Your client asked you to
liquidate their portfolio.
Did they?
Your business runs on trust built over years. A sophisticated attacker can exploit that trust in a single email — using your client's name, their language, and their relationship history. We intercept the threat long before it reaches your inbox.
A real pattern, in a typical week
"Your long-standing client emails at 9:12 on a Tuesday. They need to liquidate €380,000 from their portfolio — a tax matter, they explain, and could you please handle it promptly. You recognise the name, the tone, the writing style. You call the number you have on file to confirm. Your client answers. They say yes."
Except your client did not initiate the email. The attacker did — and had already contacted your client to coach them through the confirmation call. By the time the real story emerges, the funds are gone. Recovery is statistically unlikely.
What we hear from advisers
Three things you're right about —
that leave you exposed anyway.
None of these are mistakes. They are the natural pressures of running a client-first advisory practice. Each of them is also exactly what the attacker is counting on.
"My clients know me personally — they would never be fooled."
Modern attacks don't try to fool your client. They impersonate your client — using their language, their history with you, their normal urgency. The email your adviser opens is the one that was written specifically to pass your relationship test.
Familiarity is the attack surface, not the defence"We have a call-back procedure — we verify before we act."
A call-back to a known number stops standard impersonation. It does not stop coached-consent fraud — where the attacker has already contacted your client and prepared them for your call. The client confirms the fraudulent instruction themselves.
Call-backs defeat one attack type — not the most dangerous one"Our custodian has massive security — it's their responsibility."
The custodian protects the vault. But if you present a 'valid' instruction confirmed by your client, the custodian executes it. They can't see the fraud that happened in the adviser's inbox. The liability remains with the adviser who accepted the bad instruction.
The custodian protects the assets; we protect the instructionsThe attack you might
not know about.
Most wealth managers believe a call-back procedure is their final line of defense. In 2025, attackers are weaponizing that procedure against you.
Coached-consent fraud is a social engineering attack where the fraudster contacts the client before the adviser does, priming them with a plausible cover story.
"The attacker coaches the client to expect and confirm your call. When you dial their known number, your client genuinely confirms the fraudulent instruction themselves. The bank executes. The liability is yours."
The D-Day Pattern
Verify Liquidation
Suspect instructionContext: Urgent liquidation instruction
⚠ Social Engineering Alert
"Instruction matches high-risk pattern. Source domain is 18 days old. Potential coached-consent scenario detected. Intervene before calling client."
Neutralize the priming phase.
Preservers addresses this by intercepting the threat at the external perimeter before the attacker contacts the client, and by introducing a verification step that requires the client to describe the instruction unprompted — which a coached client cannot do.
Evidentiary Confidence
Regulator-Ready
Evidence Built-In.
Preservers produces evidence packs formatted for each applicable framework — ready for regulators or PI insurance underwriters on demand.
Client asset safeguarding
Evidence packs pre-formatted for MiFID II Article 16 reviews, documenting the 'adequate arrangements' your firm has in place to prevent the fraudulent use of client instructions.
Digital Operational Resilience Act
Major incident detection and reporting pre-populated within the DORA four-hour notification window. Structured specifically for wealth managers and boutique investment firms.
Documented outcome controls
Evidence that your firm has implemented proactive filters to protect clients from foreseeable harm, specifically addressing the high-risk instruction channel as required by the Duty.
Safeguards for US RIAs
Documentation of the administrative, technical, and physical safeguards your firm has implemented to protect non-public client information and prevent fraudulent access.
Operational Resilience
Evidence produced in German or French for Swiss asset managers, demonstrating the integrity of the client instruction channel as a key component of operational resilience.
Evidence for PI Insurers
Documented controls structured to support PI insurance renewals, proving your firm has eliminated the single highest source of professional liability claims in wealth management.
How Preservers helps
Three things happen —
before your adviser acts on a bad instruction.
We don't slow your firm down. We give you the one thing nothing else in your stack provides: early warning at the point of decision, with evidence that you acted correctly.
Predictive threat intelligence
We continuously monitor the external threat surface around your firm and your clients. We know about look-alike domains and impersonation infrastructure the day they are created — weeks before the first email arrives.
Autonomous interception
Protect your advisers with a real-time warning layer at the point of decision. Preservers understands the difference between a newsletter and a liquidation instruction, intervening only when the context warrants.
Regulator-ready evidence
Automated evidence packs for MiFID II, DORA, FCA Consumer Duty, SEC, and FINMA frameworks. Audit trails are built automatically — ready for regulators or PI insurance underwriters on demand.
What this means for your firm
<20 min
From signing to protected. No IT project. No DNS changes. No procurement.
Coached-consent
Stopped before the call happens. The attacker's social engineering is neutralized early.
Every client
Monitored individually. Their signatories, their history, their language — watched continuously.
1-click
Regulator & insurer evidence. MiFID, DORA, FCA, SEC — all formats on demand.
The details
Built for the way modern
advisory firms actually operate.
Designed for wealth management firms — partner-owners wearing multiple hats, lean advisory teams, and high-net-worth relationships that amplify every risk.
Multi-client tenant model
Your firm is the tenant. Each high-net-worth client is a sub-workspace with its own baseline patterns. Monitoring runs per-client; dashboards roll up to firm level.
Context-aware for wealth workflows
We understand the difference between a routine AP invoice, a liquidation instruction, and a payroll diversion attempt. Each gets a different response.
Frequently Asked Questions
Preservers intercepts fraudulent client instructions before funds are moved. It continuously monitors the external threat surface around your firm and your clients, detects impersonation attempts as they are being prepared, and places a verification layer on high-risk instruction emails. Every action is logged as regulator-ready evidence for MiFID II, DORA, FCA Consumer Duty, SEC, or FINMA frameworks.
Coached-consent fraud is a social engineering attack where the fraudster contacts the client before the adviser does, priming them with a plausible cover story so they confirm the instruction when the adviser calls to verify. Standard phone call-back procedures fail because the client genuinely confirms the fraudulent instruction. Preservers addresses this by intercepting the threat at the external perimeter before the attacker contacts the client, and by introducing a verification step that requires the client to describe the instruction unprompted — which a coached client cannot do.
Yes. Preservers produces evidence packs formatted for each applicable framework: MiFID II Article 16 client asset safeguarding, DORA major incident reports pre-populated within the four-hour notification window, FCA Consumer Duty evidence of adequate client outcome controls, SEC Regulation S-P safeguards documentation for US RIAs, and FINMA Circular 2023/1 operational resilience documentation in German or French.
Under twenty minutes. No IT project, no DNS changes, no procurement committee review, and no disruption to existing workflows. Designed for boutique firms without dedicated cybersecurity staff.
Wealth managers, Independent Financial Advisers, Registered Investment Advisers, External Asset Managers, multi-family offices, and boutique investment firms. Particularly effective for firms managing high-net-worth clients where a single fraudulent instruction would be materially damaging but an enterprise security program is disproportionate.
Yes. Preservers follows a data-minimisation-by-design principle — no email content is stored. Infrastructure is EU-hosted for European clients and US-hosted for North American clients. Zero Trust architecture, end-to-end encryption, and full Data Processing Agreements are standard.
Email security filters known malicious content and phishing patterns. It cannot detect a politely-worded instruction arriving from a legitimate-looking domain registered three weeks ago in your client's voice. Preservers is purpose-built for wealth management workflows — it understands the difference between a newsletter and a liquidation instruction, and intervenes only when the context warrants.
Protect your clients.
Neutralize Your Risks today.
Integration takes minutes, but protection lasts for years. Gain predictive intelligence and autonomous interception instantly.
MiFID II Article 16, DORA, and FCA Consumer Duty evidence pre-formatted for direct use.