News, Vision & Voice for the Advisory Community


Raj Udeshi invokes 'Theranos' fraud in testy exchanges over data collection with Envestnet's Bill Crager and Jud Bergman at Tiburon CEO Summit

HiddenLevers co-founder offended some audience members with his accusations, but others say he raises a valid concern: Where is the line drawn for firms capturing and selling advisor and client data?

Tuesday, April 9, 2019 – 2:29 AM by Brooke Southall
Raj Udeshi took on Bill Crager then Jud Bergman about their use of client data.

Brooke's Note: As a journalist, in particular, I can see why some Tiburon CEO Summit attendees thought it was constructive that Raj Udeshi confronted Bill Crager on stage in a big way in New York last Tuesday. I can see why others were irked by Udeshi's actions. What is certain is  this was a very interesting, high-intensity clash on a topic of large and rising importance: Whose data is it anyway? The financial advice industry's databases contain some of the most valuable and closely-guarded consumer information out there. Sooner or later, hard lines will be drawn as to its use, whose sting could be far worse than an entrepreneur's words.

The usually tranquil Tiburon CEO Summit in New York City got rocking last Tuesday when the CEO of one of the smallest firms there took on an executive  at one of the larger -- spilling over into a testy hallway exchange to try to calm the waters--over the sensitive subject of collection and sale of data. 

Raj Udeshi called out Bill Crager and his firm, Envestnet, during a moderated panel discussion on the subject. Orion Advisor Services CEO Eric Clarke moderated the panel, which also included Lori Hardwick, founder of AI Labs and Clara Shih, founder and CEO of Hearsay Systems.

Envestnet first got publicly attached to the issue of data privacy last July in a Forbes article, when a columnist lumped in the Chicago outsourcer (and Yodlee owner) with data sellers like American Express and Mastercard.

'I would like to think that many people will be shocked to learn that companies they do business with -- like Mastercard, AmEx, and Envestnet-Yodlee -- are selling their transaction data in real-time," the article stated. 

Bill Crager
Bill Crager: 'Envestnet doesn’t sell individual client data, Period. Full stop.'

Udeshi, the outspoken CEO and co-founder of HiddenLevers, played off the article for his comments. HiddenLevers recently made waves by winning a giant data analytics account from Focus Financial. See: HiddenLevers' Raj Udeshi takes victory lap after nabbing Focus Financial account: 'We dropped a bomb in BlackRock's backyard;' But it's just a battle not the war, analysts say

Crager, CEO of Envestnet Wealth Solutions, is the company's No. 2 man behind chairman and CEO Jud Bergman.

Though nobody attending the CEO Summit, which bars the media, was willing to speak on the record about the incident, a number of sources noted the pin-drop moment came when Udeshi  took the floor. 

They recalled him saying, "the industry is having its Theranos moment."  Udeshi made the comment amid insinuations that Envestnet may be taking its collection and sale of client financial data too far. 

Theranos closed its door in September. Founded by Elizabeth Holmes, it made big news after it was revealed it fraudulently claimed its tests required only about 1/100 to 1/1,000 of the amount of blood that would ordinarily be needed.

In the buttoned-down world of financial conferences, the friction caused by Udeshi rabble rousing stands out, says Timothy Welsh, president of Nexus Strategy of Larkspur, Calif.

"Nobody ever gets after anyone [at those events]," he says. "That is a dramatic moment. It's an AOC [Alexandria Ocasio-Cortez] confrontation in that staid, collegial atmosphere."

Sharing views

Udeshi declined to respond to two emails asking him for comment about what was said and Crager's subsequent comment to RIABiz, which is below.

Welsh adds that Udeshi has a track record of speaking up at various conferences on the circuit. Most famously, he took on President Donald Trump's counselor, Kellyanne Conway.

"You know you didn't win the election," he reportedly told her at the MarketCounsel Summit in Miami that immediately followed the election. See: MarketCounsel Summit weathers Trump mayhem as Scaramucci and Priebus bail and Kellyanne Conway makes a night flight to Miami

This time around, Charles "Chip" Roame, managing partner, Tiburon (Calif.) Strategic Advisors, had "no comment on the particulars."

"Generally, I think the lack of media allows for broad ranging conversation.  As long as it is respectful, I think sharing differing views is one of the best aspects of the Tiburon CEO Summits."

On stage, observers say that Crager mostly deflected Udeshi's contentious comments and spoke about Envestnet's service in more boilerplate terms. 

Where the Udeshi-Envestnet confrontation attracted more interest was following the event. Bergman and Udeshi engaged in what observers called a testy and prolonged exchange in a dark hallway of the Battery Park Ritz Carlton Hotel.

Crossing lines

Envestnet declined to be interviewed for this article but Crager, through an outside spokeswoman, issued a strong denial that his company crosses any data privacy lines.

Charles 'Chip' Roame: 'Sharing differing views is one of the best aspects of the Tiburon CEO Summits.

“Envestnet doesn’t sell individual client data, Period. Full stop. To suggest otherwise is false and irresponsible,” he said in the prepared statement.

On its website, Envestnet describes its data inventory in this way:

"Unlike survey and traditional data sets, Envestnet | Yodlee Data Analytics for Retail Solution is powered by a data panel that can be segmented countless ways to reveal consumer spending patterns for a variety of market categories and services. Drawing from 16 million de-identified active consumers, the panel is consistent with the US population in terms of geographical location and income level."

An email went unreturned to Envestnet's spokeswoman, Brooke Worden, asking whether "de-identified" is the key word in harmonizing Crager's statement with the website verbiage.

Reached by email, Orion's Clarke said how firms sell, buy, use and secure data is best handled proactively.

"Data stewardship is certainly an interesting topic for our industry and one that we are all better off to sort through prior to the regulators making an example of a firm and further harming our industry’s reputation with the investing public," he said. 

Taking shots

More recently, Morningstar picked up on the Forbes findings and took a shot at Envestnet following the firm's purchase of Schwab PortfolioCenter. The posting was written by Dermot O’Mahony, head of software products.

Kunal Kapoor, MorningStar
Kunal Kapoor recently advised RIAs should 'think closely about who (they) are partnering with.'

In the posting, O'Mahony writes: 

"Independent RIAs have a clear obligation to understand how solution providers will use their stored data. Morningstar does not sell client data—to hedge funds or any other market participant—and we will always prioritize data security and the individual investor’s right to privacy. You will always know the company we keep.

O'Mahony continued:

"Our CEO, Kunal Kapoor recently advised at the T3 Advisor conference that RIAs should 'think closely about who (they) are partnering with. We have the opportunity to pick our partners. More than ever, we encourage advisors to not just learn about the services they use, but also to understand what’s behind it. Understand who you’re partnering with.'” 

The Chicago fund tracker, money manager, software and data firm sells a competitive performance reporting software product, Morningstar Office, used by about 4,000 RIAs and it sells data aggregation through its ByAllAccounts subsidiary. See: Why Morningstar's purchase of ByAllAccounts might be a bigger deal than its paltry $28-million price tag shows

Morningstar was one of several firms that joined the feeding frenzy to lure those 2,300 ex-Schwab PortfoloCenter firms that were up for grabs during the transition. See: Schwab PortfolioCenter sale to Envestnet signals open season on 2,300 RIAs in the deal; Orion bags six; 'Why didn't Tamarac call me?' some ask


Related Moves

Behind the scenes, Envestnet's board of directors had much to tussle over before finally subtracting the 'interim' from Bill Crager's CEO title

With Jud Bergman gone at a chairman, a power struggle ensued to fill that spot, and the process dragged when taking the company private came under review

April 2, 2020 – 2:34 AM

Envestnet nabs Dani Fava to cross-pollinate semi-autonomous units and reap 'financial wellness' as the end product

The Chicago outsourcer has a massive, partially disconnected arsenal of products that CEO Bill Crager is rationalizing into 'wellness' with yet another new unit.

July 23, 2020 – 1:42 AM

Brad Shepard unexpectedly resigns from Orion Advisor Services after 10 months, and his chief strategy officer position will remain vacant, the company says

The Nashville, Tenn. executive came aboard to create a 'go-to-marketing strategy' for Brinker, HiddenLevers and legacy units but gave his notice this week.

January 7, 2022 – 11:40 PM

Envestnet and Edmond Walters end odd couple 'Apprise' relationship with buyout, but leave open the door to jointly pursue RIA-to-entrepreneur dashboard... later

The MoneyGuidePro owner and eMoney founder execute clean break with Apprise IP rebranded as 'Wealth Studio.' Walters off to the races with a startup and vague promise to collaborate later.

April 6, 2021 – 12:50 AM

See more related moves

Mentioned in this article:

Tiburon Strategic Advisors
Consulting Firm
Top Executive: Charles Roame

Envestnet Inc
Top Executive: Jud Bergman

RIA Publication
Top Executive: Eric Clarke, CEO

Brian Murphy

Brian Murphy

April 9, 2019 — 4:50 PM
I think it's pretty clear to me what's going on here. The question of "who's data is it anyways?" is the valid one that each and every industry is going to grapple with over the coming years. From my perspective, the data is that of the end client - not the advisor, not the custodian's and certainly not 3rd party partners. If 3rd party partners want to aggregate a client's data along with others and sell it - then they should have to get direct approval from the client and possibly compensate them for that. That's the way it's meant to be. Period. Full stop.
Brian Murphy

Brian Murphy

April 9, 2019 — 5:24 PM
Hi Brooke - here's how I suspect it works...let's use company "X" for the discussion to generalize. Basically if I'm company X and have access to client data I would have a hard time justifying selling the data for Client 1 or 2 individually. That would clearly be violating the privacy of each individual client. So instead, I remove all names and aggregate all the data together using different metrics....say all clients of a certain age...all clients of a certain net worth, all clients in a particular geography...all clients in a particular geography with a certain net worth. I then sell that data. So I've "de-identified" particular clients but are then selling characteristics of the entire dataset. That allows me to claim that I'm not violating anyone's individual trust, and hence don't need to disclose anything. Company X then has a new revenue source based on data sales to 3rd parties. This gets tricky, because if you boil your search query down enough you feasibly could access the data of an individual client...for example, all clients in a particular zip code of a certain age and income might drop the meaningful "aggregation pool" down to a small number of clients - perhaps just 1.
Brian Murphy

Brian Murphy

April 9, 2019 — 6:42 PM
Jim - who's data is it? No disrespect, and I do understand that we've been "trending towards people just accepting it" for years. That doesn't make it legally right as Facebook and Google are finding out. So, I ask you - who's data is it? I say all personal data is that of the client. I say additionally that all transaction data is that of the client as well. Can we agree on that - or not? Now, I suggest that in such an environment advisor, custodian and/or 3rd party provider(s) have 2 options - explicitly ask end client for use of that data (with or without renumeration to the client), or deciding to withhold service to client's who don't agree to sharing their data. Actually pretty simple. The problem I think we get into is with regards to who's data it is? I think there is a case to be made that "de-identified" data created and owned by advisor, custodian or 3rd party may be justifiably there's to do so as they see fit; but it would be much more straightforward (and legally defensible) if client's acknowledged this.
Jim Starcev

Jim Starcev

April 9, 2019 — 7:32 PM
Brian: I realized I didn't answer your question and you won't like my answer. I may not agree this is the way it should be, more the train as left the station and there is no way to bring it back. No, you no longer own your own data. You don't, I don't. When you start digging into the world of big data, it is shocking the volume of data that is being generated, collected and used, most of it on some level would be considered personal data to somebody. The explosion of IoT, sensors, cameras, facial recognition, voice recognition. Your data is being collected and used on some level at a mind boggling rate, arguably with data that is far more personal than your financial transactions. I am saying financial services would benefit from embracing, defining and putting parameters around then trying to hide from it, because honestly there is no hiding from it any more and you are always better if you control the conversation versus not.
Jim Starcev

Jim Starcev

April 9, 2019 — 8:00 PM
Brooke: Interesting questions. I have no idea what holding title to data in today's world would look like, that was kind of my point. There is so much of it and it is everywhere, virtually no one can hold title to any of it. I don't think I would say you can completely deindividualize data. You can come close. But even if you do a great job, there are probably really smart people out there working on ways to do deindividualize it for nefarious reasons. A risk we are taking. I think your last question is the most interesting. I think we focus a lot on the negatives, and there are a lot of negatives to focus on. But there are a lot of positives too. My initial reaction is no, there is not a net positive in either direction. Individual areas would definitely have a net positive on one side or the other, but overall I guess I fall in the middle. As an example, I made a conscious decision to share my dna on 23 and me. That gave them a lot of really personal data that could be used to harm me. It also gave me data I wanted. I have big holes in my family history so the reports were fascinating to me. I also know the data gathered can have really positive impacts on mankind as a whole. So I weighed the good and the bad and decided to do it. I think that may define my position as well as anything.
Jim Starcev

Jim Starcev

April 11, 2019 — 2:18 PM
John, that is an excellent point, but it actually reinforces what I was saying about needing more clarity and thought leadership on this. As a fiduciary, selling client data, without disclosing that for profit would be a clear violation. However, what if your custodian is using large anonymized datasets that includes your client data to develop a better fraud detection system? You are probably ok (which is good because this is most likely happening) because it is for the benefit of the client. What if because of this, your custodian gets significantly better, fraud instances go way down and your E&O carrier reduces your premium. Could someone argue that you used client data, without disclosing it to indirectly increase your profits. If so, that would be textbook example of violating fiduciary duties, but in truth it is not either. My whole point here is that this sounds like an easy topic, data privacy for clients but at the end of the day there is a lot of devil in the details that really needs to be worked out. If you want a truly crazy example, I will use your siting of the big companies not having a fiduciary duty. What if you as a fiduciary play a role in them getting the data, even if it is completely innocent. You email your client saying your are looking forward to meeting with them next week to discuss their college funding plan. Google scans that email (because the client has a gmail account, not you) and sells information so that the client starts getting ads for Universities and SAT prep courses. You disclosed "private" information being they have a college fund that someone else used to make money. What if on top of that you own Google stock in a personal account of yours. No one would question that, but in truth you shared data with someone who made money on it and then a very, very small fraction of which came back to you. Also, as a fiduciary you can disclose that you are selling data for a profit and legally do it. I wouldn't recommend this, but I will also say that if someone did and really offered good value to the client (my example earlier of Google doing it for free), clients would sign up for it. Not all, but a lot and you could be competing against an RIA that is charging clients nothing and making their money from the clients data.


April 10, 2019 — 2:56 PM
Yes, Raj did rudely confront Kellyanne Conway at the Market Counsel Conference. You omitted the part where her reply and made him sit down sheepishly with his tail between his legs. Yes, I was there.
Brooke Southall

Brooke Southall

April 9, 2019 — 5:12 PM
Brian, I got sort of left in the dust in this debate when data got parsed into individual data and de-individualized data. Ahead of the publication of this article, I never quite got clear on what the difference is and how the ethics flow in that spectrum. -Brooke
Jim Starcev

Jim Starcev

April 9, 2019 — 6:15 PM
This is an interesting topic and one financial services needs to get ahead of. With that said, it is a very difficult area with all sorts of land mines. Brian, your comments are very logical. But honestly, consumers for years have willing given away their data in order to get cheaper or free services. It would be hard to argue that anyone using Facebook, Google or 1000's of other services don't know that those companies are generating lots of money from their data. And although lots of lip service complaining about, we are really trending towards people just accepting it. Also, any firm that aggregates data should have all sorts of safeguards in place that would not allow you to query down to that small of a pool, no matter how specific your query is. So that really should not be an issue. With that said, Financial Services is really built on trust, it is not Facebook and people want to feel secure in their data. I believe their is a middle ground that exists, but it will take clear leadership to define and enforce that. I think discussion such as this are good for the industry.
Jim Starcev

Jim Starcev

April 9, 2019 — 7:00 PM
Brian: I don't have a pony in this game, I don't collect data that I use or sell. With that said it is naive to say clients own their data when they literally give their data away hundreds of times. Whenever you use your credit card, your cell phone, your email, your Alexa, when you shop on line, etc. etc. etc. you are giving away your data. It is hard then to come back and say well here I don't want to do that here and you need to pay me. It is just not going to happen. Our whole society and economy is changing on these lines and it is pervasive everywhere. And while there is a lot of bad, there is a lot of good that is coming out of that too. You need to stay in the lines (as Facebook really needs to figure out) which is why you need good leadership (thought and actual). But this issue is not going away and there are a lot of benefits to it if it can be managed correctly.
John D Rockefeller

John D Rockefeller

April 10, 2019 — 7:44 PM
Facebook + Amazon, and the buyers of their user data do not have to comport with fiduciary duty to end clients. Fintech platforms serving RIAs absolutely do. It's a level beyond those - to answer what is in the best interest of the client, surely it's not selling their data, even bundled up, even with safeguards.
Brooke Southall

Brooke Southall

April 9, 2019 — 7:37 PM
Jim and Brian, You really zeroed in on where the fault lines lie. What exactly does holding title to data look like and can data about individuals be completely de-individualized? Is erring in one direction or the other a net positive? Brooke
Brooke Southall

Brooke Southall

April 9, 2019 — 8:31 PM
Jim, On the lighter side, you brought us back around to the Theranos moment with the testing of your blood (or other bodily DNA farm), though presumably 23 and me has real results :) Brooke
Brian Murphy

Brian Murphy

April 9, 2019 — 8:31 PM
Jim...yes, I've been reviewing your 23 & me data. You're right, there's a lot that we can use there! All kidding aside - I can see both sides of the debate and have presented the one I'm most favorable towards, which is clients owning their data and explicitly providing access to that data to 3rd parties for specific uses. That said, there is a wide range of possible outcomes and already blockchain based technologies being developed to address just these types of issues. Ultimately it comes down to disclosure and allowing users to opt-out - even from having their data used in "de-individualized" data sets. How that gets sorted out monetarily is a separate item. So, in answer to Brooke's questions: Holding title will likely be handled by one or more blockchain technologies. User can probably tune what data is provided to whomever they'd like for whatever compensation they'd like. so I don't necessarily believe "the train has left the station". I'd say the train is in the station. I don't know whether individual client data can be effectively "de-individualized" but fear the risk isn't so much the de-individualized data, but theft of original data sets. Again, I can see both sides to the discussion and am just giving my opinions here.
Jeff Spears

Jeff Spears

April 10, 2019 — 12:25 PM
Seems like our Industry should take a similar approach to Facebook and ask for regulations. Unfortunately we might claim to be conflict free as a shield. We need clear regulations not grey ones we can hide in the gray.
Jim Starcev

Jim Starcev

April 10, 2019 — 2:11 PM
Brooke, I think we have given you a couple more article ideas. Brian. I don't think we are as far off as we seem. I actually agree the customers give lip service to wanting what you say. It sounds good. The problem is their actions speak differently. As another example, their is probably far more private data in our inbox than in our brokerage statement. There are email services that caterer to those saying they want their data private. For $20, $25 month you can have an account that doesn't scan your email, extract data and then sell it. Yet those services barely registered on number of accounts. Everyone says why should I pay that (very relatively small amount) when I can have gmail for free. If you push them, they will even say they like that their flights and hotels automatically get pushed to their calendar, that the system will auto fill the second half of their sentences (machine learning uses large datasets of anonymized data to "learn" to do this) and even don't mind that the ads are more customized to their needs if they have to have ads. Consumers say one think but act different. Where this presents a challenge to financial services is if we follow what they say, set up a system like you describe, they will say they like it. But then let's say Google rolls out a full service RIA, that uses data to all sorts of cool things, sells the data to pay for the service and then offers it for free to customers as long as they opt in(doesn't exist today, but is not that unrealistic). I promise you people would flock to it and then we would be scrambling to remove barriers that won't allow us to compete. That is the risk. Why it is better to have a well thought out plan that is somewhere in the middle, gives some protection of the data, but also some flexibility to use it they way everyone is using it.
John D Rockefeller

John D Rockefeller

April 11, 2019 — 9:21 PM
You bring up some interesting aburdities - where does fiduciary duty end? It's really about bad incentives and whose getting compensated. The real Theranos in financial services was Wells Fargo - and it was just about these perverse incentives creating a toxic climate based on hidden payouts. Age old story and we got there without without fintech even.

Submit your comments:

Register on Gravatar.com for your photo to be included.
(It’s fast and free, and your photo will also show on all of your existing comments.)

RIABiz Directory

The Industry Sourcebook for RIAs

   |    LISTING

RIABiz Directory sponsored by:

Directory Sponsor Logo