Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Hedge Fund Due Diligence

Four Signs It's Time to Break up with Your IT Provider

By Kaleigh Alessandro,
Thursday, October 16th, 2014

Broken HeartIn any relationship, when things are good, they’re usually pretty good. And when things are bad, sometimes they are really bad. There may come a point when you need to evaluate whether you’re still a good fit together.
 
Just like with a romantic relationship, your firm’s connection to a service provider (especially an infrastructure/cloud provider you rely on daily) should be strong enough to withstand a few hiccups and healthy enough to warrant open communication at all times. In some cases, it might be clear that you’re in a good place and moving forward together, but sometimes there are sure signs it’s time to call it quits.
 
Here are a few of those signs:

1. Your provider’s service levels are not up to snuff.

Maybe you recently experienced a major service outage or find that you not-so-conveniently have to work around confusing and interrupting maintenance schedules during work hours. You’re constantly frustrated and don’t feel like you are receiving the level of support that was agreed to – both verbally and as part of your Service Level Agreement (SLA).

Your SLA should clearly indicate the uptime standard (e.g. 99.995% availability) as well as repercussions to any breaches in the contract (for example, service credits) and associated RPOs if disaster recovery is involved

Categorized under: Cloud Computing  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Help Desk  Infrastructure  Communications  Outsourcing  Trends We're Seeing 



51 Hedge Fund IT Due Diligence Questions You Can Expect From Investors

By Mary Beth Hamilton,
Thursday, October 9th, 2014

On our recent Hedge Fund Marketing and Due Diligence webinar we looked at how the hedge fund investor due diligence process is evolving especially in terms of scrutiny on technology processes and security safeguards. 

The reality is that investors have a greater understanding of technology, are asking more probing questions and care about the responses they receive.  We’ve even heard investors say that deficiencies in IT infrastructure and security contributed to the decisions to redeem from or not invest in a fund.

So at Eze Castle Integration we regularly assist our hedge fund clients in completing the IT portions of investor due diligence questionnaires. The wording of questions varies but here is a handy list of 51 common IT due diligence questions we see.

Organization

  1. Provide an organization chart for the Company, its affiliates and key personnel.

  2. Provide the physical address and general contact information for each of the Company’s office locations.

  3. Provide the name and contact information of the Company employee(s) assigned to the client’s account(s).

  4. Provide a list of compliance personnel, their roles and qualifications, the date of his/her appointment and position within the Company’s organizational structure.

Categorized under: Hedge Fund Due Diligence  Launching A Hedge Fund  Cloud Computing  Disaster Recovery  Security  Hedge Fund Operations  Trends We're Seeing 



Hedge Fund Marketing and Due Diligence: A Webinar Recap

By Charlene Haddad,
Tuesday, October 7th, 2014

Stand Out from the CloudAs more and more firms compete for investor attention and allocations across the financial services industry, differentiation becomes a critical consideration. And the promise of positive returns is not always enough to secure investments in today's competitive marketplace. Now more than ever, investment firms must push the boundaries in an effort to impress and satisfy new and existing investors and emerge as premier firms. Two ways in which firms can deliver on this are through marketing and technology.
 
Last week, Eze Castle collaborated with Meyler Capital, a hedge fund marketing firm, to deliver a webinar on Hedge Fund Marketing Tips to Impress Investors and Raise Capital. Scroll down to watch the full replay or continue reading our brief recap.

Categorized under: Launching A Hedge Fund  Hedge Fund Due Diligence  Hedge Fund Operations 



Cybersecurity Remains at the Forefront for Hedge Funds, Investment Firms

By Kaleigh Alessandro,
Thursday, October 2nd, 2014

This article first appeared in Hedgeweek's September 2014 Special Report on Risk Management.Thinking About Security

Cyber security has quickly become a headline risk for hedge fund managers. On 15 April 2014, the SEC issued its Cyber-Security Risk Alert, a detailed 26-point questionnaire that aims to address various elements of a hedge fund’s technical and operational infrastructure to determine how vulnerable it is to cyber attacks and data theft.

This initiative is being driven by the SEC’s Office of Compliance Inspections and Examinations. It will assess 50 individual firms and based on its findings will draft a set of final guidelines for hedge funds to adhere to. This is essentially a way to address ‘technology risk’ and implement best practices through documentation in the form of a Written Information Security Policy (WISP).
 
According to Assured SKCG Inc, an insurance advisory firm, 37 per cent of security breaches between 2012 and 2013 affected financial organisations. Hedge funds are a high profile target. Establishing a WISP and becoming as data secure as possible is critical.
 
At Eze Castle Integration, the phones haven’t stopped ringing as clients look to address any gaps in their IT infrastructure and operational policies. 

Categorized under: Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Trends We're Seeing 



How the Financial Cloud Should Be Protected (A Presentation)

By Mary Beth Hamilton,
Tuesday, September 16th, 2014

Last week our SVP of client technology, Steve Schoener, presented at a hedge fund due diligence event on the topic of protections in the cloud.

Since cloud security and ensuring a hedge fund’s data is protected is such a hot topic we thought we’d share his presentation. In a nutshell, the presentation looks at the layers of security that should be built into a cloud environment, which includes deep and detailed practices around:

  1. Principle of Defense in Depth

  2. Principle of Least Privilege

  3. Audit & Logging

  4. Secure User Authentication Protocols & Encryption

Check out the complete presentation for more details:

Categorized under: Cloud Computing  Launching A Hedge Fund  Security  Hedge Fund Due Diligence  Infrastructure 



Assessing Your Firm's Attitude Toward Security: What's Your Type?

By Kaleigh Alessandro,
Thursday, August 21st, 2014

If there’s one thing we’ve learned over the years when it comes to security, it’s that there’s a whole lot more to creating a secure hedge fund (or any business for that matter) than robust technology. Before identifying infrastructure components and implementing operational policies, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis.Security
 
To give you a clearer understanding of what we mean, we’ve created three security profiles that cover a wide spectrum in terms of security attitudes and practices.

Under the Radar: Low Security

If you’re attitude toward security is low, odds are you’re barely scraping the surface in terms of what practices and policies you should be employing to maintain proper security firm-wide. You likely rely on quick fixes to solve problems instead of looking at the bigger picture and thinking strategically about how security can both benefit and protect your business. You’ve employed minimal preparedness efforts and could be in for a difficult task if faced with a serious security incident. You probably take a “it won’t happen to me” attitude and don’t take security seriously enough – a stance that could endanger your firm in the long term.

Categorized under: Security  Launching A Hedge Fund  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



Monetary Authority of Singapore (MAS): Technology Risk Management Guidelines Overview

By Kulvinder Gill,
Tuesday, August 5th, 2014

Monetary Authorirty of SingaporeThe last five years has seen an increase in reliance on technology among financial institutions. IT outsourcing has become more attractive to the financial services industry - but against the backdrop of increased reliance on complex IT systems and operations is the heightened risk of cyber-attacks and system disruptions.

In June 2013, the Monetary Authority of Singapore (MAS) issued the Technology Risk Management Guideline (TRMG), which addresses existing and emerging technology risks within financial institutions.   
 
The objective of the TRMG is for financial firms to establish a sound and robust technology risk management framework, strengthen system security, reliability, resiliency, recoverability and deploy strong authentication to protect customer data and systems.

In today’s blog article we will take a look at some of the key guidelines covered in the guide:

Categorized under: Hedge Fund Regulation  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure  Outsourcing  Business Continuity Planning 



Cloud Computing: The Growing Competitive Advantage for Hedge Funds

By Katie Sloane,
Thursday, July 31st, 2014

The competition amongst firms in the financial services industry is ever burgeoning, and in order to achieve differentiation, it is imperative for firms to create and maintain robust, manageable, scalable and reliable technology infrastructures. Increasingly, we’re seeing more than just emerging managers opting for a cloud solution and established hedge funds and alternative investment firms shifting gears from traditional on-premise IT infrastructures to cloud services.Why the Billion Dollar Club is going Cloud
 
If you missed our webinar yesterday on Why the Billion Dollar Club is Going Cloud, read our recap below or scroll down to watch the full webinar replay, featuring Eze Castle’s Managing Directors Bob Guilbert and Vinod Paul.

The Business Case for the Cloud: Why Established Firms are Making the Move

Across the industry, established firms that have been in business for several years are moving away from physical infrastructures and adopting the cloud. Traditionally, investment firms would allocate substantial capital budgets to build on-premise Communication (Comm.) Rooms. These cost-intensive infrastructures can take months to build out, and specific expenses can vary depending on a firm’s unique needs. For example, at minimum, investment firms require file services, email capabilities, mobility services and remote connectivity, as well as disaster recovery and compliance. Beyond those, many firms also require systems and applications such as order management systems (OMS), customer relationship management tools (CRM), and portfolio management or accounting packages.

Categorized under: Cloud Computing  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Trends We're Seeing  Videos And Infographics 



FATCA: What You Need to Know About Tax Compliance

By Kaleigh Alessandro,
Tuesday, July 29th, 2014

We’ve seen the face of the financial services industry change dramatically over the last few years, with emerging technologies, investor transparency demands and growing competition fueling firms to assess their operations and focus on the health and success of the overall business. But perhaps beyond any of these trends, the focus on industry regulations and compliance efforts may be the most significant in changing the way financial services firms do business.
 
FACTA and YouThis year alone, we’ve seen regulatory initiatives dominate headlines and leave firms scrambling to comply, notably the SEC’s cybersecurity guidelines released this spring and the official implementation of the Alternative Investment Managers Fund Directive (AIFMD), which went into effect last week. Also becoming official this month is the Foreign Account Tax Compliance Act, or FATCA, which requires U.S. persons to report financial accounts held outside of the United States and financial institutions (notably banks) to report foreign financial accounts and clients who hold foreign assets.

To identify non-compliance, the Internal Revenue Service is requiring financial institutions with foreign entities and foreign financial institutions (FFIs) to disclose information about U.S. clients with balances over $50,000. The law threatens a steep 30 percent withholding tax on payments for non-compliant FFIs.
 
There is also a significant cost for firms to implement compliance procedures and reporting standards to meet the legislative requirements of FATCA. It is reported that implementation costs average between $100,000 and $500,000 depending on firm size and are expected to amount to roughly $8 billion USD a year for financial institutions alone (not including costs to the private sector, IRS and foreign entities).

Categorized under: Hedge Fund Regulation  Hedge Fund Due Diligence  Hedge Fund Operations  Outsourcing  Trends We're Seeing 



What is a Security Vulnerability Assessment and How Does it Work?

By Kaleigh Alessandro,
Tuesday, July 1st, 2014

One of the first questions on the SEC’s cybersecurity questionnaire for financial firms asks firms to "indicate whether they conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences", and if so, who conducts them and how often. Clearly the goal behind this question is to ensure that firms are taking a proactive approach to security. But what exactly does this assessment entail?
 Cybersecurity Whitepaper
Here’s a quick overview.
 
The type of risk assessment typically associated with information technology/security is an external vulnerability assessment. Essentially, this is the process of identifying and categorizing vulnerabilities related to a system or infrastructure. Typical steps associated with a vulnerability scan or assessment include:

  • Identifying all appropriate systems, networks and infrastructures;

  • Scanning networks to assess susceptibility to external hacks and threats;

  • Classifying vulnerabilities based on severity; and

  • Making tactical recommendations around how to eliminate or remediate threats at all levels.

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Outsourcing  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts