It's time for another Tech Tip video! Today, we have five security practices your investment firm should not overlook. Watch and learn!
This article was written by Bob Guilbert, Managing Director, and first appeared in Hedgeweek's 2016 Guide to Setting Up an Alternative Investment Fund in the USA.
You're a new fund manager, and somewhere on your task list the letters "IT" are probably followed by a question mark. Odds are, you don't have a technology background, so as your firm's Chief Operating/Financial/Compliance Officer (or in some cases, Portfolio Manager), the sudden responsibility you've undertaken as your firm's de facto IT Manager is intimidating at best.
The good news is, as a startup, your IT options are pretty clear. In 2016, there's no better technology decision a new firm can make than selecting a cloud platform – an infrastructure that has proven benefits including scalability, flexibility and robust security, among others. And while the thought of hosting IT offsite was once a worry for allocators, today's investors find comfort in knowing hedge fund and alternative investment firms are focusing on their investment priorities and leaving the technology decisions to the experts.
From our perspective, the cloud is now a tried and tested infrastructure environment that is acceptable to the institutional investor community. They have become very thorough in their operational due diligence process, understanding exactly what cloud providers provide from an operational, management and security perspective. This has allowed managers to become much more comfortable at appointing a cloud provider to deliver an infrastructure that will perform well in any type of trading environment.
Where managers need to spend their time is deciding on the best cloud provider to work with, as opposed to thinking about whether or not they should use a cloud provider in the first place.
And how exactly do emerging fund managers embark on that decision-making process?
Whether you are preparing to launch a new hedge fund, considering expanding your established firm to another geographical location, or simply interested in relocating to a new space, there are a few important real estate options to consider, including commercial space, subleases, and hedge fund hotels. Today, we will delve deeper into one of these primary options, hedge fund hotels (also known as “managed suites” or “executive suites”) to analyze the benefits of this type of real estate.
You’re about to embark on a business trip or drift away with the waves and a margarita or two on an overdue vacation. To let your clients, partners, colleagues, and the like know that you won’t be able to respond to their emails, you create an out-of-office message.
The typical auto-reply includes a brief explanation of why the recipient is out of the office, an approximate date of return and who the sender can alternatively contact. You may also list your chain of command and if you manage multiple departments, perhaps include the names and contact information for each division. Although this may appear innocuous to the untrained eye, those who are well-versed in information security, or simply read the latest cybersecurity headlines, would immediately cringe at the various red flags.
Let’s examine the probable scenarios that could transpire upon the auto-reply’s launch.
Physical Security Threat
Auto-replies that disclose travel details pose a physical threat as they provide criminals or intruders with the recipient’s whereabouts. Regardless of whether location is provided, one can link travel dates to a popular industry trade show. Criminals may gather this information from other resources, such as a company’s posts and images shared across social networks (e.g. Twitter, Facebook).
The financial services industry is currently under tremendous pressure to meet both investor and due diligence requirements. Thus, it is increasingly important to maximize technology to meet these pressures. To conclude our six-part hedge fund launch webinar series, we spoke with Eze Castle Integration’s own managing director Vinod Paul, who shared insights about current IT challenges and demands and how today’s hedge funds can employ best practices for operational excellence.
Key Priorities for New Managers
Paul defined cybersecurity and scalability as two primary technology considerations for new managers. You must first understand your firm’s specific vulnerabilities and exposures. One of the most common mistakes new launches make, according to Paul, is assuming that they only require the basic bare minimum in terms of technology. He urges new managers to pick an IT solution with operational growth in mind -- considering the business not at the onset, but in three to five years.
Service Provider Selection Criteria
Paul continued to place emphasis on customized IT, stating that when it comes to outsourcing, it is imperative that a firm carries out proper due diligence in choosing a provider to meet the firm’s unique needs. “You want enter into a true partnership that offers open lines of communication, flexibility, and ultimately, trust and accountability,” he said. Brand and reputation, long lasting relationships with clients, and industry experience are some of criteria Paul feels are most important when selecting a service provider. “Don’t step in to it with the attitude that a current provider is good enough, for right now,” he cautioned. The service provider should not only address day-to-day operations but also anticipate potential problems down the road.
To help emerging hedge fund managers we are running a 6-week Hedge Fund Launch Webinar Series. This week we were joined by Frank Napolitani, Director, Financial Services at EisnerAmper. During the 30-minute interview, Frank shared insights on the benefits of outsourcing to service providers as well as advice on how to conduct proper due diligence on front, middle, and back office operations.
The Learning Curve
“There is a learning curve to get your hands around what it takes to run a business,” Frank began. Often, he said, a portfolio manager that has left a larger hedge fund complex or investment bank knows perfectly how to run a book, but has little knowledge about how to run a business. The smartest managers, Frank said, are the ones who “sit back, listen, and consult a number of different service providers in the space before moving forward.”
He went on to note that the operational due diligence (ODD) industry has grown dramatically post-Madoff. While a manager’s pedigree, investment process, and performance used to take precedence, it is now front, middle, and back office operations plus legal compliance that are most important.
Frank warned: “Keep everything up to date.” Sophisticated investors will follow up quarterly, twice a year, or annually. Because they collaborate with many ODD teams, research teams will immediately have a feel for what is right and what is wrong with a manager from a front, middle, and back office perspective. “They won’t waste too much time on someone they won’t seriously invest in,” Frank concluded.
For any new investment startup, the task list is lengthy. Beyond investment priorities and strategy decisions, new managers are also grappling with securing office space, ordering technology, engaging with service providers, and much more. One aspect often overlooked is human resources. To kick off our Hedge Fund Launch Webinar Series, we invited Maya Cohen, Senior Vice President at TriNet, to share HR priorities for startup hedge fund managers.
Human Resources Challenges for Investment Startups
HR can pose a challenge to any new business owner. If you’re venturing out from a larger institution, you’re used to relying on a large HR department to meet your needs and answer your questions. Now, as the employer for the first time, you’re expected to fill that role seamlessly. You’ll soon be faced with situations unfamiliar to you: creating initial offer letters, negotiating healthcare costs, and dealing with employee terminations. You’ll need to think about the type of work environment you want to foster. Will it be casual or formal? Will you offer rich benefits to employees? How will you handle payroll questions? These are just a sample of the decisions you’ll need to make as you start your hedge fund.
The information below was originally derived from the expert panelists who spoke at a 2010 Eze Castle Integration event. Given how important this topic is we’ve updated the article to reflect today’s market.
The subject of hedge fund operational due diligence is one that has risen to the forefront for both hedge fund managers and investors in recent years. Prior to the economic downfall in 2008 and high-profile investment scandals made infamous by Bernard Madoff and others, hedge fund due diligence was viewed as an unnecessary assignment.
Historically, there has been a general lack of transparency within the hedge fund industry; larger funds, particularly, used to balk at investor inquiries. They figured there would never be a shortage of investors, so there wasn't a need to spend extra time satisfying their needs.
Due diligence, as a process, did not gain significant importance until recently. in the past, the responsibilities associated with it would often fall under the role of a CFO, CCO or other executive – someone who had very little time to devote specifically to due diligence. But as the industry has evolved over the last several years, so has the need and desire for operational due diligence.
So what exactly has changed?
Did you hear the story of the Central Bank of Bangladesh that lost $81 million to hackers? It happened in February 2016 and goes like this. The bank believes hackers executed a hack that allowed $81 million to be taken from the bank’s foreign exchange account at the Federal Reserve Bank of New York. It appears that the initial point of entry for the hackers was a spear-phishing email, potentially sent weeks before the fraud took place, which allowed the criminals time to remotely monitor and probe the bank’s networks without detection.
This is just the latest advanced threat facing financial organizations. Beyond cyber technology (which is essential), organizations need an internal culture of security, an ongoing, organization-wide commitment to defining and adhering to careful, thoughtful policies that reduce or eliminate “people vulnerabilities” through assessments, awareness, and education.
We recently published a Four Step Guide to Creating a Culture of Security. Here are some highlights – you can read the full paper HERE.
1. Create a Computer Incident Response Team
Your first step is to find the right people who can oversee your information-security policies and be part of a “Computer Incident Response Team.” Although IT professionals are responsible for overseeing and maintaining your computing infrastructure, you also need business users to play a central role in your security initiatives.
After all, they’re the ones who use these resources – and the ones who can represent the biggest vulnerabilities and risks. While the team’s responsibilities can vary, many CIRTs are active in several key areas:
Create a Plan
Create Training Programs
Respond to Incidents
Communicate with Peers/Industry Groups
Successfully launching a hedge fund is a complex endeavor. Not only must emerging managers evaluate traditional deployment strategies, but consider current factors influencing the financial landscape.
Last week, Eze Castle Integration presented a webinar, “How to Launch a Hedge Fund,” featuring an expert panel that addressed some critical areas for consideration, notably capital introduction, legal and technology. There was quite a bit of content discussed during the 1-hour event, so we’ve pulled out some key takeaways.
Capital Raising (Paul Schultz, Director of Capital Introduction, Wells Fargo Prime Services)
Examine both content and context, i.e. cash inflows and outflows as well as the “big picture” that accounts for volatility
Be aware of the kinds of investors coming into the hedge fund space. Large and institutional pension plans are currently the largest investor base.
Be prepared when speaking to investors. Target those who have a history of being receptive to founder share class and who may offer lower management and performance fees.
Show investors that you have a 3+ year budget for working capital without any performance fees.
Have a well thought-out blueprint. Clarity and intention make all the difference.
Categorized under: Launching A Hedge Fund Cloud Computing Security Disaster Recovery Hedge Fund Due Diligence Hedge Fund Operations Hedge Fund Regulation Infrastructure Communications Outsourcing Business Continuity Planning Trends We're Seeing Videos And Infographics