This article first appeared in HFMWeek's Special Report: How to Start a Hedge Fund in the EU 2015.
HFMWeek catches up with Eze Castle Integration’s executive director, Dean Hill, to discuss the importance of selecting the right business service providers and the key technology factors new funds must consider when starting out in the EU.
HFMWeek (HFM): Are you seeing a healthy market for new hedge fund launches in the EU?
Dean Hill (DH): Yes. I think going into 2016 we will see an increase in terms of the amount of new hedge fund launches across the UK and European markets. Not only are these launches coming more frequently, but their size, structure and launch AuM is greater than anything we have seen in the last two-to-three years. It is certainly on the uptake.
Among the many technology decisions your firm will face during the launch phase is selecting the appropriate telecommunications needs to power daily operations. High-speed Internet and voice connectivity are necessary to access market data feeds, communicate with investors and facilitate trade orders and other investment decisions. To help you make an informed decision about your voice and Internet needs, we’ve provided a few suggestions below.
The Internet, of course, is an essential vehicle for collecting and distributing market data, as well as communicating with your clients, investors and partners via email. You’ll likely find four Internet access choices, depending on availability in your area. There are benefits and drawbacks to each, as described below.
On September 15, 2015, the SEC’s Office of Compliance Inspections and Examinations (OCIE) issued a Risk Alert providing additional guidance on key focus areas for round two of its cybersecurity examinations. Specifically OCIE stated exams will “involve more testing to assess implementation of firm procedures and controls.” The Commission intends to focus on the following areas as a means to collect information on cybersecurity-related controls and assess the controls in place at firms:
Governance and Risk Assessment: According to the Alert, OCIE may evaluate the governance and risk assessment process for areas including, but not limited to, access control, employee training, third-party/vendor management and IT systems management. Examiners also expect to see that assessments and associated policies are specific to a firm’s business.
Access Rights and Controls: OCIE warns that the lack of basic access controls and user management policies can result in unauthorized access to systems and information. Examiners may request details on how a firm manages user rights and what supporting technologies are in place.
Back on July 8th of this year, the New York Stock Exchange (NYSE) experienced a temporary outage and proactively suspended trading. In many ways, the NYSE acted swiftly and responsibly when they noticed that there was a technical issue with its trading platform. The NYSE realized quickly that traders would not be able to reliably trade and ultimately decided to suspend trading across the market until full functionality could be restored. In total, NYSE trading was suspended for nearly four hours.
Although the overall impact of the downtime was minimal in the grand scheme, had this event impacted the public market data feed which traders and investors use to access critical information on public markets, the impact would have been more severe. Even still, there are some takeaways from this event. A positive: the success of the SEC Regulation NMS implementation. A negative: critique of the initial communications from the NYSE. Let’s examine these a little closer.
A Win for SEC Regulation NMS
The technical issues that caused the NYSE to suspend operations on July 8th occurred as the result of a new software rollout. All open orders at the time were canceled. Most investors were able to continue trading utilizing one or several of the 11 other Exchanges or 40+ dark pools to execute trades. A recent Wall Street Journal article1 indicated that as of 2005, 80% of the trades conducted across the U.S. stock market were via the NYSE. That figure currently stands at about 20%, in part because of a 2007 regulation commissioned by the SEC called Regulation NMS (national market system). This rule, enacted in 2007, allows for orders to be directed to the exchange that quotes the best price. It also reduces transaction fees for investors as a result of increased competition. Therefore, there is fortunately redundancy and flexibility for traders if a single or multiple markets are experiencing downtime. Had July’s technical glitch taken place a decade earlier when the majority of US stock trades were executed on the NYSE, the impact would have been more severe.
If you’ve seen or read the news lately, there’s been a lot of talk about the recent Ashley Madison hacking scandal, by which a group of hackers known as Impact Team attempted to blackmail the site into shutting down – or risk having the information of some 37 million members released. Member information, including account details and payment transactions, was ultimately released over the Dark Web. Sounds spooky, yes? But what exactly is the mysterious Dark Web? And how can you access it? Here’s what you need to know about the Internet’s black sheep.
The Dark Web: What exactly is it?
In essence, the Dark Web is a cloaked portion of the Internet only accessible to users with specific software or authorization. It is part of the Deep Web – a section of the World Wide Web not indexed by search engines, meaning your standard Google and Bing crawls won’t do the trick.
Much of the concern surrounding the Dark Web has to do with the types of activities generally perceived to take place there. As you can see in Figure 1, according to Dr. Owen Gareth’s presentation “Tor: Hidden Services and Deanonymisation,” the majority of so-called hidden services lurking in the Dark Web are worrisome. Drugs, fraud, counterfeit, hacking, porn, abuse, guns, gambling: the list goes on. And let’s not forget the identities of the alleged cheaters from Ashley Madison.
Eze Video Debut!
Ever wonder about the layers of security encasing our Eze Managed Suite solution? We thought you had. That's why we created this video, which outlines not only the security protections but also the extensive services available to investment firms and hedge funds that move to our premier cloud solution.
Watch, learn and then contact us for more details.
The following article is part of our Hedge Fund Insiders Article Series and was contributed by Willis Group Holdings Ltd. Read more articles from the Series HERE.
The Cyber risk landscape is rapidly evolving. Governments are facing an unprecedented level of Cyber attacks and threats with the potential to undermine national security and critical infrastructure. Similarly, businesses across a wide range of industry sectors, particularly those in the health care, retail and financial services industries1, are exposed to potentially enormous liability and costs as a result of Cyber incidents and data breaches.
Given the risk landscape, it is no wonder companies of all sizes continue to be subject to increasing data breach liability, both in the form of single plaintiff or class action lawsuits and regulatory investigations and proceedings. Negligence, breach of fiduciary duty and breach of contract are just some of the allegations that a company may face as a result of a systems failure or lax security that compromises the security of customers’ personal information or data.
Plaintiffs in data breach class actions typically allege that businesses failed to adequately safeguard consumer information and gave insufficient and untimely notice of the breach. Companies may also face class actions from banks and credit unions seeking damages for administrative expenses, lost interest, transaction fees and lost customers.
Settlements of data breach class actions can be exorbitant. For example, 25 class action lawsuits were settled in the wake of a retailer’s 2007 data breach involving the theft of data related to over 45 million credit and debit cards. The settlement included: up to $1 million to customers without receipts; up to $10 million to customers with receipts ($30 per claimant); $6.5 million in plaintiffs’ attorneys fees; and three free years of credit monitoring, with total costs reportedly up to $256 million. More recently, in 2014, two major retailers reported that the total costs of data breach and related class action lawsuits (less expected insurance recovery) was estimated at $63 million and $191 million, respectively. And, this year, two major health care companies are separately facing several lawsuits as a result of data breaches that reportedly exposed the personal records of 80 million and 11 million people, respectively. While these matters have yet to be resolved, the anticipated costs of litigation and settlement may set records.
The following article is part of our Hedge Fund Insiders Article Series and was contributed by Haynes and Boone, LLP. Read more articles from the Series HERE.
Cybersecurity risks pose an increasingly significant threat to investment advisers. In early 2015, the Securities and Exchange Commission’s (the “SEC”) Office of Compliance Inspections and Examinations (“OCIE”) identified its annual adviser examination priorities which reflect certain practices perceived to present heightened risk to investors and/or the integrity of US capital markets, one of which was cybersecurity compliance and controls. In April 2015, the SEC’s division of investment management (the “Division”) issued guidance (the “Guidance”)  reinforcing cybersecurity as a priority for advisers and suggesting that advisers implement cybersecurity risk assessment plans, response strategies, and written policies and procedures. Included below are measures advisers should consider (some of which are directly from the Guidance) when addressing cybersecurity risks relating to their operations:
Risk Assessment. Advisers should conduct assessments of: (1) the nature, sensitivity and location of information that it collects, processes and/or stores and the technology systems it uses; (2) internal and external cybersecurity threats to and vulnerabilities of the adviser’s information and technology systems; (3) security controls and processes currently in place; (4) the impact should its information or technology systems become compromised; and (5) the effectiveness of the governance structure for the management of cybersecurity risk.
As summer officially approaches its halfway point, we at Eze Castle Integration hope that everyone is enjoying the beautiful weather. We also want to take this opportunity to remind folks to be mindful that your firm can still be vulnerable, even when the weather is warm and sunny. With heat and humidity rising, power usage is increased to keep offices cool, leaving firms susceptible to power outages. Additionally, with employee vacations prevalent during the summer and offices less crowded, there are fewer gatekeepers protecting your firm from social engineering threats and hackers. Let’s examine some of these factors a little more closely and offer some business continuity and security tips to keep your firm running at full speed in the summer heat.
Impact of the Heat: Power Outages
You are sitting at your desk and recording sensitive information for one of your clients, when all of a sudden your screen goes black, and the office is completely dark. Your firm has experienced a power outage caused by increased usage during the summer months, and you are not sure if your information and technology is protected.
The months of July, August and September are considered the “blackout season” as major cities use the most power during these months, leaving them susceptible to power outages. According to the Energy Information Administration, electrical power outages, surges and spikes in usage bring about more than $150 billion in annual damages to the U.S. economy.1
We take our thought leadership efforts seriously around here, and we’re always interested in educating our clients and partners about technology issues that can affect them. We’re also fortunate to be invited to speak frequently on a variety of hedge fund technology topics – most recently, cybersecurity. Our own Managing Director, Vinod Paul, participated in a panel session last month in New York dedicated to this topic.
Featuring speakers from Eze Castle Integration, Citrin Cooperman, Akin Gump, and CFO Consulting Partners, the panel spoke candidly about how the cybersecurity landscape is evolving for financial services firms and how they can begin to comply with recent recommendations from the SEC and FINRA. Following are some highlights from the event. If you’d like to listen to the podcast of the panel, click here.
Many firms question whether they need to do anything to comply with SEC cybersecurity recommendations. The answer is yes. And it’s more than technology firms need to employ.
Cybersecurity governance is a critical component. Who is in charge beyond the IT team? Someone at the firm needs to take accountability for this process and interface with various functions to ensure compliance. Ideally, a Chief Compliance Officer or Chief Information Security Officer should handle.