Catch the misdirected email before it leaves.

Misdirected email is one of the largest sources of client-data loss in wealth management. Alcova reads each outbound message and what it carries at the point of send, and challenges the risky ones before they leave, without slowing the legitimate ones down.

A controls walkthrough for your compliance and IT teams.

Outlook Your CRM Checked at send · in real time
What the message carries, seen at send
Outbound draft Screening

Hi Margaret Chen, confirming your rollover is underway. Your TFN 123 456 789, account 4471 0093 5520 and date of birth 04/09/1961 are on file. Paperwork for the Chen Family SMSF is attached.

Wealth-tuned model
  • Name
  • TFN
  • Account number
  • Date of birth
  • SMSF
0 caught and flagged

Illustrative. PII caught and flagged before the draft can leave.

The risk reality

Client data rarely leaves with a bang. It leaves by routine.

Misdirected email is one of the most common ways client data leaves a firm. It is rarely dramatic, and that is exactly what makes it hard to catch.

The wrong recipient

Autocomplete fills in a name that looks right and isn’t.

The wrong attachment

The email is fine, the file attached belongs to another client.

The wrong thread

A reply carries an old conversation into a new one.

A firm-level breach figure is held for sign off.

The challenge at send

The risky send gets a second look.

Alcova works at the point of send, the only moment a misdirected email can still be stopped, and it only interrupts when there is genuine risk. A clean send goes straight through; the adviser never sees it.

New message · Outlook
To Jordan Henderson
Subject Q2 portfolio review
Henderson_Portfolio.pdf
Send
Real-time, not retrospective

Caught at send, not flagged next quarter.

Most data-loss tooling tells you a breach happened after the fact. By then the client data has already left the firm.

Retrospective DLP
Told after the fact

The alert arrives in a report or a review, once the email has already gone. The data is out, and the work is forensic.

Real-time prevention
Stopped before it leaves

The check runs in the moment, before the message leaves Outlook. Advisers stay fast; compliance stays informed. Prevention, not a post-mortem.

Two integrations, zero workflow change

It runs where the work already happens.

It needs two connections: a Microsoft Outlook add-in for the send, and your CRM, whether that is Salesforce, Microsoft Dynamics, or an internal system, for the firm’s client context. Advisers keep working in Outlook exactly as they do now, and nothing changes in their day until a send needs a second look.

  • Outlook add-in, deployed across the adviser desktop.
  • Your CRM, read for the client context it already holds.
  • A challenge at send, only when there is genuine risk.
Microsoft Outlook the send
Your CRM client context
Alcova at the point of send
Clean send passes straight through
Risky send is challenged, before it leaves

Illustrative. Two connections, the control plane, the outcome. Not the mechanism.

Clear bounds

It acts on the message in front of it.

Alcova checks the outgoing message at the point of send, and only then. It does not sit in the mailbox reading old mail, and email content is never used to train an AI.

Where it acts, and where it does not
Checks the outgoing message, at send
Does not read the mailbox or its history
Never trains an AI on email content
Evidence and audit

Every check, on the record.

Every check Alcova runs is recorded. When a regulator or an internal review asks how email risk is managed, the answer is documented, with the evidence attached.

Compliance record Export · for audit
Send checked, cleared on record
Challenge raised, recipient corrected on record
Challenge raised, sent anyway with a reason on record

The control and its audit trail. Not adviser-behaviour reporting.

A useful side effect

It leaves your CRM cleaner than it found it.

Because Alcova reads the client context your firm already maintains to do its job, it also surfaces the inconsistencies in it. Firms using the tool have found data-hygiene issues that were otherwise invisible to their operations team.

Surfaced in passing
A client mapped to two advisers
A relationship that no longer exists
Flagged for the ops team to fix
More than email

Email risk is one control. Operator runs the rest.

Email Risk Protection is one capability of the Alcova control plane, the layer that sits between your firm’s systems and frontier AI. The same care applies to documents, records, and the support work behind advice. See Operator, or read how the pieces fit together on How it works.

Vendor-risk questions

The questions a review asks first.

Does Alcova read all our email?

No. It checks each email as it is sent. It does not sit in your mailbox or scan your history; it acts on the message in front of it.

Does it slow advisers down?

No. The check runs in real time and only interrupts when there is genuine risk. A clean send goes straight through; the adviser never sees it.

Which systems does it work with?

A Microsoft Outlook add-in for email, and your CRM, whether that is Salesforce, Microsoft Dynamics, or an internal system, for client context.

Will advisers have to change how they work?

No. They keep working in Outlook as they do now. There is no new app, and nothing changes until a send needs a second look.

Where does our data go?

Your data stays in Australia, encrypted in transit and at rest, and email content is never used to train an AI. More detail is on Security.

Is it certified?

SOC 2 Type II. The report is available through our Trust Centre.

Email Risk Protection

See it run on your systems.

The fastest way to understand the control is to watch it work. We will take your compliance and IT teams through what Alcova checks, what it logs, and how it fits your stack.

Request a walkthrough