A note on discretion: Why we don't name our clients
- Our clients are FINMA-regulated asset managers and family offices. Discretion is part of their business model, and therefore part of ours as well.
- This case study is based on real project experience from our work. Names, company details and key facts have been changed or combined.
- On request, and with our clients' consent, we are happy to arrange direct reference contacts in a personal conversation.
Client at a glance
Alpstein Wealth Partners is an independent, FINMA-licensed asset manager based in Zurich. A small, well-coordinated team serves high-net-worth private clients who expect a high standard of discretion and regulatory diligence.
- 8 employees
- FINMA-licensed, independent asset manager
- Based in Zurich
Starting point
At Alpstein Wealth Partners, IT worked, at least at first glance. Microsoft 365 was in use, a local IT generalist handled support, and when something got stuck, the COO stepped in on the side. «IT was the boss's problem, in the worst sense of the word,» says Marc Hublatt (name changed), Partner and COO. «It ended up on my desk, because it ended up nowhere else.»
The turning point came with the regular audit. The audit firm asked questions for which there were no documented answers: Who has access to which client data? When were permissions last reviewed? How is multi-factor authentication implemented, and why are there exceptions? «We could explain a lot verbally. But verbal explanations don't count with the regulator. What isn't documented doesn't exist.»
The subsequent analysis by Dinotronic confirmed the gut feeling: two orphaned accounts of former employees with active access to SharePoint, multi-factor authentication with legacy exceptions for senior management, uncontrolled external sharing from OneDrive, and a backup whose restore had never been tested.
The solution
Dinotronic migrated the organically grown environment into its Managed Workplace Service with integrated identity and information protection. Access is now governed by intelligent policies: only managed, encrypted and compliant devices can access client data, and every sign-in is checked for plausibility. Permissions were fully cleaned up and have since been recertified quarterly. The portfolio management system was left untouched, but was cleanly integrated into the access concept and the outsourcing inventory.
Yet the decisive part was not technical: «Dinotronic did not just install technology for us. They built an entire ecosystem. Every measure is documented, every decision is justified.», says COO Hublatt.
The results
- COO's IT workload reduced from an estimated one day per week to a few hours per month
- Most recent audit completed with no ICT-related findings
- Complete, audit-ready ICT and outsourcing dossier
- 24/7 monitored operations with clearly defined response times
Quote from COO Marc Hublatt
«What we bought from Dinotronic is not, strictly speaking, IT,» Hublatt concludes. «It is the certainty that we are audit-ready at all times. That lets me do my actual job.»
Marc Hublatt, Chief Operations Officer, Alpstein Wealth Partners AG
