The following article originally appeared in HFMWeek's Cyber Compliance Focus.
It’s not enough to have strong security policies. And it’s not enough to have robust technologies in place to ward off cyber threats. In truth, it’s not even enough to have both of these.
An effective cybersecurity program, rather, can only be achieved through a consistent and comprehensive strategy that touches layers across the entirety of the organization – from perimeter security and access control to policy enforcement and employee training. Without each of these building blocks, the effectiveness of a cyber risk management program is crippled at best.
And today’s standards for cybersecurity are increasing rapidly.
Traditionally, hedge funds and private equity firms have allocated significant capital budgets to build out their own sophisticated Communication (Comm.) Rooms, which can take months to provision and bring online. With servers to buy and install, software to license and configure, and voice/networks to deploy – not to mention recruiting, hiring, and managing expensive and hard-to-find IT talent – it’s no wonder cloud solutions have emerged as the dominant choice for computing infrastructures at investment firms large and small.
Not surprisingly, many investment management firms – including those with well-established in-house infrastructures – are making the move to the cloud for a number of compelling reasons, most notably these five:
Timing. Understanding when the right time to move to the cloud might be is a smart first step. There are three typical inflection points: when you’re adding new applications, moving or opening a new office, or in need of an IT refresh. But even if you’re not under any of those circumstances, there are a lot of motivating factors (keep reading).
Cost Containment. You may not always be able to reduce the cost of IT in the long-run with the cloud (depends on your firm’s size and scope), but you will have a predictable budget to work with, which means you can contain costs and create greater predictability and smoother, linear cash flows. As an added bonus, you can better allocate funds to other strategic projects and areas more directly relevant to the business mission. Even within the IT discipline, instead of spending time on mundane, daily operation of commodity IT resources, the firm can focus on proprietary application development, application integration, cyber security protections or other strategic initiatives.
Post-launch, many hedge funds and investment firms struggle to gain ground and attract the institutional capital needed to succeed in today’s competitive market. As firms grow – and bandwidth and budget are less likely to be roadblocks – it can be a challenge to reinvent the wheel and position your firm to capture institutional dollars.
During a recent webinar, speakers from EisnerAmper and Eze Castle Integration explored trends in hedge fund operational due diligence and technology operations and offered advice for asset managers looking to grow out of their startup boots and achieve an institutional grade operation. Some areas they explored during the 40-minute webinar include:
How institutional investor expectations have changed for firms at the pre-launch and post-launch phases;
The importance of (and detriment to not) passing an operational due diligence examination;
How cyber security expectations are evolving to increase standards across both technology infrastructure and policy planning;
If the public cloud is suitable for investment management firms looking to solidify institutional investments; and
Top mistakes emerging managers make that prevent successful ODD exams and institutional evolution.
Scroll down or click here to watch the replay.
The following article originally appeared in Opalesque's Private Equity Strategies.
The role of the private equity CTO has changed significantly. New technology along with a growing list of cybersecurity threats have placed more demands on the IT department than ever before. According to a new survey of private equity CTOs from Eze Castle Integration, these demands have led to an evolution in the role of the CTO away from simply maintaining hardware and workflows and into making the CTO an integral part of information security and compliance support.
For 2017, respondents to the survey said that their key priorities were cybersecurity, improving customer experience and updating older technologies. Outsourcing some business functions and technology infrastructure to cloud services providers and others also made the list in a big way, with firms looking to outsource a variety of operations.
None of this comes as a surprise to Eze Castle’s Chief Strategy Officer, Mark Coriaty. He says that private equity CTOs have been looking to companies like Eze Castle for those new technologies as well as guidance on how best to implement them.
“Outsourcing has grown significantly over the past three years. Firms are looking for guidance, advice and managed services capabilities,”Coriaty tells Private Equity Strategies. “Private equity firms, specifically, are looking closely at how they manage and maintain data securely. Many firms lack a centralized data source. We can provide a private cloud that allows for centralization and data management.” He adds that Eze Castle also works with CTOs on a consulting basis to help them learn about best practices for information security and maintaining compliance.
Categorized under: Outsourcing
We’ve all heard the saying, “there are no stupid questions,” but when it comes to technology it is easy to feel undereducated. Knowing what to ask a hedge fund technology provider not only makes you look smart (or smarter!) but also ensures you get the right solution.hedge fund tech guidebook
In this article we’ll look at questions around Staffing, Client Service Model and User Support for your hedge fund technology Request for Proposal. Next week we’ll give questions for DR Plans, Information Backup & Retention and Data Security.
Staffing and Skills
Provide the total number of employees (current year and past year). Please show numbers for overall staff as well as a breakdown by function (e.g., developers, client service, etc.).
Provide the number of employees gained and lost (current year and past year).
Describe the organizational structure of your company. Please detail the roles specific to your business (e.g., engineers, client managers, trainers, QA, etc.)
How many full-time employees are assigned to these particular roles, by functional and geographic split?
What is the anticipated project resource profile through the stages of the implementation process?
Technology innovation and evolution has had a profound effect on many jobs, perhaps most notably for a firm’s Chief Technology Officer. Once tasked with desktop support and server maintenance, these IT executives have seen their job descriptions change dramatically over the years. But that change doesn’t necessarily signal something negative.
Our Private Equity CTO Survey asked these technology experts directly how they spend their time and what they view as the new and evolving role of the private equity CTO. Their answers highlight a transformative shift from technology troubleshooter to strategic thinker.
With the advent of outsourcing and the cloud, many feared or expected the CTO role to diminish. So perhaps the most notable finding of our survey is that 93 percent of respondents believe their firm’s CTO or top IT executive is becoming more important to their business. The vast majority of private equity IT execs are becoming more focused on managing relationships with contractors, cloud and other IT service providers. This increased focus is in alignment with the trend of today’s progressive CTOs drawing on cloud technology to create agile firms that can quickly deliver the applications users require – and working hand-in-hand with outsourced providers to support the organization’s technology and operations objectives.
Most firms (85 percent) also see the CTO becoming more involved in driving the firm to meet regulatory and compliance demands. This is especially true as regulators outline data protection and cybersecurity expectations that can only be fully addressed through the use of technology. Additionally, regulators’ expectations around third-party due diligence has increased, placing more responsibility on CTOs to execute thorough risk assessments on the contractors, cloud, software and IT service providers used by the firm.
It’s time to take another close look at the results of our 2016 Private Equity CTO Survey, this time with a careful eye on how private equity firms are leveraging outsourcing and cloud services.
Private equity outsourcing is growing in popularity – and we discussed many of the reasons why at length in a September webinar which you can listen to here. Our survey findings tell us that the average private equity firm is outsourcing about 30 percent of IT, with of course, some firms outsourcing less frequently and some outsourcing more.
On the whole, most firms are leveraging outsourced third party providers for between 20 and 40 percent of their IT functions. Firms managing less than $100M in assets are the most likely to outsource greater portions of their IT services, likely given their lack of internal staff and resources.
Overall, firms’ propensity to manage technology via in-house resources, outsourced providers or contract work is expected to stay consistent in 2017, as evidenced by the graph below.
As you probably recall, our 2016 Private Equity CTO Survey – which we released at the end of November – highlights key IT priorities and investment areas driving private equity firms in 2017. And while we shared some high-level findings at the outset, we’d like to take the opportunity to dig a little deeper into some of the survey results over the next two weeks. Since the survey itself covered four primary areas, our next four Hedge IT articles will examine each of these areas independently and highlight some of the most interesting and thought-provoking findings.
To kick us off, let’s start by taking a look at some critical business priorities for private equity firms in 2017.
Drivers for Private Equity IT Investments
We all know and appreciate how technology can impact our day-to-day operations. For private equity firms, advances in technology have enabled their businesses to become more efficient and drive growth across the entire organization.
When asked to identify the top drivers impacting IT spend in the next 12 months, survey respondents highlighted the need for increased protection against growing cybersecurity threats, a desire to improve the investor/client experience, and the goal of improving efficiencies by refreshing outdated or legacy technology.
2017 is quickly approaching and so are a plethora of new financial technology and operations articles here on Hedge IT. As we wrap up 2016, let’s take a look back and share some of our readers’ favorite articles from this past year.
Tips for launching a hedge fund are always popular on Hedge IT, and 2016 was no different. Earlier this year, Eze hosted a webinar featuring speakers Paul Schultz from Wells Fargo, Michael Mavrides from Proskauer Rose LLP, and Bob Guilbert from Eze Castle Integration. A few key takeaways from the 1-hour event include:
Understand that investors will expect enterprise-grade technology built in from Day 1.
Remember the advantages of the cloud: a predictable cost, flexibility and scalability (“tech on demand”), enterprise security, and professional management and monitoring.
Compare both the benefits and disadvantages of a “master fund” versus a “side-by-side” structure (e.g. the master fund allows for one set of books and trades, while the side-by-side structure allows for more tax flexibility)
Show investors that you have a 3+ year budget for working capital without any performance fees.
2017 is already shaping up to be an interesting year. With a new presidential administration taking office and the hedge fund industry coming off the heels of a challenging year, there’s a lot to keep an eye on. We recently hosted a panel with law firm Morgan Lewis to discuss these and many other topics as part of our “2017 Outlook for Hedge Funds: Risk, Regulation and Technology” event.
Read on for some of our panel’s key takeaways.
2017 Regulatory Outlook
While little is known about how a Trump presidency will operate, there could be potential tax savings for managers depending on how the administration chooses to regulate Wall Street.
Firms should expect to see reforms with the Dodd-Frank Act and the Volcker Rule, which could add more competition into the marketplace if limits on bank investments are adjusted.
SEC Focus Areas
Top six areas of focus for the Securities & Exchange Commission will likely be: (1) expenses and fees, (2) trade allocation, (3) material non-public personal information, (4) valuation processes, (5) operating partners and due diligence, and (6) security, privacy, insider trading and business continuity.
Cybersecurity is not necessarily part of every SEC examination, however, the bar will continue to be raised in terms of preparations firms will need to employ.
In 2016, the SEC provided additional guidance on business continuity and transition plan requirements, highlighting the need for hedge fund and financial firms to maintain their fiduciary responsibility to their clients and investors.