To wrap up and round out our 6-week Risk Outlook Webinar Series, we spoke with John Cotronis, Executive Director at JP Morgan, about hedge fund risk management and governance. Specifically, he addressed the following questions:
What have you observed in recent years in terms of changes affecting hedge funds – particularly at the startup phase?
Have you noticed a marked shift in the importance managers are placing on risk?
Do the firms you typically engage with have staff on hand to manage risk – compliance officers, etc.?
In terms of corporate governance, where do you see investment firms excelling when it comes to implementing risk management controls and also fostering a culture of risk management across the firm?
Let’s talk a little bit about counterparty risk. What kind of criteria are you looking for that indicates to you a provider has the right risk management framework and best practice structure to support your clients?
A lot has gotten tougher for firms, particularly on the investment side with capital raising, also with regulatory reporting, etc. What areas of operations do you think have gotten easier for hedge funds over the years?
What is your assessment of outsourcing risk – is it higher or lower than managing various functions in-house?
As financial firms become increasingly interconnected and globalized, their dependence on cyberspace has skyrocketed. While this amplified reliance on the infobahn has accelerated productivity and growth, it has also exposed firms to larger risks, such as hacking, malware, spyware and social engineering. The latter, which is the most disregarded element of an organization’s security program, is also the most dangerous.
Social engineering (e.g. phishing, pretexting, baiting, etc.) relies on the exploitation of human behaviors to breach an organization’s information security system. Hackers prey on propensities of human nature, including:
Trust: Some people are trusting to a fault; therefore, they do not question the intentions/identity of another person until proven to be false.
Ignorance: Disregard for the consequences of carelessness with sensitive business information.
Laziness: Willingness to cut corners, such as not filing away confidential paperwork and leaving it exposed for others to see.
Kindness: Employees want to feel that others can leverage them for their assistance and information because we’ve trained them to do so. However, this can lead to divulging too much information to the wrong person.
As our Risk Outlook Series continues, we recently spoke with John Araneo, Partner at Cole-Frieman & Mallon LLP in New York, about many of the regulatory risks facing hedge funds today, including compliance, expense allocations and cybersecurity. Continue reading for a brief synopsis or scroll down to watch our webinar replay below.
How would you describe the current regulatory climate for fund managers and investment advisers?
For hedge fund managers and investment advisers, the regulatory expectations have never been higher. Looking ahead to 2017, managers and advisers should expect the challenge of having to navigate potentially seismic regulatory changes - each of which has the potential to complicate business practices and add to the cost and complexity of compliance.
How should clients prepare to react to these changes?
It’s a top-down approach that all comes down to compliance. A culture of compliance is no longer a lofty goal or a cliché; it is now a regulatory expectation. There needs to be a robust compliance program, actual implementation, and accountability. Clients should be prepared and able to effectively manage the SEC examinations. Managers need to take time to understand regulatory priorities and expectations before an exam.
What is the current regulatory regime's appetite for outsourcing the compliance function?
There is no requirement for firms to employ a full-time person to service compliance. However, the worries about outsourcing certain functions, particularly the compliance officer function, may lead to weakened compliance culture. The opportunity of outsourcing creates a gap between the compliance function and the operations, decision makers and day-to-day activities. Outsourcing can be effective and sufficient, but management needs to resist setting it and forgetting it.
With October being cybersecurity awareness month it is an important time to ensure your firm and employees are aware of and using best practices, and security policies and procedures. Risk mitigation is needed to protect both the firm and its employees from savvy hackers and attacks. Data breaches continue to wreak havoc on businesses, and the cost is continuously rising. According to the Ponemon Institute, the total average cost of a data breach is now $4 million, up from $3.8 million in 2015. Hackers have everything to gain while your firm bears reputational and operational harm.
While companywide policies should reflect long-range expectations and corporate best practices, they should also include tactical recommendations that employees can follow to ensure they are complying with the company’s overall risk strategy. To get started here are just a few pieces of advice we offer our investment firm clients and remember to not only inform employees on what to do, but also what not to do.
In honor of October being National Cyber Security Awareness Month, we’ll be bringing helpful articles on a range of topics starting with this one on understanding malware.
We’re also debuting our first interactive game, FreEze!, where your challenge is to hit malware before it hits you (à la Space Invaders). Play the game below or keep reading for more on malware -- or do both!
Play FreEze and be a Malware Fighter
In Part Three of our Risk Outlook Webinar Series, Michael Corcione, Managing Director of Cordium, spoke about compliance and cybersecurity trends in the investment industry. Although cybersecurity risks and struggles can vary from firm to firm, it is important to address a number of key areas.
Continue reading for quick takeaways or scroll down to watch the 30 minute video replay.
Good security can be achieved as firms move from reactive to proactive strategies. Firms usually start with the goal of checking the box for regulators, but they need to get beyond the 'check-the-box' exercises and test controls. The SEC’s 2015 cybersecurity guidance update provided more specific insights on cybersecurity focus areas for investment firms - governance and risk assessments, training and awareness, incident response, data loss prevention, access rights controls, and vendor risk management. Hedge funds and investment firms should use this as a framework, understand how they have addressed these areas and where they need to improve.
A good cybersecurity program starts with the leadership team, and they need to set the tone from the top down. This way everybody understands the impact of risk and its effects on the firm. Leaders should acknowledge risk, understand risk, and lead ongoing discussions firm-wide.
Private equity firms have been slow to embrace outsourcing, but managing data and technology is more complex than ever. With increasing regulatory requirements and a growing urge to focus on core competencies, PE firms are shifting their views of the back office. In case you missed our recent webinar on 'The Transformation of Private Equity Operations', speakers from Citco Fund Services and Eze Castle Integration examined the changing tide for private equity operations and how CFOs, CTOs and fund managers alike can control operating costs, maximize efficiency and better perfect operational workflows.
Drivers for change.
The number one reason for managers to make the switch to an outsourced solution is the desire for managers to get back to their roots. The idea of back office transformation is really founded in that managers have found themselves spending much more time doing everything but raising money and investing money.
Beneath this layer, back office transformation is also driven by regulation, investor transparency, the lifecycle of a private equity firm, and global reach. Slow adoption, fast results. The private equity sector has been slow on the uptake when it comes to outsourcing, and we contribute this lag due to lack of education on the process and benefits of outsourcing. In the past three to five years, adoption in the PE space has increased because it is cost effective, secure and feature rich. Private equity firms that have made the switch wonder why others are not doing the same. The idea of leveraging an experienced managed service provider is one that private equity firms have really embraced because there is no burden for firms to hire and attract talent, which can be challenging and expensive.
Risk. Across the financial services industry, it’s a buzzword right now, and rightfully so. Perpetuated by mounting regulatory change, growing cybersecurity threats and a challenging market climate, the focus on risk is one that grows with each passing day.
As such, we are hosting a 6-week webinar series, Risk Outlook, wherein we’re interviewing industry experts on a host of risk-related topics. To kick off the series, last week we interviewed Mark Strachan, chief operating officer and compliance officer for BBL Commodities, a New York hedge fund. Read on for a recap of my conversation with Mark or scroll to the bottom to watch the webinar replay.
Question (Q): The last 5-10 years have been challenging for the investment management industry, looking back to the 2008 financial crisis as well as with increasing regulatory initiatives and changes across the investor due diligence process. How have your views on risk and the risk landscape evolved during this time? Or have they evolved?
Mark Strachan (MS): I think they’ve certainly evolved. The core features of non-investment risk – such as operational, counterparty, regulatory, security and business risk – have been constant, but they have evolved in terms of their complexity, our experiences with them, the tools available to help mitigate exposure and the focus by investors through their due diligence process.
The new Apple iOS version 10, that was released today, delivers some cool new features but before jumping in we recommend you review the following upgrade steps.
Here’s why. As with any major update, there can be risks associated with early adoption until issues are uncovered and Apple has the time to debug and fix them. Eze Castle Integration has learned of some significant potential issues including risk of data loss due to incompatibilities with mobile device management (MDM) applications.
So here’s a critical to-do list before starting the iOS 10 upgrade.
FIRST - BACKUP
Backup your device. Always take a backup before updating your device.
1. The best way to do this is via WiFi at night when the device is also plugged into a power source (computer or electrical outlet). iCloud will back up your device on its own if configured correctly and provided you have enough storage. To ensure this is occurring, launch the Settings App -> iCloud -> Backup and see what it says next to “Last Backup:”. If it only states a time, then it means it backed up today and no further action is needed. If it says a date, you can back up the device by clicking “Back Up Now”. (Note: WiFi is required to back up this way). If this fails, you can back up to iTunes (see next bullet) or clients can call ECI’s Help Desk for assistance.
2. Alternatively, you can backup using iTunes. Plug the device into a computer, launch iTunes, right-click on your device and click “Back Up.”
Manually backup passwords. Ensure you know your iCloud passwords, iTunes Store password, email passwords and any other critical passwords. Write them down and test them. Then safely and securely discard that information. As a best practice, there are secure password storage applications available through the App Store.
Copy anything you can’t live without. Backup anything (i.e. photos) that you cannot live without. Do so in a way that you can verify the backup easily. One option is enabling iCloud Photo Library so you can access copies of your photos on all your other iOS devices.
The day that many Apple users wait for every year finally came - the release of the newest Apple products. From the latest iPhone to the all-new Airpods, Apple had a lot to share with us yesterday afternoon. We’ve recapped some highlights below.
Watch Series 2
Unlike the Watch Series 1, the Watch Series 2 now has a built-in GPS and is water resistant. The new processor will now be in the Watch Series 1 and the Watch Series 2, but there will be a $100 price difference between the two models.
The new iPhone 7 introduces a new camera, better performance, longer battery life, stereo speakers, the brightest display yet, and it’s the first water resistant iPhone. iPhone 7 and iPhone 7 Plus are splash, water, and dust resistant and were tested under controlled laboratory conditions with a rating of IP67 under IEC standard 60529. Battery life and charge cycles vary by use and settings, but the iPhone 7 and & 7 Plus have been tested to hold a charge up to one (7 Plus) or two (7) hours longer.
Strangely, Apple seemed quite excited to announce the introduction of two new colors - black and jet black.
The biggest change for iPhone users is the elimination of the audio port. Stepping in are AirPods, Apple’s version of wireless headphones. The iPhone 7 will come with traditional EarPods that are connected through the lighting connector (goodbye, headphone jack!), or you can use an old set of headphones using the provided adapter. AirPods are an additional cost ($159).