Ticoon Technology Inc. Ticoon Data Governance and Stewardship

Transcription

1 Ticoon Technology Inc. Ticoon Data Governance and Stewardship

2 Contact Us Thank you for your interest in the Ticoon Service. If you have any questions or concerns about the content of this document, or you would like to know more about Ticoon, please feel free to contact us using any of the methods indicated below. Our office hours are 8:30 5:00, Monday to Friday - we look forward to hearing from you. Gil Quesnelle Brett McGoldrick Michael Morgan VP Sales Director, Data Engineering Privacy Officer Tel: (416) x245 Tel: (416) x292 (416) [email protected] [email protected] [email protected] Ticoon Technology Inc. 56 The Esplanade, Suite 404 Toronto, Ontario, M5E 1A7 [email protected] Tel: (416) Fax: (416) of 17

3 Table of Contents GLOSSARY OF TERMS INTRODUCTION DATA SUPPLIER DOCUMENTATION PRESENTATION & USE OF CLIENT DATA DATA ACCESS PRESENTATION OF CLIENT DATA DATA LOCKING IDENTIFICATION OF DATA SUPPLIER IDENTIFICATION OF MANUAL VERSUS ELECTRONIC ENTRIES SEPARATION OF VERIFIED VERSUS UNVERIFIED ACCOUNTS & POLICIES IDENTIFICATION OF DATA SUPPLIER AT THE TRANSACTION LEVEL DATA LOADING MODELS USE OF CLIENT DATA CLIENT REPORTING CLIENT INTEGRATED PORTFOLIO REPORTING VERSUS STATEMENTS CLIENT PORTFOLIO REPORTING TIME/DATA REPORTING FINANCIAL INSTITUTION AND LIFE INSURANCE CARRIER IDENTIFICATION IDENTIFICATION OF MANUAL ENTRIES CURRENCIES DISCLAIMER LOCATIONS DISCLAIMER FONT SIZE PAGINATION DISCLAIMER WORDING ACCORD - STANDARD TERMINOLOGY RATE- OF- RETURN CALCULATION COMBINED RATE OF RETURN DATA PRIVACY PRIVACY DATA MATCHING AND MERGING INFORMATION SHARING TO THIRD PARTIES PRIVACY AND CITS IMPLEMENTATION GUIDES PHYSICAL SECURITY & INFRASTRUCTURE TICOON DATA CENTER DATA CENTER SPECIFICATIONS HOSTING - CANADA GUIDELINES RELATED TO EXTERNAL REGULATORS MFDA REGULATIONS CLIENT COMMUNICATIONS VERSUS CLIENT STATEMENTS ACCOUNT CARRIER IDENTIFICATION DISCLAIMER OFFICIAL STATEMENT DISCLAIMER MFDA INVESTOR PROTECTION DISCLAIMER THIRD PARTY PRODUCTS TECHNICAL REQUIREMENTS DATA ENCRYPTION of 17

4 FILE TRANSFER PROTOCOLS INDIVIDUAL FILE FORMAT BATCH FILE FORMAT AND NAMING CONVENTION END- OF- TRANSMISSION FLAG BASIC DATA FLOW DIAGRAM EXAMPLE (UPLOAD) of 17

5 Glossary of Terms Advisor Advisor Data Advisor Team Member Client Data (Investor Data) Client (investor) Data Supplier Distributor Sync Source Third Party Software or Service Ticoon Service Ticoon Store Unverified Data User Verified Data Individual employed, directly or indirectly, or contracted, directly or indirectly, with a Distributor or MGA. For the purpose of this document an Advisor shall also include the Advisor s administrator. Information about the advisor s organization received from a Data supplier or manually entered by a Distributor or an Advisor. Individuals associated with the Advisor and who support the Advisor to service the Client. Personal, financial and insurance data received electronically from a Data Supplier, or entered manually by a Distributor or MGA, an Advisor or a Client. Client Data includes verified and unverified data. Consumer or investor who have purchased financial and/or insurance products produced through a Distributor or Advisor, from a Data Supplier. Sources of Client Data including Financial Product Manufacturers such as Banks, Insurance Companies, Mutual Fund Companies & Asset Managers. Data Suppliers may provide Verified Data. Includes IIROC registered brokers, MFDA registered dealers, Credit Unions, MGAs (Managing General Agents), banks and insurance companies. The unique identifier applied to each Data Supplier system and available in the user interface including information regarding the last updated date and time. Software or solutions integrated with the Ticoon Service that enables Users to extend the use of the service. Third Party Software or Services includes financial planning software, portfolio management software, insurance illustration software and other. The service provided to Users and includes: TicoonSales: Client Management System for Advisors TicoonFieldforce: Advisor Management system for Distributors TicoonTouch/MyTicoon: Financial services and insurance portal for Clients For more information on the Ticoon Service visit Location within the Ticoon Service that allows an Advisor to purchase additional Ticoon or Third Party Software or Service functionality. Data source where a manual intervention can/has taken place. An individual licensed to access the Ticoon Service including: Distributor s Personnel: an individual employed, directly or indirectly, or contracted directly or indirectly, with the Distributor s Personnel, and that has a license to access the Ticoon Service. Advisor: an individual employed, directly or indirectly or contracted, directly or indirectly with a Distributor, and that has a license to access the Ticoon Service. Advisor Team Member: an individual associated with the Advisor and who supports the Advisor in servicing the Client, and that has a license to access the Ticoon Service. Client: an individual who has a license to access the Ticoon Service from their Advisor or Distributor. Data source is electronic (i.e. no manual intervention). 5 of 17

6 Introduction Ticoon consolidates Client Investment, Banking, Insurance and Other Data from multiple Data Suppliers. Ticoon only consolidates Client Data for existing accounts and in- force life insurance policies, and does not consolidate information regarding pending or potential new business (e.g pending life insurance policies, or potential new investment accounts). The most practical source of Client Data depends on the industry: Client Investment data is typically accessed from book- of- record or administrative systems managed by the Distributor, or from Fundserv. These systems often have data export capabilities or interfaces that enable Ticoon to extract or receive Client Data. Client Life Insurance data (in- force policy data) is typically not available through the Distributor s administrative system, but is often available directly from a Life Insurance carrier s underwriting system, administrative system or corporate database. Banking data is not available through the Distributor s administrative system but is often available directly from the banks administration systems, accounting systems or corporate database. Ticoon integrates directly with banks source systems to extract or access banking data. The purpose of this document is to provide a Data Supplier s operational, compliance/legal and business departments with an understanding of the Ticoon best practices regarding the i) transfer; ii) storage; iii) presentation; and iv) use; of Client Data. Adherence by Ticoon to the guidelines set out in this document assures Data Suppliers that compliance and regulatory guidelines and best practices are applied to the access, distribution and use of Client Data. 6 of 17

7 Data Supplier Documentation Ticoon s platform serves as a conduit for the distribution and sharing of Client and Advisor Data and Documents between Data Suppliers, Distributors, Advisors, and Clients. Presentation & Use of Client Data Data Access Ticoon s data access model and security infrastructure ensures that Client Data received from each respective Data Supplier is segregated appropriately and is only available to Users with explicit permission to view or access that Client Data including the: Distributor: whose registered or licensed Advisors have sold products and services, where those products and services were sold through the respective Distributor, and will have access to Client Data pertaining specifically to each respective Client for whom those products or services were sold. Advisor: who has sold products or services and will have access to Client Data pertaining specifically to each respective Client for whom those products or services were sold. Advisor Team Members: whose associated Advisor has sold products or services, and will have access to Client Data pertaining specifically to each respective Client for whom those products or services were sold, when access to that data is explicitly granted by the respective Advisor. Clients: who have purchased products or services and will have access to Client Data specifically pertaining to those products or services that they have purchased and members of the Client s household or other third parties to whom the Client has explicitly granted access by the Client. Ticoon Staff: Ticoon limits employee access to Client and Advisor Data to those employees that are required to see the data to support Ticoon s customers. All Ticoon employees undergo 3 rd party background checks and annual screening including criminal, identity, and educational confirmations in accordance with industry best practices. Only those employees involved in the data mapping, loading, and troubleshooting are provided with access to Client and Advisor Data. Presentation of Client Data Client Data will be presented in a number of different views and reports for Users depending on each Users data access, including: Summary Views Net Worth Views Consolidated Views Product Type Views Data Supplier Views (by Bank, Insurance Company or other) Other Views Client Data electronically supplied by a Data Supplier is clearly identified with the respective Data Supplier s name in all views. Data Locking Financial and insurance data (e.g. policy or account) that comes from a Data Supplier, including any transactions associated with that policy/account, is a Data Supplier holding and considered Verified Data. Verified Data is flagged in the Ticoon database as locked so that the holding cannot be modified. This protects the Data Supplier from having its data misrepresented to the Client. 7 of 17

8 Identification of Data Supplier The Ticoon system clearly separates Client Data by Data Supplier. All Verified Data fed by a Data Supplier is clearly identified for such Data Supplier. This will support any presentation requirements (printed or on- line) where separation of information based on the Data Supplier is required (this supports MFDA & IIROC data presentation requirements). Identification of Manual versus Electronic Entries The Ticoon system supports manually adding Client holdings (Unverified Data holdings). Manually entered holdings are flagged as such and clearly identified for the Client. Appropriate disclaimers are presented to the Client on views and reports. Separation of verified versus unverified Accounts & Policies Verified or locked Data has a verified account balance that comes on the Data Supplier electronic feed (i.e. it comes from the Data Supplier s system). The value is part of a locked holding (and cannot be altered). Ticoon provides the capability of calculating account balances based on the transactions associated with the holding. Such a calculated balance is considered unverified and clearly presented as such (clearly and separately as unverified). Identification of Data Supplier at the Transaction Level Ticoon supports the inclusion, by the Advisor, of manually added transactions for an account that is received in an electronic feed from a Data Supplier enabling the addition of transactions that pre- date the association the Advisor had with their current Distributor. In other words, an account for a Client may span a move by the Advisor from one Distributor to another. Ticoon segregates the data appropriately and clearly distinguishes those accounts that include manually added transactions. Data Loading Models All data provided to Ticoon is stored securely and remains encrypted behind Ticoon s firewall. Please refer to the basic data flow diagram for usage of the private PGP key. Ticoon applies two distinct models to the loading of data: Full Load: A full data load may be completed for data from a single supplier when the Distributor is also the provider, or has requested the data for their own use. When this load model is applied, all data from the data supplier file will be loaded to the Ticoon production database. Limited Load: A limited load may be completed when data is specifically requested for pre- identified advisors, and when the Distributor has no interest in viewing the aggregated financial data. When this load model is applied, specific advisor data will be filtered from the data supplier file to be loaded to the Ticoon production database. Use of Client Data Ticoon s functional access control module ensures that Users only have access to features and functions appropriate to their role. In most cases the use of the Client Data is as follows: To request a demo of how Ticoon uses Client Data, please contact the Ticoon Sales team at or [email protected] Distributor use of Client Data (see Data Access) may include the following, if they have received approval to communicate with the client: Aggregate, non- identifiable summary information that uses Client Data for research, analysis and reporting Viewing online (see Presentation of Client Data) 8 of 17

9 Searching for specific information related to Client Data Segmentation based on Client Data Rate of Return Calculation Analysis of Client Data Producing reports that include Client Data Research using Client Data Generating communications to Clients using Client Data Producing Client letters and communications using Client Data Advisor use of Client Data (see Data Access) may include: Viewing online (see Presentation of Client Data) Searching for specific information related to Client Data Segmentation based on Client Data Rate of Return Calculation Analysis of Client Data Producing reports that include Client Data Research using Client Data Generating communications to Clients using Client Data Producing Client letters and communications using Client Data Advisor Team Member use of Supplier Data may include: Viewing online (see Presentation of Client Data) Searching for specific information related to Client Data Segmentation based on Client Data Analysis of Client Data Producing reports that include Client Data Research using Client Data Generating communications to Clients using Client Data Producing Client letters and communications using Client Data Clients may be granted access to their Client Data (investment, Insurance & Banking Data) through Ticoon s Investor Portal (CFS). This includes summary information, accounts & policy information as well as transaction details. Client use of Supplier Data may include: Viewing online Generating reports Client Reporting Client integrated reporting refers to any reporting involving Verified Date and Unverified Data that is shown to the Client, either in a report, through Ticoon s Advisor Desktop or Investor Portal. Client Integrated Portfolio Reporting versus Statements Official statement reporting comes from the financial institution and/or life insurance carriers, including statements from Distributor and statements from fund companies. Those statements reflect back- office systems that are regarded as official book- of- record information. By common convention, the term statement is reserved for official reporting of Client information. Ticoon does not provide official reporting (or statements) to Clients and all views and reports include disclaimers that state such. The Ticoon Service brings all the financial affairs of the Client together in an integrated view and provides a 9 of 17

10 coherent financial picture that supports financial decision- making and planning. Ticoon recommends that all decision making should be confirmed using official statements and reports. Client Portfolio Reporting The Advisor may provide to the Client a report of the Client s investments, life insurance and banking information (verified and unverified). Verified and unverified source data will be separated using standard conventions. Time/Data Reporting The accuracy of information is linked to the data refresh date (i.e. last date the synchronization was run). Ticoon consolidates data from multiple source systems, some of which are unable to provide current data. Ticoon always shows the latest refresh date so Users know when the specific data was last updated. Financial Institution and Life Insurance Carrier Identification All holdings supplied by a Data Supplier will be clearly identified as such. Identification of Manual Entries Any holdings that have been entered manually are identified as such and clearly separated and disclosed as unverified or manually entered data. Currencies Any non- Canadian currencies are clearly identified on any Client reporting. Disclaimers include information regarding foreign currencies and fluctuations of exchange rates that can affect the value. Disclaimer Locations Disclaimers are located such that they cannot be omitted from a report; this includes blocking all disclaimers to the last page, or positioning disclaimers at the bottom edge of the page or beneath the page number. Disclaimer Font Size Disclaimers are 8pt or larger font size. Pagination Each page in a report is numbered, including a page n of m where m is the total number of pages in the report. Disclaimer Wording Generic disclaimer wording is standardized by Ticoon on the Portfolio Report for all users, and conveys the following points: The report is not an official statement. The client should refer to official Distributor statements for book- of- record details. ACCORD - Standard Terminology Ticoon is a member of CLIEDIS and where possible, Ticoon uses ACCORD standard terminology. ACCORD has defined almost every term used in the insurance industry but note that not all terms defined by ACCORD are unambiguous in a Canadian context. Work actively continues to remove any such ambiguities from a global perspective. of 17

11 Rate- of- Return Calculation Ticoon provides a rate- of- return (ROR) calculation based on Verified Data and Unverified Data provided by multiple Data Suppliers. Rates of return may be calculated based on a single holding or a combination of holdings; and may be based on Verified Data and Unverified Data, or a combination of Verified Data and Unverified Data. Transactions are the primary source of data used to calculate rates of return. Transactional data is required in order to provide any form of Rate of Return calculations in the Ticoon Solution. Combined Rate of Return This refers to any rate- of- return calculation that is reported on a collection of holdings on the Client s portfolio. A combined rate of return will include the financial activity from any number of holdings and products and for any number of Data Suppliers. Both verified and unverified transactional activity could be part of the calculation. Combined rates of return adheres to the following: It is clearly blocked separately in a summary section of the report from any detailed holdings reporting; It is clearly designated as a rate of return on combined holdings; It is clear which holdings are included in the rate of return calculation; It is clearly designed as a value that has been calculated by Ticoon; (this value is not part of electronically fed data from the Data Supplier); It clearly indicates the time period to which the rate of return pertains; It provides an appropriate explanation of methodology; and All calculations are annualized. Data Privacy For more information on Ticoon s Privacy Policy visit policy/ Privacy The Personal Information Protection and Electronic Documents Act (PIPEDA), the compliance of which is overseen The Office of the Privacy Commissioner of Canada within the federal government of Canada, details the requirements for protecting personal information. Ticoon s policies in limiting the sharing of Client s personal information specified in this document are in keeping with our understanding of the terms and conditions of PIPEDA. Distributors, Data Suppliers and Advisors must be familiar with PIPEDA and ensure that their own policies are in alignment with PIPEDA. Ticoon reserves the right to halt feeding data to any party that is not acting in accordance with the protecting Client privacy. Further information can be found at Some provinces also have their own privacy legislation. A Distributor, Data Supplier and/or Advisor doing business in any province with privacy legislation should be familiar with such legislation. Data Matching and Merging Ticoon has been successfully matching, merging, and splitting multiple back- office source contact data on our databases since Our proprietary algorithm uses an extremely conservative approach to contact matching/merging, and automatically performs this function only when we are certain that the contact records provided represent the same individual. If there is ever any doubt as to the accuracy of the merge 11 of 17

12 occurring through the automated process when new data is provided through the back office source, a split will occur generating two separate contact records. Ticoon supports the following contact matching, merging, and grouping processes: Contact Merging This can be performed automatically by our sync process using a proprietary algorithm, or manually by an advisor who has access to both contact records if there is insufficient data to provide an automatic match. Contact Splitting If there is reason to believe that contacts previously merged by the sync should not have been matched, a contact split can be automatically performed by our sync process using a proprietary algorithm at the next data load. This will not affect contacts manually merged by the advisor without manual intervention by Ticoon. Householding If household data is provided from a data supplier, contacts can be automatically added to households by our sync process using a proprietary algorithm. Alternatively, the advisor can complete this manually. Clients can be removed from a household at any time. Information Sharing to Third Parties To support users and create efficiency we will share data with third party applications and solutions, such as those providing account opening services, pre- populated forms, or financial planning tools. All third party applications will be passed data specifically to be used in the continuance of the advisor relationship, and only information specifically necessary to the use of the third party application will be passed. Third party services made available in the Ticoon Store have been pre- vetted for security and utility to Ticoon s subscribers, and all data will be transferred securely between Ticoon and the third party service, however Ticoon cannot be responsible for the internal practices of all integrated solutions providers. When a user purchases a third party app via the Ticoon Store, the terms and conditions of the third party application are disclosed and agreed to by the purchaser, and the service is used at the sole discretion of the purchaser. Privacy and CITS Implementation Guides CITS is a subcommittee of CLIEDIS. CITS develops implementation guides for the exchange of electronic data. Those guides specify the limited subsets of data fields related to Client Data that are permitted to be included. These have been agreed to across the industry in Canada with participation from the major carriers and Distributors. 12 of 17

13 Physical Security & Infrastructure All data and information received directly by Ticoon, from a Data Supplier, is stored in the Ticoon database, housed in Ticoon s secure storage facility. Data is available through the use of the Ticoon Service only. Ticoon Data Center Ticoon leverages the bench strength of one of Canada s premier managed services organizations to ensure it s infrastructure and applications are secure and available Ticoon s provider s facility has undergone and passed multiple 3rd party audits and penetration tests which confirm the platform is protected from compromise. Audits include the CICA 5970, the SAS 70 Type II audit, and the Payment Card Industry Data Security Standards (PCI DSS) audit. Data Center Specifications Operations Centre (OC): Located in Ticoon s provider s facility, the OC provides monitoring of infrastructure switching equipment, security, electrical systems, HVAC, fire detection, and the Ticoon System. Ticoon s Provider s Data Network delivers: Multiple fiber conduits into the building via physically diverse paths. Bandwidth capacity of four gigabits. Ethernet connections supplied by four different network providers. Facility core switching infrastructure that connects to the facility with redundant fiber, scalable from 1 Gbps to 500 Gbps and beyond. A Customer System that is connected to internal infrastructure providing high availability and redundant switching. IP network infrastructure that has no single point of failure between the data center backbone and the Ticoon System. The Ticoon System is connected to two redundant distribution switches. Network topology is a multi- layer design to enable bandwidth expansion based on current and future requirements. Cable plant is NORDX certified on CAT5E and CAT6. Ticoon s Provider s Network Security includes: Switched Ethernet to each server to prevent packet sniffing and provide bandwidth to the switch Packet filtering employed at border routers and data center firewalls ensure only authorized access is permitted. A distributed radius- based authentication system to provide maximum password management and security. An intrusion detection system that sends alerts directly to the OC. Ticoon s Provider s Physical Security includes: Facility entrance and security areas that are protected with bulletproof glass. Facility personnel that are on premises A single point of entry, mantraps and card access controls to ensure no unsolicited visitors. An envelope style layout with raised floor space in an enclosed building within the overall structure. Surveillance cameras that are strategically located to monitor building exterior, approaches to entrance and throughout the raised floor area. Ticoon s Provider s Electrical Systems includes: Dual incoming electrical feeds of 13,800 volts at 4,000 amps. 13 of 17

14 Facility- owned double- ended main switchgear with tiebreaker, including independent step- down transformers at both ends capable of handling the entire switchboard. UPS: A total of 3,000 kva through 4 UPS modules in a N+1 configuration with multiple independent delivery infrastructures to the platform. Redundant UPS power distribution sources (A & B configuration) provided to every cabinet. N+1 backup provided by 3 diesel generators (two at 1.5 MW, one at 1.25 MW for a total of 4.25 MW total stand- by power). Fuel storage that allows for 72 hours of uninterrupted generator operation. Multiple supplier agreements for refueling within 2 hours. Approximately 30,000 L of diesel on premises. Ticoon s Provider s Air Cooling & Handling Systems include: Air quality handling systems control temperature and humidity. Cooling systems: central cooling plant consisting of four 300- ton open drive centrifugal chillers supporting an independent two pipe chilled water delivery system to 47 air handling units (N+1 configuration on pumps, towers, chillers and air handling units). Temperature Range: 68-78F; Humidity Range: 35-50% Early Fire Detection & Suppression Systems: Siemens FireFinder detectors provide very early detection of actual fires and distinguish them from deceptive conditions (e.g. humidity, dust, temperature shifts, etc.) based on fingerprints of different types of fires. Any detection is reported instantly to the facility staff and to the OC through site automation system. Additional monitoring by 3rd party security monitoring firm. 12 detection zones display any potential problems below or above the raised floor to the monitoring system, allowing staff to quickly pinpoint and resolve the problem. Hosting - Canada Ticoon hosting servers are physically located in Canada only. 14 of 17

15 Guidelines Related to External Regulators Many of these items are covered in other sections of this document and Ticoon meets or exceeds industry guidelines as of the date of this document. MFDA Regulations Any use of mutual funds data is regulated by the MFDA. These rules related to client information reporting are detailed in MFDA Regulations 2.8 and 5.3, along with supplementary notice MR NOTE: The full MFDA regulations are available at: Client Communications versus Client Statements Under MFDA rules of reporting, any distributor- level client reporting is regarded as client communications and is not to be confused with the official client statement reporting that MFDA members are obligated to provide. Any Distributor providing client information must take care to avoid any confusion. For example, the term statement should never be used in any context as it related to this level of client reporting. Account Carrier Identification A particular holding must clearly identify the legal entity that holds the particular asset or money balance e.g. the Distributor. In the mutual funds industry, this will generally be different than the manufacturer of the holding. Disclaimer Official Statement Ticoon contains a prominently displayed disclaimer stating that Ticoon does not include an official statement of account but rather supplemental information to the official account statement. Disclaimer MFDA Investor Protection Ticoon s disclaimer covers the fact that the MFDA s Investor Protection Corporation does not necessarily apply to all positions that the Client has, and the Client should refer to their respective Distributor s official account statement to determine which assets are eligible for coverage. Disclaimer Third Party Products Ticoon s disclaimer includes a statement that Ticoon cannot verify that the Client Data is accurate and/or complete. 15 of 17

16 Technical Requirements Data Encryption Ticoon s standard for data encryption is Pretty Good Protection (PGP). PGP is a public key encryption method most commonly used on market that provides cryptographic privacy and authentication for data communication. File Transfer Protocols SSH File Transfer Protocol (sometimes called Secure File Transfer Protocol or SFTP) is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream. Ticoon uses SFTP to receive data from Clients. Clients can use any software available to connect and upload data streams to Ticoon s secure FTP. Software examples include WinSCP, which is an open source SFTP client, and FTP client for Windows. Individual File Format Each individual file representing source data will have its own standard format and naming convention. Batch File Format and Naming Convention All data files needed to process specific daily, monthly or any other batch job should be saved in pre- defined format and compressed into single archive. Ticoon uses ZIP file compression and archive format without using standard ZIP encryption. ZIP file should be then PGP encrypted using a public key provided by Ticoon before being uploaded to the secure FTP. Each batch file must contain all individual files needed for processing and must be named and transmitted based on Ticoon s standard naming convention. End- of- transmission Flag The end- of- transmission flag should follow all successfully uploaded files. Ticoon uses this method to identify that file uploading is complete and to start data sync. End- of- transmission flag is zero length text file with exactly the same file name except for the extension part. 16 of 17

17 Basic data flow diagram example (upload) 17 of 17