Eze Castle Integration

Hedge IT Blog

> Subscribe to Blog Entries about Hedge Fund Regulation

Data Destruction Basics: Why Deleting Your Hedge Fund Data Isn't Enough

By Kaleigh Alessandro,
Thursday, July 24th, 2014

Destroyed Hard DriveYour hedge fund's information security plan likely includes details on where information is stored, how it is accessed and who it is accessible to. But a critical component of this plan often overlooked is how and why data is destroyed when it is no longer needed. Including data destruction procedures in your WISP or as a separate document is vital to ensuring your firm’s sensitive data and intellectual property does not fall into the hands of the wrong people. Unfortunately, in today’s technology-driven, cyber-aware environment, simply hitting the delete key is not enough.
 
There are a few different scenarios that warrant secure data destruction maneuvers:

Your methods and policies for secure destruction may vary according to the above scenarios, or they may be standard across the firm. Your hedge fund should also consider if there are any regulatory implications. Do you need to maintain/archive data for a prescribed period of time in order to comply with state, federal or other compliance or auditing standards?
 
In any case, you’ll want to consider a variety of methods in the beginning to ensure your firm’s confidential data (e.g. investment portfolio, investor contact information, etc.) is thoroughly destroyed, preventing unwanted breaches or thefts.

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Trends We're Seeing 



What is a Security Vulnerability Assessment and How Does it Work?

By Kaleigh Alessandro,
Tuesday, July 1st, 2014

One of the first questions on the SEC’s cybersecurity questionnaire for financial firms asks firms to "indicate whether they conduct periodic risk assessments to identify cybersecurity threats, vulnerabilities and potential business consequences", and if so, who conducts them and how often. Clearly the goal behind this question is to ensure that firms are taking a proactive approach to security. But what exactly does this assessment entail?
 Cybersecurity Whitepaper
Here’s a quick overview.
 
The type of risk assessment typically associated with information technology/security is an external vulnerability assessment. Essentially, this is the process of identifying and categorizing vulnerabilities related to a system or infrastructure. Typical steps associated with a vulnerability scan or assessment include:

  • Identifying all appropriate systems, networks and infrastructures;

  • Scanning networks to assess susceptibility to external hacks and threats;

  • Classifying vulnerabilities based on severity; and

  • Making tactical recommendations around how to eliminate or remediate threats at all levels.

Categorized under: Security  Cloud Computing  Disaster Recovery  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Outsourcing  Trends We're Seeing 



Tips for Tackling Your Financial Firm's Cybersecurity To-Do List

By Kaleigh Alessandro,
Thursday, June 26th, 2014

Cybersecurity WhitepaperWe continue to speak with clients and prospects on a regular basis on the topic of cybersecurity, and with the expectation that the SEC will start security exams sometime around September, it’s evident that firms are working diligently to answer the questionnaire and shore up internal practices.
 
To continue fostering education around this topic, we hosted two events last week dedicated to cybersecurity for hedge funds and investment firms. For your convenience, you can read a brief recap of some of the key topics discussed or scroll down to watch our full webinar replay.

Cybersecurity a Hot Topic on State & Federal Level

By now, we all know the SEC has taken steps to assure that hedge funds and investment advisers put security mechanisms and practices in place to protect against cyber threats. SEC Commissioner Luis Aguilar said there is “substantial risk that a cyber-attack could cause significant and wide-ranging market disruptions and investor harm.” Even beyond the federal level, some states are chiming in on the cybersecurity front. Earlier this month, Massachusetts and Illinois acknowledged that they were polling investment advisers about their security practices, and that based on responses, state regulations could be impacted.

Categorized under: Launching A Hedge Fund  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing  Business Continuity Planning  Trends We're Seeing  Videos And Infographics 



What Happens to Your Firm's IT Team When You Go Cloud?

By Kaleigh Alessandro,
Tuesday, June 10th, 2014

hedge fund staffingAs your firm evaluates moving to the cloud – as most firms today will inevitably do – your list of priorities will likely include:

  1. Regulatory and investor impact

  2. Migration plans and operational effects

  3. Hardware disposal and infrastructure changes

But another critical business area your firm should put some thought into is the effect of the cloud movement on your internal IT department (assuming you have one). What exactly happens to a firm’s IT team once it moves operations into a cloud environment? Is there still value in maintaining an in-house staff?
 
The simple answer is ‘yes,’ but the day-to-day responsibilities for those staffers may not look quite the same post-cloud. With a fully managed service provider, everyday management is typically taken care of – leaving internal resources with a lot more time on their hands. But that doesn’t mean there’s no longer a need for an IT department.

Categorized under: Cloud Computing  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Outsourcing  Trends We're Seeing 



Hedge Fund Transformation, Part 2: Cloud, Communication & Control

By Kaleigh Alessandro,
Thursday, June 5th, 2014

Hedge Fund OutsourcingIn Part 1 of our Transformation of IT seminar recap, we shared what our expert panel discussed relative to evaluating outsourced solutions and leveraging technology solutions. Our panel included Vinod Paul, Managing Director, and Steve Schoener, Vice President, at Eze Castle Integration, John Budzyna, Managing Director, and Dave Messier, Director, at KPMG, Timothy Ng, Managing Principal at Clearbrook Global Services, Jon Anderson, Global Head of OTC Derivatives at SS&C GlobeOp and Sheldon Rubin, COO/CFO/CCO at S Squared Technology LLC.
 
Read on to see what our speakers had to say about the considerations for outsourcing, typical transformation challenges and more. You can also read Part 1 of the event recap or listen to the complete audio replay.

Q: Whether it's technology, compliance or another area of the business, firms ultimately need to decide if they are going to manage these areas internally or outsource to an expert vendor. How does a hedge fund determine what is the right solution for them and whether to outsource or maintain their own systems and operations?

  • When considering internal operations vs. outsourcing, a firm must determine which option gives it the most control over the given process. The firm is not only considering outsourcing technology but also outsourcing control.

Categorized under: Hedge Fund Operations  Launching A Hedge Fund  Cloud Computing  Hedge Fund Regulation  Communications  Outsourcing  Trends We're Seeing 



Financial Conduct Authority's Dear CEO Letter: UK Cloud Summit Recap, Part 2

By Kulvinder Gill,
Tuesday, May 20th, 2014

We’re back for Part Two of our UK Cloud Summit seminar recap. Last week on Hedge IT, we explored connecting to the cloud. In today's article, we will dive into the most talked about UK regulation: the Financial Conduct Authority’s (FCA) Dear CEO letter. We will cover how the letter affects IT outsourcing and the steps firms can take to mitigate service provider risk and adhere to the Dear CEO letter guidance.
 FCA
The “Dear CEO” letter was issued in December 2012 to all UK asset managers and expressed concern about the endemic outsourcing risk in the sector, particular around asset managers having effective business continuity plans (BCP) and exit strategies in place with their service providers in the event of service provider failure.

Since the letter was issued, the FCA has asked firms to demonstrate they have a clear handle on what they outsource and why, a full understanding of the potential impacts of failure, and contingency plans that are viable, robust, and realistic.

Categorized under: Security  Hedge Fund Regulation 



The Transformation of IT and Hedge Fund Operations

By Kaleigh Alessandro,
Thursday, May 1st, 2014

Regulatory oversight, competition for assets and investor due diligence concerns have left investment management firms with more pressure than ever to succeed. And technology innovations like the cloud have turned the traditional hedge fund operations model on its head. The questions remain: how do fund managers evolve in 2014 and meet the increasing demands of the financial services industry? And how do firms compete with the incoming crop of new launches that continue to emerge and vie for investor allocations?
 
The following presentation takes a closer look at these key transformations within the hedge fund industry and examines the shift firms are making from traditional, on-premise IT infrastructures to cloud-based platforms. It also highlights managed disaster recovery services and offers best practices for security in the cloud.

Take a look, and if you can, join us in New York on Tuesday, May 6 as a panel of experts discusses these topics and more at our Transformation seminar.

Categorized under: Trends We're Seeing  Cloud Computing  Disaster Recovery  Security  Hedge Fund Due Diligence  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Communications  Outsourcing 



SEC Outlines Cybersecurity Questions, Sets Magic Number at 50 Firms

By Mary Beth Hamilton,
Tuesday, April 22nd, 2014

SEC cybersecurity examThe SEC last week provided even more clarity into its growing focus on cybersecurity at broker dealers and registered investment advisers. A key takeaway in a Risk Alert issued on April 15, 2014, is that the Office of Compliance Inspections and Examinations (OCIE) will be conducting examinations of more than 50 registered broker-dealers and registered investment advisers, focusing on areas related to cybersecurity.

In order to help compliance professionals prepare and assess their firms’ responsive cybersecurity preparedness, OCIE has created a sample cybersecurity request document that outlines the types of questions firms can expect. OCIE is good to point out that these questions should not be considered all inclusive of the information that OCIE may request. OCIE will alter its request for information as it considers the specific circumstances presented by each firm’s particular systems or information technology environment.

You can find the Risk Alert and questions HERE.

Categorized under: Security  Hedge Fund Operations  Hedge Fund Regulation  Trends We're Seeing 



A Public Reminder on the Private Cloud Debate

By Kaleigh Alessandro,
Tuesday, March 25th, 2014

Earlier this week, it was reported that Nasdaq was reconsidering its Amazon-based cloud product, FinQloud. According to the Financial Times, FinQloud has failed to gain significant traction in the marketplace amongst financial services firms including broker-dealers and exchanges. If Nasdaq pulls out of the deal with Amazon Web Services (AWS), it would be a major disappointment to Amazon, who is actively pitching AWS to large financial institutions and enterprises.
 
Public vs Private CloudsWhether the limited adoption of FinQloud is a sign of a product flaw or a larger industry trend, we feel it important to draw attention to a longstanding debate within the financial services industry – a debate that we’ve shared our thoughts on here on Hedge IT many times: public vs. private clouds. 
 
It’s certainly possible that the slow adoption of FinQloud is a result of concerns over mass public cloud usage – a stern reality for many financial services firms who expect and demand that their critical applications and data be stored in a highly secure and available environment. Hedge funds and investment firms, in particular, cannot afford unexpected downtime, and unfortunately, we’ve seen several public cloud providers experience major outages in recent years. Just last week, Dropbox users logged in to find the service was unavailable, and Amazon and Google have both found their services in the headlines in recent years over very large and public disruptions.

Categorized under: Cloud Computing  Security  Hedge Fund Operations  Hedge Fund Regulation  Infrastructure  Outsourcing  Trends We're Seeing 



How Will the AIFMD Affect Private Equity Firms?

By Kulvinder Gill,
Thursday, March 6th, 2014

In the wake of the 2008 financial crisis, which prompted a call to stricter regulations across the board, the European Commission decided to develop the Alternative Investment Fund Managers Directive (AIFMD). The European Commission pointed out that managers of alternaAIMFD Regulation Imagetive investment funds are responsible for the management of a significant amount of invested assets and can exercise an important influence on markets and companies in which they invest. Furthermore, the Commission believed activities of such alternative investment funds may amplify risks through the financial system. The directive has been developed to address a number of risks identified by the Commission relating to alternative investment funds, including systemic risk, through a single set of rules that would apply across the board.

The Alternative Investment Fund Managers Directive came into force on 22nd July 2013. Since then, the alternative investment fund managers, including managers of hedge funds, private equity firms and investment firms, have been working on submitting the 35-page application form to get registered under the directive before it comes into effect in less than four months.

The Alternative Investment Fund Managers Directive will most likely affect private equity funds if they are located in or have investors in the European Union and are identified as the alternative investment fund manager. Fund managers at private equity firms will need to obtain and comply with transparency and the reporting requirements of the directive in order to manage and market private equity funds within the EU.

Categorized under: Hedge Fund Regulation 



View earlier posts in the archive

Recent Posts / All Posts

 

Subscribe to Hedge IT

Follow Us

    Follow us on Twitter Follow us on FaceBook Follow us on LinkedIn Follow us on Google RSS Feed

Recent Articles

Categories

Archives