KYC email requesting information

I have received a email with the content:

Within our Terms and Conditions for Clients, under clause 27. Due Diligence Information, we have an obligation for ongoing Know Your Customer (KYC) requirements. 

With this in mind, we would be grateful if you could provide the following information within seven (7) days code here

I am happy to provide this however the setup with getting us to provide sensitive personal information very poor, and really needs an overhaul.

  • email is not a good means of providing this is as its an inherently insecure means of exchanging information.

  • The wording, reference to some obscure clause, generating a sense of urgency it straight from the playbook of phishing actors.

  • the fact you do not provide a phone number means there is no way to validate by phoning the helpdesk.

  • When I questioned I was provided a a link to a 3rd party upload site not using your domain name. Again I have no means of validating to whom I am sending this information.

Most financial institutions I deal with have a secure messaging service, I am surprised not to see one here. This lack of secure processes is not providing me with assurances.

I need for the upload facility to be provided via a site using your SSL certificate or via your app so I can have some assurances its not getting into the wrong hands. Can you please provide such a solution.

2 Likes

Hi! Thank you for your feedback. We understand your concern regarding the security of your data and please be assured we are taking it seriously too.

Regarding the the security of sending the document via email we do provide an alternative way to securely sent your sensetive documents over to us.

You can review our Terms & Conditions for Customers over at invesengine.com here - InvestEngine Terms and Conditions for Clients

Unfortunately, phone support is not available at this time. However, we are here to assist you through other means.

We are constantly improving our services, so please be assured i sent your feedback over to our Development team.

Did you get it sorted? I was asked the same and whilst the speed of the support team has been quick whoever is responsible for the KYC side has been utterly useless to the point I am considering putting a complaint in. It’s pretty terrible that I cannot contact them directly. It’s been over two weeks now.

I did eventually, as support reached out and gave me the link to submit the details, so it was confirmed via a channel initiated by me. My points still stand though as these concerns have yet to be addressed. The more people who complain the more likely it’ll be solved.

It feels like they were unprepared in needing to collect KYC and hacked a solution together, which is a functional but far from professional solution. I can only suggest you, and anyone else reading this, encrypt the files and then share the secret with them via the support channel. Still not ideal but better than just sending it in clear.

Not sure whether to start a new topic or not, but I’ve just had a comparable bad experience with InvestEngine and it’s thoroughly shaken my faith in the platform. It relates to a similar KYC issue but there was a link in my email to a secure upload and it’s not that side of it that troubles me. My story in brief:

  1. I’ve had an IE account for a couple of years now with a significant (£60K) portfolio. I must have successfully passed all the KYC checks at the time of opening the account. I understand the general need for KYC as an anti-fraud measure, but my main beef is that changes to the KYC requirements seem to have been made by IE (as far as I can judge) without any individual notification and without a thought-through process.

  2. Recently I was reviewing my total investments and decided to add another £40K input to my IE plan. The bank transfer was accepted without issue by IE but somehow I couldn’t invest it. Then the KYC email arrived demanding much more draconian KYC information. Selfie with a driving licence visible? Sod that for a game of soldiers. None of the other multiple platforms and savings accounts I use have ever asked for this and seem to have successfully validated my ID via alternative means.

  3. This really irked me and so I requested IE support to return the new £40K subscription, which I would take elsewhere. But no dice - IE simply refused. My cash was effectively trapped in IE with no immediate way of accessing it. This should be a cautionary tale for others to consider. (For clarity, let me add that the issue has now been resolved after a strong email to higher up in IE management and using ID validation via a bank statement, which I don’t object to. But this was not an option originally presented.)

  4. The aspect that made me most angry was that IE changed their KYC requirements without - as far as I can recall - any reference to individual customers. The upshot is that your money gets trapped inside the IE system. What absolutely should have happened in my view is that if IE suddenly make the KYC requirements much more demanding for existing and previously ID-validated customers (as is their prerogative) then natural justice surely demands that the customer is given the right to refuse and their funds are returned to them forthwith. It should absolutely not be the case that a new subscription is accepted and then becomes trapped inside IE, alongside your existing funds. The KYC requirements are surely part of a contract between me and IE. This contract should absolutely not be varied without my explicit consent.

  5. And there was another absurd aspect to the same email which demanded to know the source of my new subscription and for which I needed to show documentary evidence. I know this is probably FCA (?) inspired though I don’t know to what extent IE are overinterpreting FCA guidance. It’s crazy on 2 accounts. First, if I was trying to launder money (which, to be clear, I am absolutely not!) then surely I would think up some plausible source for the money with spurious documentation to match. And second, for a mature investor who has had a professional career and has been saving/investing for say 40+ years then there is no easily identifiable source of a specific tranche of money - it just comes from the overall financial assets that I may own. In my working career I have had good salaries, bonuses, business proceeds, redundancy payments, now pensions, inheritances, premium bond winnings, savings and investment proceeds etc etc - the list just goes on. After even just a few years of savings and investments maturing and frequent portfolio changes the money gets completely intermixed and the exact origin of any new subscription becomes genuinely impossible to identify, other than to say ‘existing assets’, which IIRC doesn’t appear on the list of options.

The upshot is that I will think long and hard now about putting any new money into IE. There is a long list of alternative platforms with less draconian KYC requirements.

1 Like