Eze Castle Integration Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Hedge Fund Due Diligence RSS

Five Black Friday/Cyber Monday IT Security Scams to Be Aware Of

By Katelyn Orrok,
Tuesday, November 22nd, 2016

As we prepare our turkeys for Thanksgiving and retail stores of all shapes and sizes prepare their inventory for Black Friday and Cyber Monday sales, cyber criminals are preparing their attacks. Your inboxes are likely already flooded with the newest and most popular deals for this holiday season, but while we all prepare to shop til we drop, it is important to practice safe computing practices while you are out-of-office and in the stores.
 
Here are some popular scams to watch out for this holiday shopping season:

Phishing emails

Phishing emails pose one of the biggest threats to shoppers during the holiday season. Cyber criminals may be spoofing retailer emails with blowout deals on the best toys for your family, and one click on a spoofed email could result in malware or a virus installed on your computer. Another email spoof could appear to be from one of your freqently visited retail sites and ask you to enter personal information to either confirm a purchase or verify payment. To avoid handing your sensitive information over to hackers, be sure to check the sender and any links in emails before opening or taking action on any suspicious emails.

Phishing Texts

Email isn't the only way hackers can spread the season's "hottest deals". Another new scam being used to gather banking and payment information is phishing texts. Your phone will receive a fake text message asking to verify a payment due to irregular activity. The text will provide you with a number to call and secure your account. Once you call this number you will be asked to verify your home address and social security number for identification. Amidst the flurry of your Black Friday or Cyber Monday shopping spree, you could get tripped up and provide a hacker with all of the information that he/she needs to steal your identity, access your financials or worse.

Categorized under: Security  Hedge Fund Due Diligence  Communications  Trends We're Seeing 



Five Ways to Impress Hedge Fund Investors at Your Next Due Diligence Meeting

By Kaleigh Alessandro,
Thursday, November 17th, 2016

Operational due diligence meetings have become impactful moments for hedge funds to impress both current and potential investors. Firms have the ability to answer questions, alleviate fears and market themselves in a one-on-one setting that affords more opportunity than a completed due diligence questionnaire and an up-to-date performance sheet.
 
But how can today’s hedge funds truly set themselves apart and impress investors during these ODD meetings? Here are five ways:

1. Demonstrate your knowledge of and commitment to regulatory compliance.

Increasing regulatory oversight of investment firms has been a consistent trend over the course of the last few years, and it can be a challenge for hedge funds to keep abreast of changing legislation and regulator expectations. Disclosure and reporting requirements under the Investment Advisers Act of 1940, record-keeping requirements under the Dodd-Frank Act, and growing cybersecurity recommendations as part of the SEC’s ongoing inquiry are just a few of the initiatives to keep track of. But demonstrating to investors that your firm has knowledge of these regulations and takes them seriously will serve you well.
 
Whether your firm is compliant to the SEC, FINRA, NFA, CFTC, FCA – phew! – or another regulatory body, it’s imperative that you take the time to fully understand your firm’s legislative requirements and, in writing, show investors your level of preparedness. For example, if you’re a registered investment adviser with the SEC, are you aware of the proposed rule that would require firms to implement business continuity and transition plans? Have you compiled a document that outlines the SEC’s 28 points identified in its cybersecurity risk alert? Coming to your next investor due diligence meetings with this knowledge and the appropriate documentation will demonstrate that you take regulatory compliance seriously and are equipped to comply with the necessary requirements facing your organization. 

Categorized under: Hedge Fund Due Diligence  Security  Disaster Recovery  Hedge Fund Operations  Hedge Fund Regulation  Trends We're Seeing 



Hedge Fund Risk Management: Establishing Controls and Governance (Video)

By Katelyn Orrok,
Tuesday, October 25th, 2016

To wrap up and round out our 6-week Risk Outlook Webinar Series, we spoke with John Cotronis, Executive Director at JP Morgan, about hedge fund risk management and governance. Specifically, he addressed the following questions:

  • What have you observed in recent years in terms of changes affecting hedge funds – particularly at the startup phase?

  • Have you noticed a marked shift in the importance managers are placing on risk?

  • Do the firms you typically engage with have staff on hand to manage risk – compliance officers, etc.?

  • In terms of corporate governance, where do you see investment firms excelling when it comes to implementing risk management controls and also fostering a culture of risk management across the firm?

  • Let’s talk a little bit about counterparty risk. What kind of criteria are you looking for that indicates to you a provider has the right risk management framework and best practice structure to support your clients?

  • A lot has gotten tougher for firms, particularly on the investment side with capital raising, also with regulatory reporting, etc. What areas of operations do you think have gotten easier for hedge funds over the years?

  • What is your assessment of outsourcing risk – is it higher or lower than managing various functions in-house?

Categorized under: Hedge Fund Operations  Cloud Computing  Security  Hedge Fund Due Diligence  Hedge Fund Regulation  Outsourcing  Trends We're Seeing  Videos And Infographics 



Regulatory Risk for Investment Advisers: Guidance, Enforcement and Compliance

By Katelyn Orrok,
Tuesday, October 18th, 2016

As our Risk Outlook Series continues, we recently spoke with John Araneo, Partner at Cole-Frieman & Mallon LLP in New York, about many of the regulatory risks facing hedge funds today, including compliance, expense allocations and cybersecurity. Continue reading for a brief synopsis or scroll down to watch our webinar replay below. 

How would you describe the current regulatory climate for fund managers and investment advisers?

For hedge fund managers and investment advisers, the regulatory expectations have never been higher. Looking ahead to 2017, managers and advisers should expect the challenge of having to navigate potentially seismic regulatory changes - each of which has the potential to complicate business practices and add to the cost and complexity of compliance.

How should clients prepare to react to these changes?

It’s a top-down approach that all comes down to compliance. A culture of compliance is no longer a lofty goal or a cliché; it is now a regulatory expectation. There needs to be a robust compliance program, actual implementation, and accountability. Clients should be prepared and able to effectively manage the SEC examinations. Managers need to take time to understand regulatory priorities and expectations before an exam.

What is the current regulatory regime's appetite for outsourcing the compliance function?

There is no requirement for firms to employ a full-time person to service compliance. However, the worries about outsourcing certain functions, particularly the compliance officer function, may lead to weakened compliance culture. The opportunity of outsourcing creates a gap between the compliance function and the operations, decision makers and day-to-day activities. Outsourcing can be effective and sufficient, but management needs to resist setting it and forgetting it.

Categorized under: Hedge Fund Regulation  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Trends We're Seeing  Videos And Infographics 



Addressing Hedge Fund Audit Risk: Insights from KPMG

By Katelyn Orrok,
Thursday, October 13th, 2016

Categorized under: Hedge Fund Operations  Hedge Fund Due Diligence  Hedge Fund Regulation  Outsourcing 



Six Questions to Ask About Your Investment Firm's Cybersecurity Risk

By Katelyn Orrok,
Tuesday, September 27th, 2016

During Part 2 of our Risk Outlook Webinar Series we spoke with Eze Castle Integration Director Dan Long about how investment firms should address evolving cybersecurity risks, third party service provider oversight and employee training and education. Many of the points Dan addressed highlight questions hedge funds and private equity firms should be asking themselves.

Read on or scroll to the bottom to watch the full, 30-minute replay.

What is our commitment to cybersecurity and what is our outlook on the future?

Regulators and investors continue to ask more questions about cybersecurity because they want to know that firms are effectively mitigating risk. To meet these growing expectations, firms must demonstrate that you take cybersecurity risk seriously and have implemented sound systems, policies and procedures to combat those risks. As the threat landscape and technology continue to evolve, investment management firms need to evolve accordingly and develop better ways to counteract threats. Firms don’t necessarily need to implement every available security technology, but they should be keenly aware of their options and have a plan to effectively mitigate as much risk as possible.

How are we addressing third party risk and oversight?

Investment management firms often rely on third party vendors to obtain functionality or capabilities that they need, want or can’t afford to produce on their own. But moving functions out of the firm's control can present challenges. With any outsourced function, the firm inherently takes on additional risks at the hands of the third party. But it's critical for investment managers to limit those risks through sufficient due diligence. To combat vendor risk, financial firms need to maintain strict oversight of all third party relationships and investigate security practices and protocols, particularly for those vendors who have access to the firm's confidential information. An outsourced vendor should be providing the same level of security (or better!) as your firm would if the function was under in-house control.

Categorized under: Security  Private Equity  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Outsourcing  Business Continuity Planning  Videos And Infographics 



The Hedge Fund COO’s Perspective on Risk

By Kaleigh Alessandro,
Tuesday, September 20th, 2016

Risk. Across the financial services industry, it’s a buzzword right now, and rightfully so. Perpetuated by mounting regulatory change, growing cybersecurity threats and a challenging market climate, the focus on risk is one that grows with each passing day.
 
As such, we are hosting a 6-week webinar series, Risk Outlook, wherein we’re interviewing industry experts on a host of risk-related topics. To kick off the series, last week we interviewed Mark Strachan, chief operating officer and compliance officer for BBL Commodities, a New York hedge fund. Read on for a recap of my conversation with Mark or scroll to the bottom to watch the webinar replay.
 
Question (Q): The last 5-10 years have been challenging for the investment management industry, looking back to the 2008 financial crisis as well as with increasing regulatory initiatives and changes across the investor due diligence process. How have your views on risk and the risk landscape evolved during this time? Or have they evolved?
 
Mark Strachan (MS): I think they’ve certainly evolved. The core features of non-investment risk – such as operational, counterparty, regulatory, security and business risk – have been constant, but they have evolved in terms of their complexity, our experiences with them, the tools available to help mitigate exposure and the focus by investors through their due diligence process.

Categorized under: Trends We're Seeing  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Outsourcing  Videos And Infographics 



What Investment Advisers Need to Know About the SEC Proposed Business Continuity and Transitions Plan Rule

By Katie Sloane,
Thursday, September 15th, 2016

The Securities and Exchange Commission (SEC) recently proposed Rule 206(4)-4, which would require investment advisors to enact business continuity plans (BCPs) and transition or succession plans. This rule would aid advisers in maintaining the continuity of services in the occurrence of a business disruption.

If you missed it, our recent webinar with featuring our Director of BCP Lisa Smith and speakers from Arthur Bell CPAs examines internal, external and transition-related risks to business continuity, mitigation strategy best practices and points highlighted by the SEC within the rule.

Rather watch a video? Scroll down and listen to the full webinar replay.

Potential Risks to Business Operations

The SEC stresses that investment advisers need to assess not only external threats, but also internal threats to accurately ascertain their own risk from a holistic standpoint. This evaluation is critical to identifying the risk impact to specific capabilities and operations, as well as, how they will affect the firm’s employees, clients and third parties. Advisers should take a proactive and organized approach to creating risk mitigation programs for employee activity, as well as, required systems (e.g. email and Internet). Risk mitigation programs should include documentation of processes, segregation of responsibilities, critical tools (think cross-training), etc.

Categorized under: Hedge Fund Regulation  Hedge Fund Due Diligence  Hedge Fund Operations  Business Continuity Planning 



Thriving in the Hedge Fund Startup Market: Three Considerations for Emerging Managers

By Katie Sloane,
Tuesday, August 23rd, 2016

It’s no surprise that starting a hedge fund is no easy feat. In an increasingly competitive landscape challenged with evolving investor and regulatory demands, progressive technology and mounting cyber threats, emerging managers can become overwhelmed at the winding path that lay before them. Still, hundreds of emerging managers attempt launching every year due to the prospective monetary and fundamental rewards.

What sets apart successful startups from those that fail? In today’s post we will cover a few essential areas startupreneurs should consider during their launch journey.

Invest in People

Your greatest assets walk out of the door every day: Your team. Every hedge fund startup is backed by people, and the more dynamic and versatile this team is, the greater chance the firm has of achieving and sustaining a successful future. Why? Since capital is limited during the development phase, selecting people with skill sets in multiple arears is essential. Additionally, employees are ambassadors for your firm, and thus, critical to attracting investors.

Categorized under: Launching A Hedge Fund  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Outsourcing 



How Cyber Security Vulnerability Assessments Work for Investment Advisers

By Kaleigh Alessandro,
Tuesday, August 16th, 2016

The SEC and other financial regulatory bodies have increased transparency demands with regard to cybersecurity in recent years, and as such, registered investment advisers face a long list of requirements to meet on the technology and operational front. In each of its cybersecurity guidance updates, the SEC has called out the need for hedge funds and private equity firms to "indicate whether they conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences", and if so, who conducts them and how often. 

Risk and vulnerability assessments have not only become must-haves for financial firms due to these regulatory initiatives, but also as a result of growing investor calls for transparency. Side note: If you missed the news, Eze Castle Integration has expanded its cybersecurity consulting services to deliver comprehensive vulnerability assessments (as well as penetration testing and third party due diligence audits) across both internal and external networks. Click here to read more about Eze Vulnerability Assessments

We field a lot of questions about what exactly a security vulnerability assessment is, so we thought it best to review what such a test entails.
 
Here’s a quick overview.
 
The type of risk assessment typically associated with information technology/security is an external vulnerability assessment. Essentially, this is the process of identifying and categorizing vulnerabilities related to a system or infrastructure. Typical steps associated with a vulnerability scan or assessment include:

  • Identifying all appropriate systems, networks and infrastructures;

  • Scanning networks to assess susceptibility to external hacks and threats;

  • Classifying vulnerabilities based on severity; and

  • Making tactical recommendations around how to eliminate or remediate threats at all levels.

Categorized under: Security  Cloud Computing  Disaster Recovery  Private Equity  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Outsourcing  Infrastructure  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts