Identified defects and their workarounds (where applicable) for our current version are listed below.
The quality of Panorama data is less that ideal, and this is seen by the number of reconciliation errors reported on portfolio holdings within Xplan.
Typically a refresh is requested from Panorama to resolve many of these issues, when an incident is lodge with Iress support. This is time consuming for both the adviser and Iress.
Workaround:
Without a refresh, you would need to resolve by manually editing or entering a transaction.
Action:
Iress has commenced a project with Panorama to obtain a refresh for any account that has a reconciliation issues (on unit balance).
As there are a significant number of accounts needing to be refreshed, Panorama have requested that we pause all other refresh requests (i.e. via Iress support) until this project is completed.
This may take several weeks to complete.
UPDATE 02 July 2024
Completion of Internal Investigation into unauthorised access incident. For a full client fact sheet please click here.
***
Iress confirms that it has completed its internal investigation and review of the unauthorised access to its GitHub user space. While validation of our investigation is ongoing, we are pleased with the progress.
As part of our commitment to being transparent and keeping clients updated on the progress of the investigation Iress sets out below its preliminary findings, methodology and next steps.
What the investigation involved
On 11 May 2024, security functionality connected with GitHub (GitGuardian), alerted Iress information security teams to unauthorised access of its user space. A note was discovered in the GitHub repository suggesting a threat actor had accessed Iress’ source code repository using a stolen user credential.
Iress immediately mobilised and deployed its global team of engineers, technology specialists and information security teams to investigate the extent and degree of access. As an immediate response, action was taken to prevent further unauthorised access and strict geo-location access permissions were put in place.
Iress has extensive logging from all of its systems and have been able to correlate those logs with detail held in GitHub along with the threat actor’s IP addresses obtained from both Iress’ defences and from an initial forensic sweep of both GitHub and user devices.
Iress has engaged leading third-party cyber experts to assist in its response. Iress has also engaged in transparent dialogue with regulators (including ASIC) to keep them abreast of the investigation. Out of an abundance of caution and given the public disclosures on the incident, Iress has also made an informal notification to the Office of Australia Information Commissioner but does not currently consider that there has been any eligible data breach.
What the investigation found
Iress’ internal investigations to date have found no evidence that Iress’ client production environments, software or client data have been compromised or subject to unauthorised access, other than a portion of the OneVue production environment (further detail below). There is no evidence of any ransomware, malware or unauthorised encryption on either the point of entry or in Iress systems.
All code within GitHub has been checked and the investigation shows no indications that there were any edits or changes made by the threat actor.
In respect of unauthorised access to the OneVue production environment, Iress’ internal investigations show that the access was limited to six small S3 buckets, which is only a portion of the OneVue production environment. These S3 buckets contained a total of 59.9MB of non-sensitive information of a technical nature such as test files, metadata and blank questionnaires. There is no evidence of software or systems being compromised and no unauthorised access to client data.
Iress has engaged with cyber security experts and national law enforcement agencies. We have credible intelligence to indicate that the threat actor is a lone actor. Iress is cooperating with law enforcement agencies.
Separately, we are aware that the threat actor has made statements on social media that it gained access to the AWS console and possessed several SSH keys. Iress has investigated those allegations and they are not substantiated by our investigations. Furthermore, the AWS screenshots that were produced belong to a user guide held within GitHub and the SSH keys referred to by the threat actor do not relate to any Iress or OneVue environments.
Next steps
Iress takes incidents of unauthorised access seriously. We understand the importance of validation and checking our findings, and this is what is currently being done. The findings so far are based on our internal investigation which are subject to ongoing assurance and validation. Iress will provide an update should new relevant information come to hand.
Crowdstrike, a third party cyber expert, is being engaged to undertake a review of the incident and provide a report that will be made available to clients when it is completed.
Out of an abundance of caution, we are continuing to reinforce our security controls by extending our Zero Trust solution to our AWS console and GitHub user space, and taking precautionary steps to rotate credentials where appropriate. Iress does not anticipate that these steps will cause any service disruption for clients.
Iress is providing this update to Centrepoint Alliance on a confidential basis pursuant to the confidentiality agreements contained in your services terms and conditions with Iress. We ask that you please ensure the confidentiality of this update as public disclosure of this information has the potential to impact law enforcement activities.
Please contact me should you have any questions or concerns.
Iress have made an ASX Announcement informing that on 11 May it "detected an unauthorised accessing of Iress’ user space on GitHUB", a third-party code repository platform which manages software code before it goes live in production on a separate platform.
Iress does not store client information on GitHUB.
Iress restricted access to GitHub immediately upon discovery and commenced a rapid investigation. There is no evidence that client data has been compromised as a result of this issue. There is also no evidence that Iress’ production or client software has been compromised.
Iress has now commenced a process of strengthening access and security protocols out of an abundance of caution.
They do not anticipate any disruption to use of their software and systems.
We are continuing to communicate with Iress on this issue to obtain additional information about the incident such as what was accessed and the nature of the access and will provide updates where necessary.
Iress has provided a fact sheet with frequently asked questions which we have included below.
Iress unauthorised access incident - Client Fact Sheet
Following recent changes in reporting standards and legislation, many Fund Managers have changed the data provided to Xplan which is distorting client Asset Allocation information in advice documents.
This will affect all Xplan users, not just CWT and Compass, and we along with other licensees are seeking a solution from IRESS to address this.
When producing advice documents in Xplan, some of these allocations are coming through with negative cash percentages or in other forms that disrupt the overall asset allocation of a client.
We wanted to make you aware of the issue and provide you with an overview document explaining why this may occur and how to address it with clients.
We will update you as soon as we have a further update from IRESS.
Resolved through an emergency patch on 2nd August 2023 tonight - Please contact support if you continue to experience any issues
Known Issue | Datafeed data not appearing in Client Focus/ Wealthsolver
Critical Known Issue | Core functionalities to IPS and Wealthsolver broken
We are aware of a number of site issues currently impacting Xplan as of the recent site update to version 23.7.280. These issues include;
Missing investments in the Client Focus 'Investment Options' tab for data fed accounts
System Errors when using Wealthsolver Quick Compare (Work around solution is to use Wealthsolver Scenarios)
System Errors when using Wealthsolver Model Portfolios
System Errors when using Portfolios - Target Sets
Iress have notified us that these issue will be resolved in Xplan Release 23.7.282.
The auto update of our site will occur this week following the release and provide a resolution to the issue.
We appreciate your understanding and are communicating our urgency to Iress for this to be resolved ASAP
2:03 PM 04/04/2023
There is a current known issue in Xplan where you will receive an "Unexpected server error occurred" message when accessing client Risk Profile.
This issue will be fixed in Xplan version 23.4.262 which has been released.
Sites will start to upgrade to this version if on auto-upgrade.
You can check your Xplan version by going to your username on the top-right hand corner > About Xplan.
Update 9:15 AM 12/04/2023
Iress have confirmed that this issue has now been resolved via the most recent site upgrade, please contact your respective site support if this issue persists.
We are currently experiencing an issue with documents not merging Xtools+ charts.
This issue is being investigated with high priority, we will provide an update shortly.
Please follow this section for more updates.
Update 13:14pm 29/03/2023
This issue has now been resolved.
We are currently experiencing system errors when trying grant access to Office365 Diary Sync.
Iress is currently aware of the issue and is looking at a fix.
Known Issue - Office 365 Diary Sync Issue
We will update this post as soon as possible.
Update:
The fix for the Diary Sync error will be released in Xplan version 23.3.259.1
You can check your Xplan version by going to your username on the top right-hand corner > About Xplan.
Recently deployed enhancements are listed below.
Iress has introduced a new Document Note Tagging feature, now live on CWT and Compass. This enhancement allows you to organise Client Notes with tags. Tags are optional and meant to complement, not replace, existing File Note Types and Subtypes.
To help you understand how to use this, please see the attached guide:
We’re pleased to announce the addition of a new Client Summary document to our Compass and CWT templates. Accessible under Client Menu > Merge Report > Category = 4000. Review the Client, the new report options are Client Snapshot (A3) and Client Snapshot (A4). These are also available via the quick merge option. This update responds to user feedback requesting simpler documents for engaging with clients both in-person and virtually. Thank you for your valuable feedback!
We have introduced a new optional Wizard for users as part of our Advice Suite. This is labelled in the Advice Wizard under the "1. Discover the Client" menu.
The purpose of this wizard is to provide an easy to complete document for prospective clients, allowing you to gain a deeper understanding of their financial situation and reasons for seeking advice.
Many advisers currently use similar forms in their advice process, and we aim to provide an option for those looking to implement this in their practice.
The Advice Technology Forum last month discussed some key enhancements, and we have started to roll out some of the changes.
We are releasing a new feature designed to enhance your Advice presentation. The Cashflow Summary table situated after the 'About You' section of the advice document, is an optional table allowing users to incorporate a concise cashflow summary derived from one of your Xtools+ scenarios.
The primary goal of this addition is to equip advisers with a powerful tool to offer clients a clear snapshot of their current cashflow projections within their existing financial landscape. Noteworthy is that this table is exclusively available in landscape format and remains optional for users to include, ensuring flexibility in document customisation.
This function will be available by the 24th May 2024.
EziDebit is now available. The template is now ready to be downloaded in the Invoice.
Please find below User Guide and FAQ and Tips/Tricks.
An email template has been created called Email to Client for EziDebit Invoice with Instructions to assist when sending out to clients.
Fillable Ezidebit DDR forms are also available.
Xplan has undergone significant upgrades in version 310, including:
Our advice wizards now automatically generate PDS links for over 4000 products, including TMDs. This enhancement is through a partnership with Morningstar so you will see changes in the URL printed in your merge result.
Users can now access IQ Portfolios construction text in our Xplan’s Advice Wizard. To add automated wording, navigate to the Portfolio Construct Text page. Additionally, efforts are underway to collaborate with Macquarie to make portfolios available in WealthSolver. For now, select "Other Listed Investments" and search for the keyword "IQ Portfolios" when choosing products.
WealthSolver's Quick Merge option now includes the option to "Save to Notes" as well. This enhancement streamlines efficiency, enabling users to seamlessly store and save supporting documents directly against the client's file notes, all in one swift process.
It's beginning to look a lot like Christmas,
Iress have added a shiny new File Note 'Pinning' feature. Now, you can easily highlight and keep your most important notes at the top, allowing users to prioritise and access key information quickly.
Additionally, the notes filter and File Notes Page interface have undergone thoughtful redesigns. These changes aim to improve the user experience, making it more intuitive and efficient.
Hopefully these updates will make your document management not just easier, but also a bit more merry.
Happy Holidays and Happy Productivity from all of us at the Advice Tech Team!
Discovery Fact Find Coming Soon to Xplan!
Get ready for a new and exciting addition to our suite of wizards! The Discovery Fact Find is on its way, bringing a simple short document that can be added to your advisory processes.
Once ready this Wizard can be found under Client>1000. Discover the Client
Xplan Updates
1. Enhanced Insurance Reports in Xplan
We've refreshed our existing merge templates, updating the styling and coding to harmonize with the new Xplan site. For Compass users, a set of new reports can now be found under *[Compass/CWT] - Reporting in merge reports, allowing you to generate them for your list of clients.
2. Streamlined Authority Processes
Standalone merges for both Authority to Collect Information and Authority for Information & Transfer of Servicing Rights are now available in Xplan. Access these merges under 1000. Discover the Client Merge Report Category.
3. August Advice Tech Forum
Our Advice Technology Forum for Xplan enhancements took place on August 31st. We want to express our gratitude to the CPAL community for their invaluable feedback over the past month. Stay tuned as we begin rolling out some of the changes you've requested in the coming weeks. Your input drives our improvements!
4. Needs Analysis Table Now Available in RoA Wizard
We have extended the Needs Analysis tables to the RoA Wizard. This is an additional option if you would like to include this and can be used in the RoA Wizard when you have chosen to incorporate a Risk Researcher scenario. Please note that this option is only available for Risk Researcher scenarios.
5. Improved Access: Financial Planning Concepts Link
We're implementing a practical update: Financial planning concepts will now include a link to the full library for client access. This enhancement ensures that users without digital copies can easily access the content, making the link visible to all.
6. Enhanced User Experience: Quick Nav
Now on All Xplan Client Focus Pages In response to user demand and feedback, we're extending the Quick Nav bar to all available pages within Xplan Client Focus. This enhancement aims to improve user experience by simplifying navigation between popular pages. Your feedback is highly appreciated as we continue to refine Xplan for our users.
7. Streamlined Merge Reports: Standardisation in Progress
We want to inform you about our ongoing effort to standardise Merge Reports in both Compass and CWT. Our focus is on creating consistent letter templates and reports while simplifying the labelling process. In the upcoming weeks, you'll notice more reports becoming available and some housekeeping for old legacy files, identified by prefixes *CWT in the report Category
Document Enhancement: Remuneration Indexing Options
Document Refinement: Improved Insurance Formatting
These changes are part of our ongoing commitment to elevate your advice documents, and your feedback is invaluable in driving these improvements forward.
Enhanced Reporting, new and updated templates
Streamlined Navigation: Quick Access Bar
Integration Advancements
What's Coming?
A design refresh for Xplan will be live from v23.6.274, the anticipated update window for Compass and CWT is Monday 26th June. This is an update to the styling for all screens to more closely match newer areas like Task Hub, Portfolio beta screens and Visualiser. This brings a more modern and consistent look and feel across Xplan. It has been a number of years since Iress had their last interface update and this change will help bring a more streamline experience to all the different sections of Xplan.
Below are some screen comparisons where the left page is the new interface:
Dashboard
Assets
Scenario
Time Critical and AML Risk Assessment Wizard are now available to help users generate the documents via Xplan.
This release is in line with the release of the new licensee standards.
General Wizard Updates
SoA/RoA Updates
Review Builder
Other
As you are aware, we released new templates last year. Since then, we have been gathering enhancement and change requests from advisers. These requests have been considered and agreed upon by the Adviser Technology Forum.
You may notice sections of the wizards moving around on Friday, 14 April 2023, as we commence updating the system for the changes to be live on Monday, 17 April 2023.
Fact Find
SOA/ROA
Review Builder
Due to popular demand and feedback we have added the ability to include/exclude the Your Investment Portfolio Assets section.
Please note: The Standard Options will not include the Your investment portfolio asset section.
Additionally, an adviser preference option will also be available so that you can use the adviser's pre selected inclusions.