If you’ve ever bought a client bank, that is, the goodwill in a business rather than the equity and liability, then essentially what you’ve bought is a marketing list.

    If you bought a client bank post-RDR, then that’s pretty much all you’ve bought. That isn’t a problem and it can work well for both parties, but you need to understand the implications when it comes to the General Data Protection Regulation (GDPR). (You can read my thoughts on why GDPR is a force for good here.)

    The reason what you’re buying is a marketing list is you're not buying the business which has a contractual relationship with clients. When you acquire goodwill, the only contract the client has agreed to is to pay for services from the seller. The buyer has no contractual relationship with the clients whatsoever, and isn’t entitled to a penny of their money, This is the case regardless of what might be agreed between the buying and selling firms. The only way for the buyer to get advice fees transferred and paid into their bank account is to get the client to sign a new client agreement with their firm.

    There are a couple of small exceptions. Firstly, pre-RDR trail commission can be bulk novated across as this is commission and therefore an agreement to pay between the seller and the insurer paying it. Secondly, you can agree that any residual income which continues to be paid is ultimately payable back to you as the buyer.

    But none of this avoids the fact you will still have client data transferred to you as part of the deal. You will still need to obtain consent for this under the Data Protection Act and, from 25 May, under the GDPR.

    What you need to know

    The requirement for consent raises some problems.

    You can’t rely on consent previously given to the seller. Not only was that a different business, but the standard of consent required to share client data with third parties is higher under the GDPR. It requires a reasonable level of disclosure about the business the client’s data will be shared with. The client agreement would have to have stated that the seller would share the data with the named buyer in order for this to pass muster.

    Client agreements can use categories of firm rather than a specific business name when it comes to disclosing where data will be shared and gaining consent. But that category must be fairly tightly drawn, for example: "We will pass your details to one of the three accountancy businesses we work with in Birmingham. We can provide you with their details on request." If the client agreement simply stated an advice firm would share client data with ‘a future buyer’, this would probably be too broad.

    So, let’s assume there is no adequate consent in place to transfer data.

    Before you take any personal information about the clients from the seller, you need to gain consent from the clients themselves. In most transactions, this is done by the seller sending a letter to his or her clients advising them what is happening, for example: "I’m selling my business to XYZ and handing over your file to them…"). Clients should be given a reasonable amount of time to object, such as 30 days.

    Technically, this is in breach of the Data Protection Act as data transfers require positive consent. Yet it’s been done with negative consent forever, thousands of times, and I’m not aware of any issues having been raised. Don’t expect a lawyer to confirm this though.

    Before taking any money (that is, post-RDR adviser charges rather than pre-RDR trail), you also need to get agreement from the client to the service you’re offering, the fee your charging for it and a lot of the other terms you’ve got in your client agreement.

    By the time you’ve worked all this through, you should arrive at the conclusion that the easiest and arguably only way to do this is to get every client you want to take on to sign up to your own client agreement and service straight away, and before you take a penny off them. There’s some wriggle room to offer an identical service for a while, but given the GDPR implications it makes no sense to ask a client to sign some temporary contractual terms now and then the right terms in a few months’ time. If you want to annoy new clients, that’s a great way to do it.

    Buying a client bank is really buying an introduction. A very warm one. There’s no reason why you can’t still fix a value in that client bank, but you need a clear plan to ensure the warm introduction stays aflame with the fires of a financial incentive.

    A structure I’ve seen work for both sides (and yes, it needs to work for both parties) puts a clear value on the client bank. It requires the seller to meet and move clients across to the new firm and their client agreement in a very structured way, with set targets. This deal structure isn’t a regulatory issue provided the incentive is to move clients and assets to a new advice firm, not onto a specific platform, product or investment.

    Heeding your data protection obligations

    None of this means buying client banks is a bad idea or will disappear. Plenty of sellers will only ever be able to sell their client bank, rather than equity, for various reasons. I‘ve seen goodwill purchases continue to work for both buyer and seller.

    Indeed, the thought process required to cope with the issues outlined has made some deals work better. This is because they are more thoughtfully planned out and there’s a better understanding of what is required from both parties pre-deal, resulting in fewer arguments afterwards. What it does mean is a seller can’t simply expect to walk away and not put some effort into moving clients to the new firm, and neither party can ignore their data protection obligations.

    I’ve come across several instances where firms have bought client banks and ‘bulk novated’ adviser charges without a new client agreement being signed between the client and the buyer. This is not only a breach of FCA regulations (the regulator has written out to firms about this) but a breach of the law.

    Most firms have done this innocently, but some have pressed on knowing it’s wrong. A lot have used lawyers with no financial services experience to work on the contracts, and those lawyers have allowed this to happen without comment. The minimum financial consequence if caught is repaying every penny in adviser charges back to clients, not to mention the other costs of remediation and a potential fine if you did it knowingly. Get some proper legal advice.

    One final point. If you’ve bought a client bank previously and not taken on some of those clients, then there’s no reason to hold on to their data or files given you have no liability for historic advice. Under the GDPR ‘data minimisation’ principle, you should delete those records as you aren’t using them and don’t need them to defend a complaint.

    To download the Nucleus white paper GDPR: A guide for financial advisers, prepared in partnership with Phil Young of Zero Support, click here
    Start the discussion

    Add a comment