Post-launch, many hedge funds and investment firms struggle to gain ground and attract the institutional capital needed to succeed in today’s competitive market. As firms grow – and bandwidth and budget are less likely to be roadblocks – it can be a challenge to reinvent the wheel and position your firm to capture institutional dollars.
During a recent webinar, speakers from EisnerAmper and Eze Castle Integration explored trends in hedge fund operational due diligence and technology operations and offered advice for asset managers looking to grow out of their startup boots and achieve an institutional grade operation. Some areas they explored during the 40-minute webinar include:
How institutional investor expectations have changed for firms at the pre-launch and post-launch phases;
The importance of (and detriment to not) passing an operational due diligence examination;
How cyber security expectations are evolving to increase standards across both technology infrastructure and policy planning;
If the public cloud is suitable for investment management firms looking to solidify institutional investments; and
Top mistakes emerging managers make that prevent successful ODD exams and institutional evolution.
Scroll down or click here to watch the replay.
When it comes to cybersecurity, the list of haves and have nots is constantly evolving due to the changing regulatory and threat landscape. In case you missed it, we hosted a webinar this week on Cybersecurity Basics for Asset Managers, during which we uncovered various elements within three primary cybersecurity layers: from Tier 0 (Basic Protection) to Tier 1 (Industry Standard) to Tier 2 (Advanced Protection).
How does your firm stack up when it comes to your cybersecurity practices? Watch the replay below and find out where you fit in.
Tier 0: We call this level Tier 0 in part because, well, there’s zero chance your firm will have long-term success in thwarting cyber risks if you don’t employ these basic security measures.
Our 2016 Private Equity CTO Survey is packed with insights across four primary areas: business priorities, cybersecurity, outsourcing trends and the evolution of the private equity CTO. These findings include:
70% of PE firms report their organizations have experienced 3 or more cybersecurity issues in the past 12 months
Nearly 90% of respondents identified cloud computing as a planned investment area, with respondents preferring private cloud solutions over the public cloud.
93% of survey respondents believe their firm’s CTO or top IT executive is becoming more important to their business
Checkout out our infographic (below) for a picture of our findings and download the full report here: www.eci.com/pesurvey.
The tide is changing for private equity firms. They continue to grow in popularity – some say private equity is the new hedge fund – but with increased interest comes amplified speculation and heightened expectations.
In technology, private equity firms have found a fierce enabler for continued growth, and one that has shone the light on organizational benefits to be had far beyond the IT closet.
Eze Castle Integration commissioned its Private Equity CTO Survey to more closely examine the evolution of the private equity industry as driven by – and driven to – technology. In reaching the top IT executives and chief technology officers (CTOs) at these firms, the survey highlights their priorities, successes and even failures, and in doing so, sheds light on this industry that has risen to the forefront of the greater financial community.
Our Private Equity CTO Survey encompasses four primary sections: business priorities, cybersecurity, outsourcing trends and the evolution of the private equity CTO.
If one thing is to be derived from the advent of information technology, it is that IT enablement extends well beyond the recesses of the Communications Room. Accordingly, technology decision-making is also impacted by an organization’s business objectives, and the two work in alignment to derive achievements across the firm. In this section of the survey, we’ll highlight areas where business goals have impacted IT budgets and where private equity firms plan to focus their attention in the coming year.
Social engineering schemes continue to grow in their sophistication, and phishing campaigns, in particular, are causing concern as they make their way to employee inboxes. These fraudulent email campaigns (and phone calls too!) appear legitimate and take advantage of employees who are often too busy or simply unprepared to identify a scam. In either case, if the employee clicks a link, downloads an attachment or provides credentials or financial information to a hacker behind the scenes, it is a gateway to potentially very serious scenarios.
And these scams are working. A 2016 study by Verizon found that 30 percent of phishing emails are opened by the recipient. According to the FBI, spear-phishing campaigns between 2013 and 2015 cost companies more than $2 billion.
And while there are next-generation firewall protections and email security features and tools to act as security barriers to targeted attack emails, unfortunately, some of these emails are still going to get through and pose a threat to your firm’s security posture. (Side note: to learn more about each of these cybersecurity defense layers, watch our webinar replay below).
To wrap up and round out our 6-week Risk Outlook Webinar Series, we spoke with John Cotronis, Executive Director at JP Morgan, about hedge fund risk management and governance. Specifically, he addressed the following questions:
What have you observed in recent years in terms of changes affecting hedge funds – particularly at the startup phase?
Have you noticed a marked shift in the importance managers are placing on risk?
Do the firms you typically engage with have staff on hand to manage risk – compliance officers, etc.?
In terms of corporate governance, where do you see investment firms excelling when it comes to implementing risk management controls and also fostering a culture of risk management across the firm?
Let’s talk a little bit about counterparty risk. What kind of criteria are you looking for that indicates to you a provider has the right risk management framework and best practice structure to support your clients?
A lot has gotten tougher for firms, particularly on the investment side with capital raising, also with regulatory reporting, etc. What areas of operations do you think have gotten easier for hedge funds over the years?
What is your assessment of outsourcing risk – is it higher or lower than managing various functions in-house?
As our Risk Outlook Series continues, we recently spoke with John Araneo, Partner at Cole-Frieman & Mallon LLP in New York, about many of the regulatory risks facing hedge funds today, including compliance, expense allocations and cybersecurity. Continue reading for a brief synopsis or scroll down to watch our webinar replay below.
How would you describe the current regulatory climate for fund managers and investment advisers?
For hedge fund managers and investment advisers, the regulatory expectations have never been higher. Looking ahead to 2017, managers and advisers should expect the challenge of having to navigate potentially seismic regulatory changes - each of which has the potential to complicate business practices and add to the cost and complexity of compliance.
How should clients prepare to react to these changes?
It’s a top-down approach that all comes down to compliance. A culture of compliance is no longer a lofty goal or a cliché; it is now a regulatory expectation. There needs to be a robust compliance program, actual implementation, and accountability. Clients should be prepared and able to effectively manage the SEC examinations. Managers need to take time to understand regulatory priorities and expectations before an exam.
What is the current regulatory regime's appetite for outsourcing the compliance function?
There is no requirement for firms to employ a full-time person to service compliance. However, the worries about outsourcing certain functions, particularly the compliance officer function, may lead to weakened compliance culture. The opportunity of outsourcing creates a gap between the compliance function and the operations, decision makers and day-to-day activities. Outsourcing can be effective and sufficient, but management needs to resist setting it and forgetting it.
In honor of October being National Cyber Security Awareness Month, we’ll be bringing helpful articles on a range of topics starting with this one on understanding malware.
We’re also debuting our first interactive game, FreEze!, where your challenge is to hit malware before it hits you (à la Space Invaders). Play the game below or keep reading for more on malware -- or do both!
Play FreEze and be a Malware Fighter
In Part Three of our Risk Outlook Webinar Series, Michael Corcione, Managing Director of Cordium, spoke about compliance and cybersecurity trends in the investment industry. Although cybersecurity risks and struggles can vary from firm to firm, it is important to address a number of key areas.
Continue reading for quick takeaways or scroll down to watch the 30 minute video replay.
Good security can be achieved as firms move from reactive to proactive strategies. Firms usually start with the goal of checking the box for regulators, but they need to get beyond the 'check-the-box' exercises and test controls. The SEC’s 2015 cybersecurity guidance update provided more specific insights on cybersecurity focus areas for investment firms - governance and risk assessments, training and awareness, incident response, data loss prevention, access rights controls, and vendor risk management. Hedge funds and investment firms should use this as a framework, understand how they have addressed these areas and where they need to improve.
A good cybersecurity program starts with the leadership team, and they need to set the tone from the top down. This way everybody understands the impact of risk and its effects on the firm. Leaders should acknowledge risk, understand risk, and lead ongoing discussions firm-wide.
During Part 2 of our Risk Outlook Webinar Series we spoke with Eze Castle Integration Director Dan Long about how investment firms should address evolving cybersecurity risks, third party service provider oversight and employee training and education. Many of the points Dan addressed highlight questions hedge funds and private equity firms should be asking themselves.
Read on or scroll to the bottom to watch the full, 30-minute replay.
What is our commitment to cybersecurity and what is our outlook on the future?
Regulators and investors continue to ask more questions about cybersecurity because they want to know that firms are effectively mitigating risk. To meet these growing expectations, firms must demonstrate that you take cybersecurity risk seriously and have implemented sound systems, policies and procedures to combat those risks. As the threat landscape and technology continue to evolve, investment management firms need to evolve accordingly and develop better ways to counteract threats. Firms don’t necessarily need to implement every available security technology, but they should be keenly aware of their options and have a plan to effectively mitigate as much risk as possible.
How are we addressing third party risk and oversight?
Investment management firms often rely on third party vendors to obtain functionality or capabilities that they need, want or can’t afford to produce on their own. But moving functions out of the firm's control can present challenges. With any outsourced function, the firm inherently takes on additional risks at the hands of the third party. But it's critical for investment managers to limit those risks through sufficient due diligence. To combat vendor risk, financial firms need to maintain strict oversight of all third party relationships and investigate security practices and protocols, particularly for those vendors who have access to the firm's confidential information. An outsourced vendor should be providing the same level of security (or better!) as your firm would if the function was under in-house control.