Is your money really safe in an investment account? I’ve previously wondered about that. Any astute person would.
Giving thousands, hundreds of thousands, or millions of dollars to an investment brokerage can be a scary proposition. Doing so requires a little bit of a leap of faith. What if that broker fails and its business goes under? Or worse yet, is physically destroyed?! We’ve all got very important retirement plans, damn it!
And with all of the high profile hacking cases lately, how can you, or I, or anyone really prevent our investment accounts from being hacked?
Fortunately, there are plenty of protections for you that are designed to keep your money safe in an investment account and, at a wider scale, provide the the protections necessary for investor confidence in financial markets. But let’s go through each potential loss scenario.
What if My Investment Account Gets Hacked?
The Russian email hack of John Podesta, Chairman of the Hillary Clinton for President campaign, provided a very high profile reminder that bad people want access to your accounts – and occasionally they get it. If a seemingly cautious and intelligent individual like John Podesta can get hacked, with so much at stake in an election, what is keeping you or I safe?
Fortunately, the Podesta disaster provides some good lessons on account security that can be directly applied to your own email, bank, and investment accounts. The last thing you want is someone impersonating you logging in to your account and wiring money to a bank account in Ukraine.
It is believed that a phishing email with a link instructing Podesta to change his GMail password is what led to the hack. Lesson: don’t click on links to your accounts from email. Ever. Just don’t do it – even if it looks legitimate. In fact, avoid clicking on any links in your emails. Even if password information is not voluntarily given by you, malware could be installed directly to your computer from the site you visit, which can log keystrokes (i.e. passwords) and more. And for that matter, avoid opening attachments as well.
Not clicking on malicious links, attachments, and/or visiting shady websites goes a long ways in keeping yourself safe. But what if your password is stolen in some other way that you don’t have control over (i.e. from the broker’s database itself, similar to the massive Yahoo security breach)?
There’s a simple solution for that: set up 2-factor (aka 2-step) authentication and tag your devices. 2-factor requires recognition of a device you’ve tagged upon login, in addition to your password. Even if a hacker were to have access to your login and password, they would still need to log in from your personal device in order to get access to your account. With this requirement, 2-factor eliminates all but a very small group of people who have access to your login, password, AND device from being able to access your account. For me, that universe of people is 1 person – me.
Had Podesta had 2-factor authentication, it is highly likely that he would have been hacked. I’ve personally set up 2-factor on all of my email, investment, and bank accounts. If there is an account that you wouldn’t want someone else having access to, I would recommend you do the same. If your broker doesn’t offer it, find a better one.
Also, check out my article on how to protect your identity in an unprotected world for further tips on keeping hackers out of your account and what to do if they do gain access.
What if my Brokerage Fails?
The possibility of your brokerage financially going under and losing all your hard earned dollars is an entirely different ballgame from hacking, obviously. But it’s one you should not be afraid of.
The SIPC (the investment version of the FDIC) insures investors with major brokerages up to a ceiling of $500,000 per customer per account type, including a maximum of $250,000 for cash claims. Additionally, many brokers go above and beyond SIPC protection by purchasing additional insurance to instill confidence in customers. For example, Vanguard’s asset protection coverage states:
“Vanguard Marketing Corporation has secured additional coverage from certain insurers at Lloyd’s of London and London Company Insurers for eligible customers with an aggregate limit of $250 million, incorporating a customer limit of $49.5 million for securities and $1.75 million for cash.”
That’s a lot of coverage.
Also, it’s worth nothing that, under the regulation of law, investor assets and the investment broker’s business assets and liabilities must be kept separate. In other words, they are not allowed to transfer your assets to cover their financial issues. This should theoretically limit the need for insurance in the first place. In practice, this works too. For example, in the catastrophic Lehman Brothers bankruptcy case, 100% of the $38 billion in investor asset claims were recovered and transferred directly to those investors without the need for SIPC funds.
What if my Brokerage is Physically Destroyed?
A third potential cause for concern could come from the investment brokerage itself going up in smoke (literally). What if a fire, natural disaster, cyber attack, or terrorist strike were to wipe out your assets, somehow?
Every broker (and bank for that matter) should have a business contingency and disaster recovery plan. If yours doesn’t – again, find a better one.
Vanguard (can you tell I’m a fan?), for example, states,
“- Business contingency plans. Vanguard designs specific, formal plans to respond to a range of incidents—from worst-case scenarios, such as loss of a data center, buildings, or staff, to occurrences such as power outages or excessive phone volumes. These plans are regularly tested and updated to accommodate changes in contingency requirements.
– Data security and recovery.Data security is, of course, a top priority. To mitigate computer virus attacks andother acts of cyberterrorism, we have implemented controls monitored by a dedicated team of information security specialists. We also maintain a network of redundant systems, off-site data storage, and off-site tape vaults to ensure that all source data are recoverable in a disaster.– Business contingency tests. All contingency plans undergo rigorous testing, ranging from comprehensive evaluations of a variety of emergency scenarios to full-scale drills in which we close a building and conduct business from a remote location. We also periodically conduct mock disaster drills with the cooperation of local, state, and federal authorities. We conduct integrated tests with critical vendors to validate our ability to work together during an emergency. In addition, our Information Technology division frequently performs disaster recovery tests to gauge how quickly we can regain our systems in the event of an emergency.”
You’re never going to know exactly where and how many redundant systems, off-site data storage centers, and off-site tape vaults a broker has, for obvious reasons – but what better options do you have? Your assets have to sit somewhere, and a broker with redundant systems is likely far safer than under your mattress, in a hole in your back yard, or even at a local bank.
My advice on all this stuff is that you take proper safety precautions that I’ve outlined here, find a legitimate broker, and then focus your energy and thoughts on having a good passive investment strategy with a diversified asset allocation. That is the best you, I, or anyone can really do.
Related Posts:
The word “Aggregate” in that Vanguard $250mm insurance limit makes me wonder – is that for all customers across all accounts? Doesn’t seem like a ton of coverage if so. Gotta think there are scenarios in which claims would be in the billions (trillions?)…
Yeah, that’s a good question. I’ll see if I can find an answer.
Nice post, and interesting to see Vanguard promoted. It would be interesting to do a Vanguard vs Betterment head-to-head comparison some time. Both have small management fees, and Betterment recently added 2-factor auth (currently in beta, available by request). A passive index investor is likely to own the exact same class of assets on either platform. The key difference: Betterment additionally provides a sophisticated tax loss harvesting algorithm that occasionally sells an ETF to lock in a loss, & buys the nearest equivalent ETF it can find with those funds. In my experience with 6 digits on Betterment, the tax loss harvesting at the end of the year always exceed the platforms small automation fee by a factor of 5-30x. Betterment additionally provides tax coordinated portfolio strategy if you have IRA and/or 401k in addition to taxed investment accounts there. It seems like the only reason to use Vanguard is lack of knowledge about Betterment, but I may be wrong. Correction: I can think of one advantage to Vanguard, if you want to choose specific allocations between specific ETFs (example: putting 2x in small cap value ETFs than large cap growth), that’s one decision Betterment makes for you that you could control on Vanguard. I can see how that could make a big difference if you expect certain ETFs to outperform others. In any case, it’d make an interesting post.
Hi G.E. Miller,
First of all, I would like to thank you for covering this topic, and I would like to add my opinion to value to the post. I’m in my twenties, and I think I should do it too. But how safe is this method? Will it benefit me in future? I have these questions which are pushing me backward to go for it.
What do you have to say about it?
This doesn’t really pertain to your article itself but does to the title, might help out curious first time readers…
There’s a difference between “safe” and “guaranteed not to lose value”. To any readers who are concerned about investing since your investment may fail and lose value – well, it could happen. But, study after study has shown that historically, basically any long-term passive investment strategy will beat inflation. Whereas if you just keep money in a “safe” place, it is all but guaranteed to lose spending power vs inflation, even if you get a small interest rate.
It’s like the reverse of the saying, the devil you know vs the devil you don’t. The devil you know (not investing) *will* lose purchasing power, no questions asked. The devil you don’t (actually investing) will probably increase your wealth, albeit with no guarantees. So if you don’t invest, it’s like drinking poison instead of playing Russian Roulette.
I was very much bothered about my money in an investment account, I couldn’t sleep properly, I just found your article explaining everything regarding my concern. It’s good to see that you are promoting vanguard in your article which is in fact very good with high security measures. But betterment is also in the race; they’ve recently added many security features which make it more secure. Thanks for pointing out everything about Vanguard and betterment.
Planning for disaster is something that not enough people think about … great article!
I like to print out the end of year statement as a back up, and I have proof of the funds I have with a specific broker. Might not be up to the dollar but it is additional printed proof just in case. So far so good no issues in over 15 years of investing.
This article is so relatable and totally voices all the concerns I have. As far as investment accounts are concerned the most important factor is security, It is a relief to know that with Vanguard, a customer’s money is under safe locks. Promoting such options are necessary as this a worrisome issue for many people.
This is an eye opener piece of writing that gives insight about how secure our investment funds are be it even in our local banks.This is the order of the day here in Kenya where hacking of banks and microfinance accounts is trending.Local techies have established strong networks with overseas hackers ,where they provide stolen login credentials and let the other guys the hacking remotely. As security is paramount especially since where it touches on the clients funds,firms are dashing by hiring experts on security as a way of managing this risk.On a personal front ,its indeed vital to protect your passwords be it on Gmail or at your workplaces so as to be on the safe side .
Good Woking and keep such articles coming.