Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Hedge Fund Regulation

Assessing Your Firm's Attitude Toward Security: What's Your Type?

By Kaleigh Alessandro,
Thursday, August 21st, 2014

If there’s one thing we’ve learned over the years when it comes to security, it’s that there’s a whole lot more to creating a secure hedge fund (or any business for that matter) than robust technology. Before identifying infrastructure components and implementing operational policies, a firm must first be clear on what its attitude is toward security. This attitude will filter through the company from the top down, and will therefore dictate how employees and the business as a whole operate on a daily basis.Security
 
To give you a clearer understanding of what we mean, we’ve created three security profiles that cover a wide spectrum in terms of security attitudes and practices.

Under the Radar: Low Security

If you’re attitude toward security is low, odds are you’re barely scraping the surface in terms of what practices and policies you should be employing to maintain proper security firm-wide. You likely rely on quick fixes to solve problems instead of looking at the bigger picture and thinking strategically about how security can both benefit and protect your business. You’ve employed minimal preparedness efforts and could be in for a difficult task if faced with a serious security incident. You probably take a “it won’t happen to me” attitude and don’t take security seriously enough – a stance that could endanger your firm in the long term.

Categorized under: Security  Launching A Hedge Fund  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



FCA to Financial Services Firms: Social Media Promotions Require #Ad Compliance

By Kaleigh Alessandro,
Thursday, August 7th, 2014

Hedge fund marketing and advertising has greatly evolved in the past few years, both with regulatory changes taking effect (in the US, the JOBS Act now allows public advertising) and new forms of media emerging, particularly social platforms such as Twitter, Facebook, LinkedIn and YouTube.Social Media Apps
 
In the UK this week, the Financial Conduct Authority (FCA) took steps to further regulate how financial services firms market to consumers by launching guidance consultation on social media usage. As evidenced by FCA Director of Supervision Clive Adamson, the consultation is intended to ensure financial promotions on social media platforms protect consumers and are disseminated in a way that fairly balances both benefits and risks.
 
“The FCA sees positive benefits from using social media but there has to be an element of compliance. Primarily, what firms do on social media must ensure customers are at the heart of their business. Our overall approach is that financial promotions, whether on social media or traditional media, should be fair, clear and not misleading. We have had extensive industry engagement on this issue and we believe our guidance is a sensible approach that doesn’t affect industry’s ability to innovate using new forms of media. We recognise social media are constantly evolving. We, therefore, welcome feedback to [the] consultation and look forward to continuing the discussion with industry."

Categorized under: Hedge Fund Regulation  Security  Hedge Fund Operations  Communications  Trends We're Seeing 



Monetary Authority of Singapore (MAS): Technology Risk Management Guidelines Overview

By Kulvinder Gill,
Tuesday, August 5th, 2014

Monetary Authorirty of SingaporeThe last five years has seen an increase in reliance on technology among financial institutions. IT outsourcing has become more attractive to the financial services industry - but against the backdrop of increased reliance on complex IT systems and operations is the heightened risk of cyber-attacks and system disruptions.

In June 2013, the Monetary Authority of Singapore (MAS) issued the Technology Risk Management Guideline (TRMG), which addresses existing and emerging technology risks within financial institutions.   
 
The objective of the TRMG is for financial firms to establish a sound and robust technology risk management framework, strengthen system security, reliability, resiliency, recoverability and deploy strong authentication to protect customer data and systems.

In today’s blog article we will take a look at some of the key guidelines covered in the guide:

Categorized under: Hedge Fund Regulation  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Infrastructure  Outsourcing  Business Continuity Planning 



Cloud Computing: The Growing Competitive Advantage for Hedge Funds

By Katie Sloane,
Thursday, July 31st, 2014

The competition amongst firms in the financial services industry is ever burgeoning, and in order to achieve differentiation, it is imperative for firms to create and maintain robust, manageable, scalable and reliable technology infrastructures. Increasingly, we’re seeing more than just emerging managers opting for a cloud solution and established hedge funds and alternative investment firms shifting gears from traditional on-premise IT infrastructures to cloud services.Why the Billion Dollar Club is going Cloud
 
If you missed our webinar yesterday on Why the Billion Dollar Club is Going Cloud, read our recap below or scroll down to watch the full webinar replay, featuring Eze Castle’s Managing Directors Bob Guilbert and Vinod Paul.

The Business Case for the Cloud: Why Established Firms are Making the Move

Across the industry, established firms that have been in business for several years are moving away from physical infrastructures and adopting the cloud. Traditionally, investment firms would allocate substantial capital budgets to build on-premise Communication (Comm.) Rooms. These cost-intensive infrastructures can take months to build out, and specific expenses can vary depending on a firm’s unique needs. For example, at minimum, investment firms require file services, email capabilities, mobility services and remote connectivity, as well as disaster recovery and compliance. Beyond those, many firms also require systems and applications such as order management systems (OMS), customer relationship management tools (CRM), and portfolio management or accounting packages.

Categorized under: Cloud Computing  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Trends We're Seeing  Videos And Infographics 



FATCA: What You Need to Know About Tax Compliance

By Kaleigh Alessandro,
Tuesday, July 29th, 2014

We’ve seen the face of the financial services industry change dramatically over the last few years, with emerging technologies, investor transparency demands and growing competition fueling firms to assess their operations and focus on the health and success of the overall business. But perhaps beyond any of these trends, the focus on industry regulations and compliance efforts may be the most significant in changing the way financial services firms do business.
 
FACTA and YouThis year alone, we’ve seen regulatory initiatives dominate headlines and leave firms scrambling to comply, notably the SEC’s cybersecurity guidelines released this spring and the official implementation of the Alternative Investment Managers Fund Directive (AIFMD), which went into effect last week. Also becoming official this month is the Foreign Account Tax Compliance Act, or FATCA, which requires U.S. persons to report financial accounts held outside of the United States and financial institutions (notably banks) to report foreign financial accounts and clients who hold foreign assets.

To identify non-compliance, the Internal Revenue Service is requiring financial institutions with foreign entities and foreign financial institutions (FFIs) to disclose information about U.S. clients with balances over $50,000. The law threatens a steep 30 percent withholding tax on payments for non-compliant FFIs.
 
There is also a significant cost for firms to implement compliance procedures and reporting standards to meet the legislative requirements of FATCA. It is reported that implementation costs average between $100,000 and $500,000 depending on firm size and are expected to amount to roughly $8 billion USD a year for financial institutions alone (not including costs to the private sector, IRS and foreign entities).

Categorized under: Hedge Fund Regulation  Hedge Fund Due Diligence  Hedge Fund Operations  Outsourcing  Trends We're Seeing 



Data Destruction Basics: Why Deleting Your Hedge Fund Data Isn't Enough

By Kaleigh Alessandro,
Thursday, July 24th, 2014

Destroyed Hard DriveYour hedge fund's information security plan likely includes details on where information is stored, how it is accessed and who it is accessible to. But a critical component of this plan often overlooked is how and why data is destroyed when it is no longer needed. Including data destruction procedures in your WISP or as a separate document is vital to ensuring your firm’s sensitive data and intellectual property does not fall into the hands of the wrong people. Unfortunately, in today’s technology-driven, cyber-aware environment, simply hitting the delete key is not enough.
 
There are a few different scenarios that warrant secure data destruction maneuvers:

Your methods and policies for secure destruction may vary according to the above scenarios, or they may be standard across the firm. Your hedge fund should also consider if there are any regulatory implications. Do you need to maintain/archive data for a prescribed period of time in order to comply with state, federal or other compliance or auditing standards?
 
In any case, you’ll want to consider a variety of methods in the beginning to ensure your firm’s confidential data (e.g. investment portfolio, investor contact information, etc.) is thoroughly destroyed, preventing unwanted breaches or thefts.

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Trends We're Seeing 



What is a Security Vulnerability Assessment and How Does it Work?

By Kaleigh Alessandro,
Tuesday, July 1st, 2014

One of the first questions on the SEC’s cybersecurity questionnaire for financial firms asks firms to "indicate whether they conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences", and if so, who conducts them and how often. Clearly the goal behind this question is to ensure that firms are taking a proactive approach to security. But what exactly does this assessment entail?
 Cybersecurity Whitepaper
Here’s a quick overview.
 
The type of risk assessment typically associated with information technology/security is an external vulnerability assessment. Essentially, this is the process of identifying and categorizing vulnerabilities related to a system or infrastructure. Typical steps associated with a vulnerability scan or assessment include:

  • Identifying all appropriate systems, networks and infrastructures;

  • Scanning networks to assess susceptibility to external hacks and threats;

  • Classifying vulnerabilities based on severity; and

  • Making tactical recommendations around how to eliminate or remediate threats at all levels.

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Outsourcing  Trends We're Seeing 



Tips for Tackling Your Financial Firm's Cybersecurity To-Do List

By Kaleigh Alessandro,
Thursday, June 26th, 2014

Cybersecurity WhitepaperWe continue to speak with clients and prospects on a regular basis on the topic of cybersecurity, and with the expectation that the SEC will start security exams sometime around September, it’s evident that firms are working diligently to answer the questionnaire and shore up internal practices.
 
To continue fostering education around this topic, we hosted two events last week dedicated to cybersecurity for hedge funds and investment firms. For your convenience, you can read a brief recap of some of the key topics discussed or scroll down to watch our full webinar replay.

Cybersecurity a Hot Topic on State & Federal Level

By now, we all know the SEC has taken steps to assure that hedge funds and investment advisers put security mechanisms and practices in place to protect against cyber threats. SEC Commissioner Luis Aguilar said there is “substantial risk that a cyber-attack could cause significant and wide-ranging market disruptions and investor harm.” Even beyond the federal level, some states are chiming in on the cybersecurity front. Earlier this month, Massachusetts and Illinois acknowledged that they were polling investment advisers about their security practices, and that based on responses, state regulations could be impacted.

Categorized under: Launching A Hedge Fund  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



What Happens to Your Firm's IT Team When You Go Cloud?

By Kaleigh Alessandro,
Tuesday, June 10th, 2014

hedge fund staffingAs your firm evaluates moving to the cloud – as most firms today will inevitably do – your list of priorities will likely include:

  1. Regulatory and investor impact

  2. Migration plans and operational effects

  3. Hardware disposal and infrastructure changes

But another critical business area your firm should put some thought into is the effect of the cloud movement on your internal IT department (assuming you have one). What exactly happens to a firm’s IT team once it moves operations into a cloud environment? Is there still value in maintaining an in-house staff?
 
The simple answer is ‘yes,’ but the day-to-day responsibilities for those staffers may not look quite the same post-cloud. With a fully managed service provider, everyday management is typically taken care of – leaving internal resources with a lot more time on their hands. But that doesn’t mean there’s no longer a need for an IT department.

Categorized under: Cloud Computing  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Outsourcing  Trends We're Seeing 



Hedge Fund Transformation, Part 2: Cloud, Communication & Control

By Kaleigh Alessandro,
Thursday, June 5th, 2014

Hedge Fund OutsourcingIn Part 1 of our Transformation of IT seminar recap, we shared what our expert panel discussed relative to evaluating outsourced solutions and leveraging technology solutions. Our panel included Vinod Paul, Managing Director, and Steve Schoener, Vice President, at Eze Castle Integration, John Budzyna, Managing Director, and Dave Messier, Director, at KPMG, Timothy Ng, Managing Principal at Clearbrook Global Services, Jon Anderson, Global Head of OTC Derivatives at SS&C GlobeOp and Sheldon Rubin, COO/CFO/CCO at S Squared Technology LLC.
 
Read on to see what our speakers had to say about the considerations for outsourcing, typical transformation challenges and more. You can also read Part 1 of the event recap or listen to the complete audio replay.

Q: Whether it's technology, compliance or another area of the business, firms ultimately need to decide if they are going to manage these areas internally or outsource to an expert vendor. How does a hedge fund determine what is the right solution for them and whether to outsource or maintain their own systems and operations?

  • When considering internal operations vs. outsourcing, a firm must determine which option gives it the most control over the given process. The firm is not only considering outsourcing technology but also outsourcing control.

Categorized under: Hedge Fund Operations  Launching A Hedge Fund  Cloud Computing  Hedge Fund Regulation  Communications  Outsourcing  Trends We're Seeing 



View earlier posts in the archive

Recent Posts / All Posts