Traditionally, hedge funds and private equity firms have allocated significant capital budgets to build out their own sophisticated Communication (Comm.) Rooms, which can take months to provision and bring online. With servers to buy and install, software to license and configure, and voice/networks to deploy – not to mention recruiting, hiring, and managing expensive and hard-to-find IT talent – it’s no wonder cloud solutions have emerged as the dominant choice for computing infrastructures at investment firms large and small.
Not surprisingly, many investment management firms – including those with well-established in-house infrastructures – are making the move to the cloud for a number of compelling reasons, most notably these five:
Timing. Understanding when the right time to move to the cloud might be is a smart first step. There are three typical inflection points: when you’re adding new applications, moving or opening a new office, or in need of an IT refresh. But even if you’re not under any of those circumstances, there are a lot of motivating factors (keep reading).
Cost Containment. You may not always be able to reduce the cost of IT in the long-run with the cloud (depends on your firm’s size and scope), but you will have a predictable budget to work with, which means you can contain costs and create greater predictability and smoother, linear cash flows. As an added bonus, you can better allocate funds to other strategic projects and areas more directly relevant to the business mission. Even within the IT discipline, instead of spending time on mundane, daily operation of commodity IT resources, the firm can focus on proprietary application development, application integration, cyber security protections or other strategic initiatives.
Last week, we shared some important questions to include in hedge fund technology RFPs, focusing on Staffing, Client Service Model and User Support. In today’s article, let’s dive back into the RFP process, and look at some questions on Business Continuity & Disaster Recovery Plans, Backup & Retention of Information, Data Security and Intrusion Detection & Incident Response.
Business Continuity & Disaster Recovery Plans
Does your company have a written policy and program in place for business continuity and disaster recovery?
Have your company’s policies and programs for business continuity and disaster recovery been fully implemented? If not fully implemented, please discuss those areas in detail and explain any plans to address them.
They say the more things change, the more they stay the same. Turns out it’s a pretty accurate assessment of the hedge fund industry then and now.
You see, back in 2011 we hosted a “State of the Hedge Fund Industry” event that yielded some interesting trends and perspectives, and we thought it might be fun to not only look back at those trends, but compare them to what we’re seeing in today’s industry – more than five years later.
Like I said: the more things change, the more they stay the same.
Hedge Fund Market Trends & Challenges
THEN (2011): It’s been an interesting year thus far for hedge funds and other alternative investment firms, as inflows have been high but performance low. In addition to performance challenges, hedge funds continue to deal with increased competition for investments, and thus asset-raising remains a hurdle for many funds – regardless of their size or strategy.
It’s time to take another close look at the results of our 2016 Private Equity CTO Survey, this time with a careful eye on how private equity firms are leveraging outsourcing and cloud services.
Private equity outsourcing is growing in popularity – and we discussed many of the reasons why at length in a September webinar which you can listen to here. Our survey findings tell us that the average private equity firm is outsourcing about 30 percent of IT, with of course, some firms outsourcing less frequently and some outsourcing more.
On the whole, most firms are leveraging outsourced third party providers for between 20 and 40 percent of their IT functions. Firms managing less than $100M in assets are the most likely to outsource greater portions of their IT services, likely given their lack of internal staff and resources.
Overall, firms’ propensity to manage technology via in-house resources, outsourced providers or contract work is expected to stay consistent in 2017, as evidenced by the graph below.
As you probably recall, our 2016 Private Equity CTO Survey – which we released at the end of November – highlights key IT priorities and investment areas driving private equity firms in 2017. And while we shared some high-level findings at the outset, we’d like to take the opportunity to dig a little deeper into some of the survey results over the next two weeks. Since the survey itself covered four primary areas, our next four Hedge IT articles will examine each of these areas independently and highlight some of the most interesting and thought-provoking findings.
To kick us off, let’s start by taking a look at some critical business priorities for private equity firms in 2017.
Drivers for Private Equity IT Investments
We all know and appreciate how technology can impact our day-to-day operations. For private equity firms, advances in technology have enabled their businesses to become more efficient and drive growth across the entire organization.
When asked to identify the top drivers impacting IT spend in the next 12 months, survey respondents highlighted the need for increased protection against growing cybersecurity threats, a desire to improve the investor/client experience, and the goal of improving efficiencies by refreshing outdated or legacy technology.
The best New Year resolutions are the ones you can stick with. So here are our three simple technology resolutions for 2017 which you can use in your personal and professional life.
Resolve to Change Your Passwords, Make them Unique
Passwords are the keys to your virtual kingdom so treat them as such. These days having a password is not enough. Users must have complex passwords that incorporate letters, numbers and symbols and that change often. Here are some other password tips:
Substitute letters for numbers and use phrases to remember and create unique passwords. For example, “I love Gmail” can become “!l0v@gm@!l” – something you’ll remember but is hard for someone to guess.
Avoid using personal information in your password that may be easy for someone to figure out. Things to avoid include your name, address, date of birth, pet’s name and children’s names.
Don’t use the same password for all your accounts – switch it up. For example, you can use the same word but change it up by capitalizing different letters or substituting letters for numbers.
Be sure to change your password often. We recommend changing a password every 30-90 days. Many of our clients already have automated procedures in place to enforce this policy.
Check Your Social Media Privacy Settings & Be Social Aware
The rise of social networking online has reduced privacy expectations across the globe. We must be more aware of the automaticity of our behaviors and tendency to trust sites while browsing the web. In this tug-of-war between security and connectivity, users can regain control of their personal information. Instead of dispensing reams of sensitive data, choose to keep what’s private, private. Adopting an alert awareness while interacting on social platforms and thinking twice before your next “like” could go a long way.
Happy New Year! Seeing how the calendar now reads January (we're still in denial, too) and there are a number of weather systems being monitored across the US, we thought it might be best to kick off the year here on Hedge IT with some helpful weather-related business continuity tips.
Here are eight to keep in mind as the next winter storm approaches.
1. Determine how/where your employees will work in the event of a winter weather scenario.
Some firms opt to identify a secondary work site, but in the event of a widespread or regional event, you may find that location is inaccessible also. You should also consider if transportation is/will be impacted by the weather. If road conditions are bad or public transportation is shut down, employees will have to remain home.
If your firm supports remote access capabilities, ensure employees are prepared with the necessary infrastructure, workload expectations and communication tools.
2017 is already shaping up to be an interesting year. With a new presidential administration taking office and the hedge fund industry coming off the heels of a challenging year, there’s a lot to keep an eye on. We recently hosted a panel with law firm Morgan Lewis to discuss these and many other topics as part of our “2017 Outlook for Hedge Funds: Risk, Regulation and Technology” event.
Read on for some of our panel’s key takeaways.
2017 Regulatory Outlook
While little is known about how a Trump presidency will operate, there could be potential tax savings for managers depending on how the administration chooses to regulate Wall Street.
Firms should expect to see reforms with the Dodd-Frank Act and the Volcker Rule, which could add more competition into the marketplace if limits on bank investments are adjusted.
SEC Focus Areas
Top six areas of focus for the Securities & Exchange Commission will likely be: (1) expenses and fees, (2) trade allocation, (3) material non-public personal information, (4) valuation processes, (5) operating partners and due diligence, and (6) security, privacy, insider trading and business continuity.
Cybersecurity is not necessarily part of every SEC examination, however, the bar will continue to be raised in terms of preparations firms will need to employ.
In 2016, the SEC provided additional guidance on business continuity and transition plan requirements, highlighting the need for hedge fund and financial firms to maintain their fiduciary responsibility to their clients and investors.
Operational due diligence meetings have become impactful moments for hedge funds to impress both current and potential investors. Firms have the ability to answer questions, alleviate fears and market themselves in a one-on-one setting that affords more opportunity than a completed due diligence questionnaire and an up-to-date performance sheet.
But how can today’s hedge funds truly set themselves apart and impress investors during these ODD meetings? Here are five ways:
1. Demonstrate your knowledge of and commitment to regulatory compliance.
Increasing regulatory oversight of investment firms has been a consistent trend over the course of the last few years, and it can be a challenge for hedge funds to keep abreast of changing legislation and regulator expectations. Disclosure and reporting requirements under the Investment Advisers Act of 1940, record-keeping requirements under the Dodd-Frank Act, and growing cybersecurity recommendations as part of the SEC’s ongoing inquiry are just a few of the initiatives to keep track of. But demonstrating to investors that your firm has knowledge of these regulations and takes them seriously will serve you well.
Whether your firm is compliant to the SEC, FINRA, NFA, CFTC, FCA – phew! – or another regulatory body, it’s imperative that you take the time to fully understand your firm’s legislative requirements and, in writing, show investors your level of preparedness. For example, if you’re a registered investment adviser with the SEC, are you aware of the proposed rule that would require firms to implement business continuity and transition plans? Have you compiled a document that outlines the SEC’s 28 points identified in its cybersecurity risk alert? Coming to your next investor due diligence meetings with this knowledge and the appropriate documentation will demonstrate that you take regulatory compliance seriously and are equipped to comply with the necessary requirements facing your organization.
With October being cybersecurity awareness month it is an important time to ensure your firm and employees are aware of and using best practices, and security policies and procedures. Risk mitigation is needed to protect both the firm and its employees from savvy hackers and attacks. Data breaches continue to wreak havoc on businesses, and the cost is continuously rising. According to the Ponemon Institute, the total average cost of a data breach is now $4 million, up from $3.8 million in 2015. Hackers have everything to gain while your firm bears reputational and operational harm.
While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. To get started here are just a few pieces of advice we offer our investment firm clients and remember to not only inform employees on what to do, but also what not to do.