Wealth Management - Risks and Benefits of APIs. Part 1: Client Engagement

To meet client needs for comprehensive, personalised advice, Wealth Management Firms (“Wealth Managers”) are increasingly turning to technology to access information, conduct research, and analysis.

A key to automating and tailoring this information access, from in-house and third-party sources, is Application Programming Interfaces (APIs). With this comes risks that the firm’s Risk Management must address particularly around data integrity and security of all information sources.

Wealth Management is driven by building strong, trusting relationships between client and advisor. Clients engage Wealth Managers to grow and protect their wealth. The value that the Wealth Manager brings is trusted and holistic advice to enable clients to make informed financial decisions at that point in their lives.

As the “face of the firm”, Advisors must bring all the resources that the firm can marshal to this critical Client Prospecting and Risk Analysis phases (“Engagement phase”). Advisors need to have an informed conversation on topics ranging from life goals, savings, existing financial commitments, risk appetite, investment options across different asset classes, and wealth protection and preservation. Moreover, it needs to be conducted in the context of the broader economy, economic cycles, and the client’s investment horizon.

How can APIs help assemble information?

APIs simplify the connection between information consumers (i.e. Advisors and Clients) and their providers (i.e. sources of data). An API is a specification that defines what data is transferred between systems, and how. It is not a computer language. By defining the data to be requested and transferred, a data provider can make their product (the data) available to the users without complicating it with details of how the system was created.

Software developers in the Wealth Management firm can use APIs to create tools for both clients and advisors, focusing on the user experience. Some APIs are simple enough for non-technical professionals to extract data and download into another application or spreadsheet for analysis.

To show clients a range of investment options and risk/reward characteristics, Wealth Managers need to gather data from multiple sources. As a trusted Advisor, they also facilitate throughout the client lifecycle process:

Add a caption to enhance the meaning of this image.


In this article, we consider the role of APIs in the client engagement phase. We also consider the risks and controls required to ensure the integrity and security of information transferred through APIs. In subsequent articles, we will look at the benefits and risks of APIs in other phases of the Client lifecycle.

Early in their financial journey, clients seek to discover and evaluate the Wealth Manager who can best meet their needs and can be trusted. At this stage in their relationship, the Advisor needs to show that they understand the client’s objectives, can be trusted with confidential information, and can knowledgeably explain various investment options and their advantages in a way that the client can understand. The client will very often want to assess all these things before submitting to Client Onboarding.

From Capgemini World Wealth Report 2019: "With a new generation of tech-savvy HNWIs, technology will help wealth managers become more transparent, improve user interfaces, and beef up client engagement."

The Advisor therefore needs to draw on information from a wide range of sources, and present them in a logical, intuitive format. This information could include:

  • Investment research
  • Foreign exchange strategy
  • Historical rates of return (and risk) of different asset classes
  • Calculators and simulators enabling a view of different scenarios
  • Structures for protecting wealth (e.g. insurance)
  • Structures for protecting and growing retirement savings such as Superannuation, IRAs, 401Ks, MPFs, Pension, and CPFs

While the Wealth Managers may choose to develop some tools themselves (e.g. calculators, simulators), gathering the data from external reliable sources may be more time and cost effective. In this instance, the Wealth Manager could access data via APIs from Data owners and providers.

Accessing Data from APIs

To identify the risks, and controls that need to be applied, we need to first explain how data is accessed via an API.

We will do this with a simple example: accessing stock price data. We will do this using the free stock price API from Alpha Vantage. You can see the full example at: https://www.alphavantage.co/documentation/

This is not a programming guide, simply an explanation of the data that is passed from the “consumer” of the API (the user making the request) and the “producer” (the provider of the service delivered through the API).

This query returns time series intraday stock prices for a requested stock ticker.

The parameters that need to be passed to this particular API are:

  • The Universal Resource Indicator (URI): In this example, the URI is https://www.alphavantage.co. Look familiar? That’s because the most common form of APIs in use today are built on the same foundations as the World Wide Web.
  • The function: In this example, we are calling the TIME_SERIES_INTRADAY function
  • The symbol: This is the stock ticker for which we want prices. We are using IBM in this case.
  • The interval: The interval for the time series. Here we specify 5 minutes between prices
  • The API key: This is a unique identifier for the requestor. So that the provider of the API can track who is using it, they allocate a unique key (a seemingly random series of numbers) to each user. You can request your own API key from Alpha Vantage.
  • Optional: datatype: By default, datatype=json. JSON is a document format familiar to programmers, but for ease of understanding for non-technical readers this example will request the output as a CSV (comma separated value) file.

This is what the request looks like when it’s all put together:


This is what the first few rows of a CSV output from the API looks like:

Example CSV output returned by an API call

2020-06-10 16:00:00,130.2600,130.3100,129.8000,129.8200,184704
2020-06-10 15:55:00,130.1700,130.4300,130.0750,130.2800,134650
2020-06-10 15:50:00,130.4900,130.5200,129.9900,130.1700,80014
2020-06-10 15:45:00,130.5700,130.6000,130.3850,130.5000,65078

The first row lists the field (or column) names.

Subsequent rows show the values of each field, separated by a comma.

Risk Management of APIs and Third-Party Data

Here we specifically focus on some of the risks around APIs and data collection from third-party providers:

  • API design and review particularly for a private API and new service with a key partner
  • Collecting too much, not enough data or incorrect data fields
  • Frequency of data collection
  • Data accuracy and validation / testing
  • SSL certification validation
  • User Authentication
  • API key validation
  • Cyber-attack (incl. phishing attack) & your normal system outages
  • Clarity around data ownership
  • Protection of data at rest, and in-transit (encryption) and storing
  • Data retention length (per each country’s minimum regulatory requirement)
  • Cross border use of certain data – check regulations in each country on use and storage
  • Security, tracking and access monitoring of the API key
  • Updates, retirement, and change notification of the API design thru Change Management governance

It is vital to clarify ownership of data and APIs. Generally, RASCI or RACI (Responsibility, Accountability, (Support), Consulted, Informed) can be a useful tool for this purpose. Risk assessment, risk rating and mitigation actions would be based on the type of data being collected. Is it packaged and provides the Wealth Management company an edge or is it generally available traded data for e.g.? If the APIs are written specifically (i.e. not open API) then how is it stored and protected is also a key question to consider ensuring you retain the edge.

The Role of Artificial Intelligence (AI)

The role of AI in data analysis is important for concise content presentation to the clients. AI, also referred as Machine Learning, is a branch of computer science containing pre-determined algorithms and rules to be able to take the data, analyse, and produce reports or decision paper. Ultimately, this is the main report necessary for a client-facing meeting. One of the key risks that need to be considered around AI is the business case or purpose for it and the algorithms. The algorithms need to be thoroughly tested to ensure that you have quality reports generated for that critical Client Engagement meeting, otherwise you have the adage of garbage in and garbage out.


In this article, we introduced the concept of APIs, touched upon AI and how they can enhance the client/advisor relationship through gathering and presenting relevant quality information. We looked at the role of APIs in client engagement. We also discussed the risks, and mitigations to consider for the integrity, security, and governance of information transferred through APIs and using AI. As mentioned earlier, in subsequent articles we will look at the benefits and risks of APIs in other phases of the Client lifecycle; and as relevant we will also embed other applicable technological concepts.

This is Part 1 of our series on APIs in Wealth Management.

Selecting the best API Governance Framework for your firm
Successfully applying Application Programming Interfaces (APIs) to support your firm’s business strategy requires a governance framework that balances flexibility with control, in tune with the firm’s culture, processes and risk appetite.