Securing Business to Business Email in the Pensions Industry

The UK life assurance and pensions industry sends huge amounts of confidential documents 'B2B' between product providers, intermediaries and advisers. The majority of the big providers have bought into portal-style platforms where advisers can conduct business across many different players (such as Norwich Union, Legal & General, Zurich etc) - however, more than 60% of the business is conducted over the phone between adviser and product provider with the provider emailing, posting or faxing the resultant client documents back to the adviser. Documents usually are client agreements, quotes or illustrations on how financial products such as pensions pay back depending on a clients circumstances.

The life and pensions industry in the UK typically revolves around Financial Advisers who are independent or tied to an organisation. The majority of IFA's are one or 2 man bands with little IT knowledge and little gumption to learn how to use IT assets properly. The FSA has included data loss as an "reportable breach" and certainly, all staff who work at financial organisations have to pass regular training to detect what has to be encrypted.

The problem the industry has is that IFA's who work with many financial product providers have to remember lots of credential-sets and remember how to use multiple mechanisms for receiving quotes and illustrations for pensions, investments and annuities from each of the main product providers. The majority of secure email solutions are considered difficult to use and are not popular with recipients of secure email who have to browse to, register, and retrieve email through a web front end.

To make matters worse - some of the core intermediaries are trying to dictate their secure email solutions are the only mechanism that they will do business. One particular Wealth division of a big player has suggested "Password Encrypted Winzip" (crikey!) whilst others are moving to PGP/MIME solutions through products like Tumbleweed, Trend Micro and Cisco Ironport.

We need a worldwide solution for securing email communication that the big organisations will buy into. The solutions that involve plugins and proprietary solutions will just never work in the long term.