KYC documents, suitability reports, client portfolios with end-to-end encryption. FCA-compliant retention. Ready for FCA supervisory review with signed audit trails.
New client sends ID and proof of address as photographs on WhatsApp. You forward to your compliance team. Sensitive documents for onboarding (passport scans, utility bills, bank statements) travel through Meta servers, iCloud, Google Photos. In case of FCA supervisory visit on KYC quality, your defensible position is fragile.
You prepare a suitability report in Word, attach to email, send to client. The client prints, signs, scans, sends back. Three weeks of back-and-forth. The report sits in Gmail archive with sensitive financial data. If the client later disputes suitability, the chain of evidence is email threads.
Some documents in the practice management software (Intelliflo, Iress, Plannr), others in OneDrive, other scanned papers in an old folder. When a FOS complaint arrives about advice from 2022, reconstructing the complete evidence of suitability assessment, risk appetite, written confirmations takes days.
ID, financial statements, proof of address, MiFID questionnaires — clients send them via email and WhatsApp. Forward to a dedicated Securoo address and see them arrive encrypted in the correct client profile, ready for KYC review. Whitelisted senders: documents from unauthorised people go to quarantine.
Each client has their vault, structured for IFA practice: KYC pack, suitability reports, transaction records, annual reviews, correspondence. Retention configured per FCA requirements (typically 5 years, longer for some pension and long-term products).
When the client receives a suitability report, they confirm reading with PIN + 2FA. RFC 3161 timestamp, cryptographic link. In case of FOS complaint about advice suitability, you have mathematical evidence: client X acknowledged report Y on date Z before transaction W.
Paraplanners see only clients assigned for report preparation. Administrative staff see only communications, not investment details. Each access logged, revocable instantly.
Every access to a client file recorded immutably. One click export signed PDF ready for FCA supervisory review. Covers expected technical and organisational measures under SYSC and SM&CR for data governance.
Documents stay encrypted in Securoo; your practice management (Intelliflo, Iress, Plannr) stores only metadata and references. Native connectors in development for the main UK IFA platforms. REST API available.
IFA Williams takes on a new client for retirement planning. Instead of asking for KYC by email or WhatsApp, opens Securoo and creates the area "Green — IFA relationship 2026".
Sends the client a secure link. The client uploads: passport scan, proof of address, bank statements, existing pension valuations. Each encrypted on their device. Williams sees them arrive, already categorised. Runs KYC checks, signs off.
Over the next two weeks, Williams prepares the suitability report. Shares with the client via Securoo. The client reads on their phone, confirms understanding and agreement with certified acknowledgement. Each page of the report, each assumption, each risk disclosure — all cryptographically linked to the client's confirmed acceptance.
Two years later, markets drop. The client complains to FOS disputing suitability of the advice. Williams exports the complete audit trail: the suitability report as delivered, the client's acknowledgement with timestamp, the risk disclosures accepted, the review meeting minutes. FOS resolves in Williams' favour in weeks rather than months.
Two years ago I was scared of every FOS complaint because evidence was scattered. With Securoo, each piece of advice has a cryptographic paper trail. I sleep better, and clients notice I take their confidentiality seriously.
Securoo provides the technical controls expected by SYSC 9 (record keeping), SYSC 3/4 (general organisational requirements), and Consumer Duty evidence of good outcomes. Combined with your own process documentation, supports defensible position under supervision.
Audit trail with individual-level logging directly supports SM&CR accountability: you can demonstrate who in your firm accessed what client file and when. Useful for Certification Regime record-keeping.
Yes — particularly relevant given FCA focus on defined benefit transfer evidence. Retention configurable for the longer periods required for pension transfers (at least 15 years under current FCA rules, indefinite is safer). Qualified timestamp provides strong evidence of when risk warnings and disclosures were delivered.
Solo (£39/month): 1 adviser, 20 client areas. Studio (£89/month): 3 advisers, 100 clients. Most independent IFAs choose Studio. For networks and DFMs, Business and Enterprise with multi-office support.
7 days free trial, no card required. Pre-configured for UK IFA practice. CISI and PFS member discounts available.
