Last month our friends at eSentire published a Cloud Security Checklist to provide hedge funds and alternative investment firms a guide when evaluating a cloud provider such as Eze Castle Integration. The Checklist asked the question, “How can you know if your Cloud Service Provider has your best risk management interests in mind?”
Since here at Eze Castle Integration we are big proponents of secure cloud computing, we thought we’d be the first cloud service provider (that we know of!) to complete eSentire’s checklist.
1.0 Physical Security: Does the cloud provider have a rigorous physical access protocol?
Yes, yes and yes. Eze Castle has detailed Access Control and Premise Access policies that extend from physical to virtual environments. Following are some of the key physical access control protocols we have in place:
24x7x365 manned lobby with visual verification of identity
Two-phase authentication of visitors (card and biometric)
Secured access at all entry points, including doors and elevator banks
Monitored security cameras as well as door, motion and camera sensors
Visitor logs closely monitored and escorts required at all times
Key-locked cages and cabinets at all data center facilities
Stricter regulations and calls from investors for greater transparency are leading hedge fund managers to up their game and enhance their technology infrastructures to become more operationally efficient.
The growing regulatory environment -- Dodd-Frank and the Alternative Investment Fund Managers Directive Level 2 (AIFMD) -- is pushing more and more hedge funds to consider adopting cloud computing as the operational burdens around reporting and transparency continue to grow. To refresh, in April 2009, the European Commission proposed a Directive on Alternative Investment Fund Managers (AIFMs) with the objective of creating a comprehensive and effective regulatory and supervisory framework for AIFMs at the European level. The proposed Directive was aimed at providing harmonised regulatory standards for all AIFMs within scope. ESMA was requested by the Commission to provide technical advice on the implementing measures of the AIFMD (Level 2).
Regulators and investors have played a significant role in the way the alternative investment industry behaves, in return influencing the evolution of technology. Regulatory change and due diligence are the largest drivers of change in the hedge fund space. Even if the changes proposed in your organisation are not regulatory driven in nature, hedge funds need to ensure that internal operations or outsourcing projects are organised is such a way that their output will easily satisfy both existing and future legislative requirements.
Categorized under: Cloud Computing
Hurricane Sandy created a path of devastation, disrupted countless lives and businesses, and taught us many lessons. Over the last week, here at Eze Castle Integration we have reflected on what we learned now that the lives of our employees and clients are slowly getting back to “normal.”
Communicate Openly & Often.
With Hurricane Sandy we had the “luxury” of knowing the storm was approaching, however, that isn’t always the case. Companies must have a communication plan that can be quickly initiated should an unforeseen disaster occur. We encourage clients to look into Automated Messaging Systems that allow notifications to be sent to all employees or clients simultaneously across multiple devices (i.e. home phone, work phone, cell phone, email).
Categorized under: Business Continuity Planning
Last week, we revealed the results of our 2012 Hedge Fund Operations & Technology Benchmark Study, which surveyed over 300 buy-side firms about their front, middle and back office technology and vendor preferences. This year’s findings underscore the need for investment firms to employ robust systems to support trading operations and meeting increasing regulatory and investor demands.
Below is a summary, but you can download the full report here.
Within the financial services industry, Eze Castle surveyed 320 firms including hedge funds (61%), investment managers or investment banks (12%), private equity firms (7%), fund of hedge funds (4%), broker/dealers (2%), and venture capital firms (1%). Additional firms included in an ‘Other’ category include family office, legal, real estate, endowment, quant, biotech and insurance brokerage.
Firms surveyed fell into three asset classes: 30 percent reported their AUM as $100 million and under; 32 percent fell between $101 and $500 million; and 38 percent reported over $500 million in assets under management.
Earlier this year we conducted a survey looking at adoption of cloud services within the investment management industry. One question looked at barriers to adoption of cloud services. We found that 62 percent of those surveyed said a significant “barrier” to cloud deployment was that their investors and/or clients are not receptive to the idea of cloud computing. However, nearly a quarter of firms surveyed (23%) said this factor was not very significant or not significant at all. Education continues to play an important role here, and both investment firms and investors seem to be more open to the cloud than in years past. We expect this trend to continue as cloud services become mainstream.
Categorized under: Cloud Computing
Public cloud tools and free file sharing services are wholly owned and managed by third-party providers. Because infrastructure costs are spread across all users who are employing the service, each individual client is able to operate at a low cost. Public cloud tools are typically larger in scale than private enterprise clouds, which provide users with seamless, on-demand scalability.
These factors may seem to support the belief that public clouds and free file sharing services would suffice for a business’s basic infrastructure and file sharing needs. However, upon closer examination, it is clear that there are a number of areas in which these tools fall drastically short of meeting the crucial business needs of investment management firms.
Today there is no excuse for a hedge fund not to have a disaster recovery plan in place. Both investors and regulators have raised their expectations and want to be sure that appropriate safeguards are in place.
Private cloud solutions are ideally suited to meet a hedge fund’s requirements for backup storage and disaster recovery (DR) solutions. Additionally, the growing acceptance of cloud-based services has driven down the costs substantially, making these solutions highly economical for funds of all sizes.
While business continuity planning (BCP) focuses on the people and processes needed to keep a hedge fund or investment firm in business – such as selecting a backup work site for staffers in an emergency – DR solutions emphasize the technology necessary to support a firm’s operations. In both areas, firms need to understand their operational processes and specific risk landscapes.
On Tuesday, we began our webinar recap by looking at Form PF requirements and recommendations and other essentials for maintaining an effective compliance program. The second half of our webinar focused on technology compliance, specifically around message archiving, email security and mobile device management. Let’s take a closer look at some of the content that was covered. If video is more your style, you can watch a replay of the webinar here.
Record Retention & Message Archiving
The SEC currently requires investment advisers to retain all internal and external electronic business communications. Rule 204-2 mentions the following specific measures:
In order to meet the requirements of the SEC, firms must retain and archive more than just email. Instant messages, Bloomberg and Thomson Reuters messages and other electronic communications are also considered required archival material.
Is your firm registered with the SEC? Do you manage one or more private funds with assets of at least $150 million? If you said yes to these questions, then you have some homework to do. Under SEC regulations, your firm is required to file Form PF.
During a recent webinar, we asked ACA Compliance Group to talk us through the requirements and recommendations for filing Form PF as well as some additional compliance program recommendations. Below is a short recap of ACA’s presentation. To listen to the full replay of our event, click here.
Form PF: Requirements & Recommendations
Depending on your firm’s fund type and assets under management (AUM), the deadline for your Form PF filing may be sooner rather than later. Larger funds - including hedge fund managers, liquidity managers and private equity managers - will need to file sooner, while the majority of registered investment advisers won’t need to file until early next year.
Anytime I write a self-promotional (i.e. Eze Castle Integration-focused) article on Hedge IT I feel the need to add the caveat that we try really hard to make all our articles educational. However, sometimes pride gets in the way and we have to share with you our proudest accomplishments.
To that end, today’s post is going to be focused on blowing our own horn about the award-winning streak the company has been on. These awards are a direct reflection of our amazing employees.
Proud moment #1: Winning the Help Desk Institute Team Excellence Award for External Support. This award recognized our world-class help desk organization for their outstanding client support. In winning this award, we joined a very elite group that includes Dell Perot Systems, EDS and Novell as previous winners. Anyone who has dialed into our help desk knows our team is truly deserving of this award.
Categorized under: Eze Castle Milestones