Financial services firms are increasingly interested relying on third-party service providers to increase efficiencies and benefit from industry expertise. While outsourcing has grown, however, regulatory bodies such as the Securities & Exchange Commission (US) and Financial Conduct Authority (UK) have begun to evaluate outsourced relationship and provide guidance around how investment management firms should engage and manage these partnerships. In 2015, the FCA drafted a “guidance for firms outsourcing to the ‘cloud’ and other third party services.”
The document aims to ensure that risks associated with outsourcing are appropriately identified and managed. Thirteen key areas of consideration are highlighted below.
Legal and Regulatory Considerations. In undertaking the due diligence process, an investment firm should consider and compare operational risks associated with outsourcing to various providers (e.g. public vs private cloud) as well as any specific legal or regulatory obligations. Firms should identify and record contracts with all service providers, ensuring that compliance with any relevant requirements lives throughout the supply chain.
This article was written by Bob Guilbert, Managing Director, and first appeared in Hedgeweek's 2016 Guide to Setting Up an Alternative Investment Fund in the USA.
You're a new fund manager, and somewhere on your task list the letters "IT" are probably followed by a question mark. Odds are, you don't have a technology background, so as your firm's Chief Operating/Financial/Compliance Officer (or in some cases, Portfolio Manager), the sudden responsibility you've undertaken as your firm's de facto IT Manager is intimidating at best.
The good news is, as a startup, your IT options are pretty clear. In 2016, there's no better technology decision a new firm can make than selecting a cloud platform – an infrastructure that has proven benefits including scalability, flexibility and robust security, among others. And while the thought of hosting IT offsite was once a worry for allocators, today's investors find comfort in knowing hedge fund and alternative investment firms are focusing on their investment priorities and leaving the technology decisions to the experts.
From our perspective, the cloud is now a tried and tested infrastructure environment that is acceptable to the institutional investor community. They have become very thorough in their operational due diligence process, understanding exactly what cloud providers provide from an operational, management and security perspective. This has allowed managers to become much more comfortable at appointing a cloud provider to deliver an infrastructure that will perform well in any type of trading environment.
Where managers need to spend their time is deciding on the best cloud provider to work with, as opposed to thinking about whether or not they should use a cloud provider in the first place.
And how exactly do emerging fund managers embark on that decision-making process?
The financial services industry is currently under tremendous pressure to meet both investor and due diligence requirements. Thus, it is increasingly important to maximize technology to meet these pressures. To conclude our six-part hedge fund launch webinar series, we spoke with Eze Castle Integration’s own managing director Vinod Paul, who shared insights about current IT challenges and demands and how today’s hedge funds can employ best practices for operational excellence.
Key Priorities for New Managers
Paul defined cybersecurity and scalability as two primary technology considerations for new managers. You must first understand your firm’s specific vulnerabilities and exposures. One of the most common mistakes new launches make, according to Paul, is assuming that they only require the basic bare minimum in terms of technology. He urges new managers to pick an IT solution with operational growth in mind -- considering the business not at the onset, but in three to five years.
Service Provider Selection Criteria
Paul continued to place emphasis on customized IT, stating that when it comes to outsourcing, it is imperative that a firm carries out proper due diligence in choosing a provider to meet the firm’s unique needs. “You want enter into a true partnership that offers open lines of communication, flexibility, and ultimately, trust and accountability,” he said. Brand and reputation, long lasting relationships with clients, and industry experience are some of criteria Paul feels are most important when selecting a service provider. “Don’t step in to it with the attitude that a current provider is good enough, for right now,” he cautioned. The service provider should not only address day-to-day operations but also anticipate potential problems down the road.
During part 5 of our 6-part Hedge Fund Launch Webinar Series, we discussed the real estate frontier for startups with guest Ben Friedland, Executive Vice President at CBRE in New York, and his colleagues.
When searching for a space for your firm, “The trickiest part is the great unknown,” said Friedland, expressing perhaps the most common sentiment of new managers. “Flexibility,” he continued, “is the most important factor.” As a new manager, you must be willing to ask yourself, How is my firm going to do? Will it double in size in a year or shut down?
This uncertainty calls for careful consideration of what type of space is best suited for your firm. Friedland described four typical types of spaces:
Temporary office suites; and
In the last decade, the financial services industry has seen a dramatic increase in the number of high-profile cyber-attacks. Data breaches have risen in frequency, sophistication and risk impact. In light of this trend, emerging and established firms alike must consider measures to mitigate these growing risks. During this week’s session of our Hedge Fund Launch Webinar Series, Nicole Segal and Gamelah Palagonia of Willis Towers Watson spoke with us about how to leverage cyber and privacy liability insurance, as well as offered insight in to the evolving nature of cybercrime.
“In the past two years, there’s been more talk than action,” Palagonia began. In the past, most hedge funds didn’t feel like they had exposure because they weren’t collecting personally identifiable information (PII) or credit card information. Now, with the threat of ransomware and damage to digital assets looming, hedge funds are increasingly interested in cyber insurance. Our guests acknowledged, however, that new SEC guidelines have also played a large role in shaping how firms consider cyber insurance. “There was a shift at the SEC level from a compliance-based to risk-based approach,” said Palagonia. “You can’t just wait until an event happens to remediate it.”
Segal noted that despite increased regulatory exposure, the general insurance market for hedge funds has reacted quite favorably. In the past two or three years, many insurance companies have entered the marketplace for underwriting for hedge funds on both the property and casualty side. Rates are dropping dramatically, and coverage terms are relatively favorable at this point in time. For example, many of the required coverages for startups come in business packages at oftentimes reasonable costs. Some of this must-have coverage typically includes property & casualty, general liability and worker’s compensation.
Categorized under: Launching A Hedge Fund
This week, we had the pleasure of speaking with Shelly Rosenweig, Partner at Haynes and Boone LLP, who discussed the importance of compliance as well as the 2016 examination priorities of the SEC. Throughout the webinar, Shelly reminded attendees about the importance of undertaking compliance measures right at the start of a launch, not only for regulatory purposes, but to demonstrate to prospective investors commitment to compliance.
2016 SEC Examination Priorities
There are four priorities for the SEC that any startup manager will want to be aware of:
Exempt Reporting Advisors (ERA) – An exempt reporting advisor is any advisor that takes advantage of the venture capital fund advisor exemption or the private fund advisor exemption. The private funded advisor exemption is available to investment advisors whose clients are solely comprised of private funds who have less than $150 AUM and are not required to be registered as an advisor in the state where their principal office is located. In November of 2015, OCIE began to examine ERAs as part of their routine examinations.
What can ERAs do to prepare?
Ensure your information provided on your ADV application is accurate and consistent. The ADV application is required to be updated annually and when changes occur.
Make sure marketing and advertising material are in compliance with the anti-fraud provisions of the Advisers Act preventing advisors from engaging in manipulative activity. For example, advisors are surprised to learn that performance returns may only be disclosed to prospective investors in certain instances
Confirm you are in compliance with the “pay to play” rule under the Advisers Act (Rule 205). Pay-to-pay generally refers to various arrangements by which advisers may seek to influence the award of advisory business by making or soliciting political contributions to government officials charged with awarding such business.
Comply to the Books and Records Requirements under the Advisers Act. This technically only applies to registered advisors, but the SEC has championed the importance of organized record keeping. These records fall under two categories, the first being general accounting. These are business records, such as keeping ledger of sales. The second is additional records, such as memos describing disciplinary events.
A virtual family office is a lean single family office that uses a high level of outsourcing to keep the staff as low-cost and flexible as possible. A virtual family office and single family office are essentially one in the same, but the former model is most typically used by families with just $20M-$200M in assets under management, where a customized model is needed but not all of the overhead and support of a fully-fledged single family office.
Virtual family offices first gained modest popularity in the 1990’s, particularly in London, Zurich, and New York, as wealthy families heard about the benefits of having their own single family office and desired the direct control that can be designed into such a structure. As the family office industry has expanded over the past 20 years, this term has become more common and will likely gain traction in the future as families continue to seek out customized, affordable family office solutions.
Three Benefits of a Virtual Family Office
One might wonder why a family would set up a virtual family office rather than hiring a multi-family office or establishing a full-fledged single family office. Here are the three benefits of a virtual family office that are most often cited by families:
Direct Control & Flexibility: If you don’t like one person on the team, you replace them; if you want to reshape your team, your portfolio, etc., you can do so swiftly at your own discretion. If you hire a multi-family office or wealth management firm instead of a virtual family office, you may feel “stuck” with the team that is assigned to you and have little flexibility to pursue a different wealth management approach. Many families have recently wanted to conduct more co-investments and club deals, for example, and a team may be re-built around that need very quickly.
Diverse Investment Perspectives: If you hire a Chief Investment Officer (CIO) to only manage your family’s wealth, they may soon lose track of what other families are investing in and techniques they are using. Inside of a virtual family office, however, you could use a multi-family office asset management service or outsourced CIO. You could negotiate the management of liquid assets or additional areas of your investment portfolio to be administered by a leading multi-family office and they would gladly accept your business.
In my experience, this is not common practice but it can be a tremendous benefit for families that use this strategy. Most virtual family offices hire an outsourced CIO who helps hire and fire investment fund managers, reviews deal flow, helps manage real estate investments, and is responsible for the overall investment portfolio design and risk management. In either case—hiring a multi-family office or outsourced CIO—you get the benefit of using the best practices collected from serving multi-family offices, but within the structure of a single family office. Yes, you can gain this perspective as a traditional single family office, but likely at a higher price point, which leads us to the next benefit.
Categorized under: Launching A Hedge Fund
To help emerging hedge fund managers we are running a 6-week Hedge Fund Launch Webinar Series. This week we were joined by Frank Napolitani, Director, Financial Services at EisnerAmper. During the 30-minute interview, Frank shared insights on the benefits of outsourcing to service providers as well as advice on how to conduct proper due diligence on front, middle, and back office operations.
The Learning Curve
“There is a learning curve to get your hands around what it takes to run a business,” Frank began. Often, he said, a portfolio manager that has left a larger hedge fund complex or investment bank knows perfectly how to run a book, but has little knowledge about how to run a business. The smartest managers, Frank said, are the ones who “sit back, listen, and consult a number of different service providers in the space before moving forward.”
He went on to note that the operational due diligence (ODD) industry has grown dramatically post-Madoff. While a manager’s pedigree, investment process, and performance used to take precedence, it is now front, middle, and back office operations plus legal compliance that are most important.
Frank warned: “Keep everything up to date.” Sophisticated investors will follow up quarterly, twice a year, or annually. Because they collaborate with many ODD teams, research teams will immediately have a feel for what is right and what is wrong with a manager from a front, middle, and back office perspective. “They won’t waste too much time on someone they won’t seriously invest in,” Frank concluded.
For any new investment startup, the task list is lengthy. Beyond investment priorities and strategy decisions, new managers are also grappling with securing office space, ordering technology, engaging with service providers, and much more. One aspect often overlooked is human resources. To kick off our Hedge Fund Launch Webinar Series, we invited Maya Cohen, Senior Vice President at TriNet, to share HR priorities for startup hedge fund managers.
Human Resources Challenges for Investment Startups
HR can pose a challenge to any new business owner. If you’re venturing out from a larger institution, you’re used to relying on a large HR department to meet your needs and answer your questions. Now, as the employer for the first time, you’re expected to fill that role seamlessly. You’ll soon be faced with situations unfamiliar to you: creating initial offer letters, negotiating healthcare costs, and dealing with employee terminations. You’ll need to think about the type of work environment you want to foster. Will it be casual or formal? Will you offer rich benefits to employees? How will you handle payroll questions? These are just a sample of the decisions you’ll need to make as you start your hedge fund.
Did you hear the story of the Central Bank of Bangladesh that lost $81 million to hackers? It happened in February 2016 and goes like this. The bank believes hackers executed a hack that allowed $81 million to be taken from the bank’s foreign exchange account at the Federal Reserve Bank of New York. It appears that the initial point of entry for the hackers was a spear-phishing email, potentially sent weeks before the fraud took place, which allowed the criminals time to remotely monitor and probe the bank’s networks without detection.
This is just the latest advanced threat facing financial organizations. Beyond cyber technology (which is essential), organizations need an internal culture of security, an ongoing, organization-wide commitment to defining and adhering to careful, thoughtful policies that reduce or eliminate “people vulnerabilities” through assessments, awareness, and education.
We recently published a Four Step Guide to Creating a Culture of Security. Here are some highlights – you can read the full paper HERE.
1. Create a Computer Incident Response Team
Your first step is to find the right people who can oversee your information-security policies and be part of a “Computer Incident Response Team.” Although IT professionals are responsible for overseeing and maintaining your computing infrastructure, you also need business users to play a central role in your security initiatives.
After all, they’re the ones who use these resources – and the ones who can represent the biggest vulnerabilities and risks. While the team’s responsibilities can vary, many CIRTs are active in several key areas:
Create a Plan
Create Training Programs
Respond to Incidents
Communicate with Peers/Industry Groups