond just the “investment” industry?

How do we, as a society, deal with those unscrupulous folks such as Earl Jones who was never registered or licensed in the first place? It wouldn’t matter what rules were in place via IIROC, the MFDA or the equivalent bodies in Québec for the Mr. Jones’ of this world. How will this impact Ponzi-schemes and the perpetrators behind them?

My next blog will examine some of the costs that will have to be paid – by guess who?? The consuming public is the ONLY source of $$ to pay for regulation and they need to be fully informed of this aspect as well!

The cost of cheating

Is there a cost to everyone when someone in the position of a Lance Armstrong, Barry Bonds, Mr. Maguire or good-old Ben the Canadian Sprinter cheat (and lots of others)? Use drugs to promote their own selfish ambitions? Think they are above the rules or the law? A sense of unbridled entitlement gone wild? Is “win-at-any-cost” valid today?

I believe we all pay a price both financially and with some of our own self-esteem to say nothing of destroyed faith on the part of young people around the world. You can certainly argue all issues but I am going to focus here on the financial price. Sports is big business – HUGE business, in fact. Sports is entertainment, pure and simple. Is the lure of perhaps 10s of millions of dollars every year as an entertainer simply too much for some weak-willed people? Do we all have flaws – of course we do. Does their position as entertainers in the public eye place higher expectations on them and their behaviour? Are the temptations of the “good life” beyond the level for people to cope now?

Entertaining goes far beyond just sports of course, but it is in sports (professional and amateur) that the worst seems to rise (if that is the right word), to the top?

Billions of dollars are spent around the world every year – perhaps even trillions – to promote all types of sports and selected “top-calibre” players. The cost of these promotions, by the way, we ALL pay when we purchase the products made or sold by the companies who promote the sports and the players. Whether is is a potatoe chip brand, some health drink, high energy drink or our favourite alcoholic beverage – advertising (and sponsorships) are advertising is a very large part of the cost we pay.

Enthusiasm for sports and the players is good, it helps us feel good about things, including ourselves. It provides a mental escape (even if just for a few hours) from other aspects of our life when we feel the need. However, it does come at a cost – a cost that we all pay, either willingly or unwillingly and even for some people, unknowingly.

We all have the choice to speak with our voices, our feet and our money. Next time you make a purchase, consider the sponsorships that the manufacturer or producer does in the course of their business. Socially Responsible Investing (SRI) is becoming more widespread as it should. Should SRI be expanded now to include the ethical issues relating to various sports and players? You decide!

Identity theft, email and phone fraud – some tips – Part 2 of 2

Identity theft, email and phone fraud – some of the “tricks”
Written by Ian R. Whiting, CD, CFP, CLU, CH.F.C., FLMI(FS), ACS, AIAA, AALU, LSSWB, Contributing Editor
Website: Blog:

Ponzi Schemes
– These never seem to go out of style, mainly because greed is such a powerful emotion. Earl Jones from Quebec and Bernie Madoff from New York are just two of the more well-known practitioners of this deceptive art. My father I didn’t always agree on things (big surprise) but I did learn a basic truth of life: “if it sounds too good to be true, it is.” Perpetrators of Ponzi Schemes promise the world. High returns, special investments, not known to the general public, stable returns in all market cycles, limited product available, no risk, fully protected. There is no such investment; accept it. Regardless of pressure (peer or group including faith-based promotions unfortunately), do not bite. Madoff went on your several decades before everything collapsed. Remember, only the promoters get rich and only at your expense.

Banking Scams and Mail Theft – Many times bank scams begin as mail theft, unfortunately. Thieves target super mailboxes, apartment, condo and townhouse mail buildings and boxes and outgoing letterboxes. Anything of value is taken – and value means ID and account information. Whenever possible, consider electronic statements and payments. When having new cheques printed, pick them up at your financial institution, in person. When printing cheques, only use your initials and last name so that thieves don’t know if the account is in the name of a male or female. Check all your statements the DAY they arrive and report any errors or suspicious transactions immediately by phone and then follow-up in person with your branch or card company. My wife and I no longer even have our address or phone printed on cheques – just our initials and last name. We have been victimised twice through mail theft of cheques and one of the thieves was a real rocket-scientist and used our cheque to pay for her VISA bill, and had written her VISA number on the cheque!

Password Protection – As more and more of the economy moves to e-based commerce, remembering multiple passwords becomes a major concern. Writing them down (including your banking PIN) is definitely the wrong way to go. My memory sure isn’t perfect and I have to track about 30 different passwords of varying levels of complexity for my business and personal activities. The solution? There are several password utilities available (most are free or at least offer a basic free version) for download. My choice is LastPass. It saves my login information for all of the sites including passwords, PLUS it generates (if I ask it to do so) multi-character, multi-special character passwords at random. I can access it using one ID and one password from any internet-enabled computer in the world and nothing resides or stays on the computer being used – no cookies or any trace of its use. This way, I only have to remember one login ID and one password (mine is 15 characters in length and is a combination of letters (upper and lower case), numbers and special characters. Nothing is 100% secure, but I am comfortable with that level of protection.

Well, now what? Most of this is common-sense and nothing is overly complex. Take the time to review your personal and business security to ensure you are protected to the greatest extent possible. If you are a victim of fraud or identity theft, notify law enforcement immediately. The Canadian Identity Theft Support Centre (link below) is a source of excellent information and they even have a downloadable toolkit on how to deal with suspected ID theft and fraud. I recommend it highly!

With courtesy to

and the Canadian Identity Theft Support Centre –

Identity theft, email and phone fraud – some tips – Part 1 of 2

Identity theft, email and phone fraud – some of the “tricks”
Written by Ian R. Whiting, CD, CFP, CLU, CH.F.C., FLMI(FS), ACS, AIAA, AALU, LSSWB, Contributing Editor
Website: Blog:

This started out as a short, 500-word blog but unfortunately, this issue is so prevalent in the world today, it became two blogs! Today, it appears that the ID theft and related frauds are probably the fastest growing crimes in the world. In February 2008 (the last full study), over 1.7 million Canadians reported cases of ID theft or fraud and some estimates apparently put the value in excess of $100 million. Further information on this topic strongly suggests this figure is less than half the actual number of cases as people are too ashamed to report it, unfortunately. Here are some tips that can help you avoid the consequences of this aggressive trend.

Dumpster Diving – not glamorous, but effective. In this scenario, the fraudster (or some hired minion) goes through garbage cans and recycling bins looking for any account or personal information they can find. Old bank and credit card statements, cancelled cheques, those special “you-are-approved” credit offers, when merged with some modern technology, are a wealth of detail and a creative thief can use it for a variety of nefarious purposes. Invest in a shredder. Many are available for less than $50.00 (including taxes) and should be kept next to where you sort your mail. If a piece of “junk” mail has anything on it other than your name and address (which the company already knows), shred it – don’t just throw it in the garbage.

Phishing – Not to be found in Webster’s Dictionary, this is one of the new internet words that pepper the world today. This word means an e-mail message that looks like it was sent to you by your financial institution. Typically, it has the correct logo, a collection of what seem to be appropriate disclaimers and a request for verification of some personal information. The financial institutions with whom you deal do not need to “verify” any information they have on file and they would never do this via an email – only in person the next time you went to their office. Just mark any such emails as SPAM or JUNK and delete it immediately. Under no circumstances click on any of the links, nor should you reply to the email in any manner. If you follow the link, thieves will obtain enough information about you, and probably your accounts, to allow them to steal either or both your money or identity.

Pump and Dump – Nothing new here but they seem to be cropping up again. For this to work, a fraudster buys (or creates) a block of penny stocks and sends out millions of spam e-mails. Many times, they follow the email with a personal phone call. Both the e-mail and the phone calls are quite compelling and look like a hot tip. Buyer beware (caveat emptor for the Latin readers) because those that fall for this actually fuel a demand for the stocks the fraudster then re-sells at an even more inflated price. Ignore all unsolicited e-mails like this.

Vishing – Similar to phishing, the fraudsters call you directly and pose as an employee of your financial institution or other company with which you do business. Sometimes you will get an email that asks you to call a number – perhaps even a 1-800 number. With current technology, callers can disguise their identity and spoof your call display so it all looks legit! Ignore the calls and hang up.

Shoulder Surfing – Use of credit and debit cards is constantly increasing so your level of awareness needs to improve as well. If you see someone hovering nearby while you are entering your PIN – stop the transaction until they move away. If necessary, turn and face them and ask them to move away: don’t be shy! If someone gets your PIN and manages to skim your card (phoney machines used to steal digital information from your card) or pick your pocket or purse, your account is as good as empty. Some scammers are even using the digital cameras built in to every cell phone (or other e-device) to record your PIN key strokes while appearing to have a normal phone conversation. Shield the keypad when you are entering your PIN (use your other hand or your body as necessary). If you think someone could be aiming a cell phone camera at the PIN pad, stop until they leave or turn away.

And a Happy New Year to all!

, T-bnAs we finally close 2012, there are many things on which we can reflect. The sad, the inexplicable, the disappointing and yes, some good things too – from an investment perspective anyway!

Canadian banks and other financial institutions, despite a credit downgrade late in the year, are among the safest in the world and investors continue to benefit from holding their preferred shares, common stocks and various debt instruments. The same appears true for the utility industry, despite the contretemps of the Northern Gateway (or maybe Arctic Gateway or Eastern Gateway) oil pipeline in Canada and the US side of the Canada/US Keystone XL pipeline project. Oil is a key utility input in all of it’s many forms as is natural gas. I will stay out of the debate on fracking!

The world needs power – from any and all sources so I believe that for long-term holdings, exposure to this part of the economy is important. Short-term, be prepared for some storms in all of the energy sector, and I suspect they will all be of a political making. So some inclusion of energy and utlities makes some sense – the amount you include depends on your investment comfort level and time-horizon.

Communications in all of it’s forms will continue to grow although I suspect it too will be choppy due to anti-trust, patent issues and regulatory meddling on one level or another. Manufacturing and transportation industries should experience reasonable grow as I believe that deficit and national debts will gradually be controlled allowing economies to begin expanding again.

Whether doing your equities on a do-it-yourself basis or using some form of managed funds or ETFs, I would be staying blue-chip common shares and preferreds particularly for the risk-adverse.

Short-term interest rates (10 years and less), I believe will stay within about 1% to 1.5% of curent levels, which is positive for everyone including companies loooking to expand their operations. If doing things on your own, I recommend GIC or GIA ladders and if you are going the managed fund or ETF route, then I would be looking at average term-to-maturity south of 10 years and only A or better ratings – BBB if you feel adventurous.

On the pure cash side of things, whether in a bank account, T-bill account or some life insurance cash values, it seems to make sense to hold somewhere in the 5% to 7% range – both for protection and any buying opportunities that present themselves.

On Precious Metals – flip a coin! From everything I can find, the “experts” are about evenly divided on direction and potential upside/downside movement. Some level of exposure would seem reasonable if you can tolerate the earthquake-style market reactions but for these I would personally stay on the managed money side and look for broad diversification across countries keeping in mind political situations and I wouldn’t be comfortable holding more than 4% to 5% and only then if I was looking in the 10 plus-year holding range.

Think positive about yourself and your family, keep personal debts going DOWN and by wise in your discretionary spending in 2013!

Anywhere use of the company Smartphone is great for hackers, not so great for the bottom line

By Terry Cutler

Where technology goes so do hackers.  Where hackers turn up, usually means bottom line problems for companies, and these unscrupulous hackers are already snaking and slithering unknowingly in many cases in the back end of company networks; through employee mobile devices like Smartphones and laptops.

So it is safe to say that where Smartphones go, specifically these devices in the hands of executives, a hacker with malicious intend will follow and with the rate of Smartphone adoption and capabilities; anywhere from access to email, applications, the Internet and company data, executives are using their devices to stay in touch with family and co-workers through social networks, all the time building a larger and larger database, all the time adding data to their applications.

It may be good for business, but the appeal for hackers with mal-intent is obvious.  The build up of data, times the growth in Smartphone usage, means that one-day a massive attack on sensitive company data could have begun its path to destruction through a Smartphone or laptop.

In a nutshell, a Smartphone is a cell phone to make phone calls, but also adds in features that normally would be found on computers or in the past on what was known as Palm Pilots. In the past, the ability to send and receive e-mails, search the Internet and work on office documents was restricted to the office or laptop computer.  The palm pilot could sync with a computer, but for the most part was a secure personal database, known as a digital assistant that stored data. The biggest security concern was losing the storage device and having someone using the information for mal-intent.

So now we can create and edit Microsoft Office documents, download apps with personal and business managers, personal assistants, or driving GPS directions; the list of apps is endless. What these Smartphones can do now, they will be doing twice as much in the near future.

The list of possibilities is also endless for a hacker. What the hacker can do today may also be twice what he or she can do tomorrow. Data theft is at the forefront of these Smartphones because these devices are excellent tools to steal user data.

In 2010, Canadian Mobile Ad Placement revenue grew at a rate of 105% year-over-year, driven primarily by Search and Mobile Display/Sponsorship according to Mobile In Canada: A Summary Of Current Facts and Trends

The study reported almost 85% of Canadians are cell phone subscribers and 45% of the latter have Smartphones. Half of Canada’s Mobile subscribers are monthly Internet users, dominated by 18-44 year olds, mostly using the device for monthly Internet activities, downloaded apps and browsing the study concluded.

So when companies issue Smartphones to employees without security hoping for a bottom line reward, they may be asking for a lot more problems, which can indeed bottom out the bottom line.





Security not included ?? real lessons you should know about before you hire your next IT service provider

By Terry Cutler

A recent vulnerability audit and stimulated hacking scenario on a website belonging to a small non-profit uncovered 25 possible vulnerabilities, and according to the director and his board of directors such a problem should have never occurred.

“When we created the site two years ago we assumed that our web developer would consider security of the site as a normal consideration,” said the director, who asked to remain anonymous for security reasons. “Actually, we are a small association with a small budget and a small website. Who would think that anyone would want our information?”

It is a prevailing attitude, one that has implications on the bottom line.

As the head of an association or business, you expect your outsourced IT group or web developer to be handling security, but are they really? The answer to that is a resounding no. Website creators or managed service providers are not in the business of testing or coding  your website to security best practices.

It is assumed that they are.

Not long ago, I ran a 45-minute rapid audit for the website of a Door and Frames supply manufacturer and discovered a vulnerability that allowed an attacker to modify the website which would deliver an infected PDF file to every site visitor. Breaking it down, any visitor who didn’t have an updated Adobe reader could be compromised. After contacting the web master I learned he didn’t feel the need to fix it or insert any protection.

“If I’m paying my outsourced IT group several hundreds of dollars a month, I assume they’re taking care of my security as well since it falls under IT. No one will hack my site because there’s nothing valuable on it,” said the owner of Doors and Frames.

The common theme in the industry is that providers have adopted a “sweep the incident under the rug” attitude as a best practise without advising the client. The hope is that it will go away. That assessment may be too harsh. Most developers are still making the transition from basic web development to a more secure built-in security development.

In the interim, directors and owners are caught staring like a “deer in headlights”.

Small businesses are the perfect victims for the unscrupulous and this is directly linked to a small, and sometimes non-existent security budget. The unscrupulous are not after your information but want to use your systems as the middle man to break into others and more likely a mega-companies’ systems with more to lose.

In other words, they are using your network to frame you.

The big problem for the unwilling and unknowing middle man is that when a security forensic team shows up and uncovers what happened, law enforcement will be paying you a visit since it was your system, or someone you employ, that have been led to believe committed the crime.

Many small businesses are simply not aware of how vulnerable their sites are to hackers. While developers in the past were not trained to build in security, their roles are changing. More certified training is being offered, which lays the basic foundation required by all developers to produce applications with greater stability, posing lesser security risks to the end-user.


Not financial – but personal – bullies are cowards – never let them win!!

Amanda Todd’s recent suicide struck home for me. Then the utlimate in cowardly, vile bullying took place – apparently other students and classmates vilified her after her death. I say “apparently” because police have not yet tracked down who made the posts – but regardless of who made them, they deserve the harshest punishment available – and our laws badly need strengthing in this area.

Also police need expanded powers, under proper control of course, to use every means available – electronic and otherwise – to track these people down. The BCCLA and similar groups always seem to forget the victims – they worry more about protecting the guilty than ensuring they don’t EVER repeat their offences. Put your focus where it belongs for once! Then our judges have to have the guts, courage and some reasonable level of sanity and common-sense, to impose first punishment – and later some rehabilitation – but punishment comes first.

Amanda is nor the first, and unfortunately she will not be the last. Why? Because not all parents care about what their children are doing. Not all parents bother to teach their children right from wrong. Not all schools (teachers, principals, staff – everyone) watch for signs of bullying and deal HARSHLY and SEVERELY with the bullies involved. Not all parents bother to learn about bullying – or if their child is either a bully or a victim until it is too late. Not all parents supervise everything their children do on-line – on the web, twitter, social media, flash-mobs, etc. Not all parents bother to learn about cyber-bullying.

Not all law enforcement and other first-responders have been trained to identify signs of bullying – either victim or perpetrator. Not all medical people have been trained to identify bullying and the resulting physical and mental damage and eventual destruction, victims will face.

Politicians can’t agree on the time of day or the shape of the table to use for a meeting – but can’t – for ONCE – they stop petty party-politics and do something for victims of bullying? Can’t they for once deal forcefully with those who bully others?

Political will is lacking – or rather the will to deal with the problem outside petty politics is lacking. Everyone wants to be seen as the champion but no-one bothers to act. Committees don’t solve problems. Inquiries don’t solve problems. Studies don’t solve problems – and neither do working groups or any other such actions.

This needs to the part of ALL school curriculums starting in elementary school – regardless of religion, private or public schools. There are bullies of every race, colour, creed, religion, faith, political stripe and sex. There also needs to be consistency in dealing with bullies. Leaving it up to each organisation or school or school district to set their own “remedies” is not the answer. And regardless of legislation, it is time to “name names” for many reasons, not the least of which is to ensure there are consequences for actions and that potential victims can be protected. Let’s refocus our energies on victims and rehabilitate the offenders second.

The effects of bullying last the rest of your life – they affect your personal life, your relationships, your career – and they do impact on both mental and physical well-being. A victim never recovers – just as the victims of child-abuse, pedophilia, etc. – NEVER completely recover. They are changed people – forever. I know first hand – I was bullied for 5 years in junior and senior high school – and it affects me today.

When Internet security takes a back seat

By Terry Cutler.

Why is it that those in charge of protecting the company’s security network, that database of sensitive customer data – bank cards, credit cards, bank accounts and personal information – don’t seem to spend the money to protect it? This is a question that is baffling to those in the data protection business, and may be more baffling in the years ahead.

CEOs and Chief Security Officers (CSO) do not always see eye-to-eye on this problem. The CEO is budgeting the overall books, while the CSO is focused on his task, and can only submit for his budget. This is understandable. However, a recent survey ( released by Core Security which highlights and demonstrates this separation over the security stance of the same company who has the potential to drop a company in a “click”.

Staggering is the first word that comes to mind after a quick read of this benchmark. Only 15 percent of CEOs said they were very concerned about an attack on their network, and didn’t think their systems were under attack or even compromised. There is a large gap between CEO and CSO thinking.

Sixty percent of CSO’s reported being very concerned about attacks and reported their systems were already penetrated. Yet with all the breach threats filling the news, and the numbers in dollars lost rising with each attack, or even a threat, the report unearthed that 36 percent of CEOs don’t deem it necessary to get a security briefing from the member of their own security team. It is inevitable. With large customer databases becoming the norm with big companies, the norm for hackers is to go after the company. Decide this at the board level, or decide how to fix it later, of course at a loss of reputation and customers and millions.

It isn’t fashionable to call Internet security unimportant, yet CEO’s continue to scoff at filtering money in that direction. This is risk management of the grandest form. One breach can cost millions. As I have written in previous blogs, that extra money may go to training that one employee not to “click”, or maybe not?

It’s the CEO’s call.