Who controls the technology behind a UK wealth manager?
How much this sector depends on technology suppliers it cannot fully control — and where that matters most.
The big picture
For a typical UK wealth manager, IFA (independent financial adviser) or asset manager, the layers that define the business — the investment platform that holds client assets and the back-office that administers them — are concentrated in two foreign-controlled suppliers, SS&C (US) and FNZ (Cayman-incorporated, foreign-controlled). Together they sit underneath the assets, the transactions and the books-and-records for a large share of the UK market, holding the single most sensitive data a wealth firm has: its clients’ money and financial lives. That concentration, on top of the same US cloud and office software every firm runs, is the defining exposure.
We looked at the everyday layers of technology a UK wealth manager or financial adviser relies on, from the cloud it runs on to the systems that define the sector. A supplier owned in the United States can be compelled to hand over data under US law — the CLOUD Act[1], and the surveillance powers in Section 702 of the Foreign Intelligence Surveillance Act[2] — even when that data is stored in Britain; a British supplier answers only to UK law. We scored each building block on four things — how few the suppliers are, whose laws they answer to, how hard they are to switch, and how essential they are.
Where the exposure sits
Who controls each layer
The building blocks this sector relies on, coloured by who ultimately controls each one:US-controlledMixed / other
Genuinely UK-controlled options in our data: platform/custody Seccl (Octopus Group), True Potential, Embark; portfolio/back-office Objectway; adviser/planning & CRM Dynamic Planner, Plannr, Curo; market data LSEG, and FE fundinfo (UK/Switzerland). Foreign-controlled incumbents: FNZ (Cayman, foreign private ownership), SS&C and SS&C Hubwise (US), BNY Pershing (US), Intelliflo (owned by Invesco, US), Iress and Bravura and GBST (Australia), Avaloq (Japan, owned by NEC), Nucoro (Netherlands), WealthKernel and Third Financial and Delio (US). None of the UK options is a like-for-like drop-in for the largest incumbents, and ownership should be re-checked before relying on any option — several platforms are private-equity or strategically owned and a change of control can move the jurisdiction.
What this means, in plain terms
If a supplier pulled the plug, how fast would it hurt?
| Speed of impact | Layer | What happens |
|---|---|---|
| Hours | Investment platform / wrap & custody | Asset administration, transactions and valuations halt; clients cannot deal and the firm cannot evidence holdings. There is no fast substitute — re-platforming custody is a multi-year, regulator-notified migration. |
| Hours | Identity & log-in | Staff and clients are locked out of every system; authentication fails first, so everything downstream stops within hours. |
| Hours-days | Portfolio management & back-office administration | Books-and-records, valuations and transfer agency stop; manual workarounds buy little time and the official record is at risk. Migration takes 6-12 months or more. |
| Days | Cloud & compute | Core hosting degrades; heavy migration of regulated workloads takes 6-12 months. |
| Days-weeks | Adviser / financial-planning & CRM | Advice tools, suitability and client records go down; advice pauses but client assets are unaffected. More recoverable, and the layer with the most credible UK substitutes. |
What organisations can do about this
| Building block | Practical steps |
|---|---|
| Investment platform / custody | This is the hardest and most important layer to move, so the decision point is new business and the next platform review, not a mid-contract swap. Our data shows genuinely UK-controlled options: Seccl (owned by Octopus Group), and UK-incorporated platforms True Potential and Embark. Choosing a UK-controlled platform lowers the jurisdiction towards 1 versus FNZ (Cayman/foreign) or SS&C Hubwise (US). Treat any custody migration as a multi-year, regulator-notified programme under FCA/PRA outsourcing rules — plan it ahead of the renewal. |
| Back-office administration & portfolio management | SS&C (US) and Iress/Bravura (Australia) dominate, and the books-and-records dependency is deep. Objectway (UK) is a UK-controlled portfolio and back-office option in our data. Where a foreign administrator is unavoidable, concentrate on contractual exit rights, data portability and a tested migration plan, because the realistic mitigation here is resilience and exit-readiness rather than a quick change of supplier. |
| Adviser / financial-planning & CRM | This layer has the most credible UK choice and the lowest switching cost, so it is the cheapest sovereignty win. In place of Intelliflo (owned by US-listed Invesco) or Iress Xplan (Australia), our data shows UK-controlled Dynamic Planner and Plannr, the UK planning tool Curo, and UK/Swiss FE fundinfo. Preferring these at renewal lowers the jurisdiction without touching the critical custody path. |
| Cloud, identity & concentration | Avoid having one supplier sit under both the platform and the back-office (the SS&C pattern) where you can split them, to reduce the single-vendor blast radius. For head-office cloud and staff log-in, UK and European options (OVHcloud, Scaleway, IONOS, the open-source Keycloak self-hosted) reduce reliance on a single US provider. Map the cross-layer concentration explicitly: knowing that SS&C or FNZ sits under several layers at once is the single most decision-useful step a firm can take. |
| Data residency, contracts & market data | Where a US or other foreign supplier is unavoidable, insist on UK/EU data residency, UK/EU-law contracting and clear sub-processor disclosure. This lowers the practical blast radius but does not remove US legal reach under the CLOUD Act. On market data, LSEG (UK) and FE fundinfo (UK/Swiss) are lower-jurisdiction alternatives to Bloomberg and Morningstar (both US) where the use-case allows. Document the residual exposure and monitor it. |
Sources
- US CLOUD Act 2018 (18 U.S.C. 2713) – compels US-incorporated providers to produce data in their custody wherever in the world it is stored. https://www.govinfo.gov/content/pkg/USCODE-2018-title18/html/USCODE-2018-title18-partI-chap121-sec2713.htm
- US Foreign Intelligence Surveillance Act, Section 702 (50 U.S.C. 1881a) – a US directed-surveillance authority. https://www.govinfo.gov/app/details/USCODE-2021-title50/USCODE-2021-title50-chap36-subchapVI-sec1881a
- Vendor ownership and hosting – taken from company filings, public registries (including UK Companies House) and suppliers’ own documentation, compiled in the Information Matters UK vendor sovereignty database.
How we did this. We scored each technology layer on four things — supplier concentration, whose laws they answer to, how hard they are to switch, and how essential they are — using the IM Sovereignty Framework and our UK vendor database. Control and hosting facts come from primary sources; the harder-to-quantify judgments are our reasoned view of a typical organisation. Scores are bands, not exact measurements. Full evidence record available on request.
This research consists of the opinions of the Information Matters team — human and AI — and should not be considered statements of fact.
Information Matters · informationmatters.net
If you have any questions or comments about this article please email info@informationmatters.net

