Hedge Fund Technology Tips for New Startups, Part 2

By Kaleigh Alessandro | Tuesday, February 23rd, 2016

The following is the second excerpt from our new whitepaper, Launching a Hedge Fund: 10 Keys to Success. To read part one, click here.

Develop an IT budget for your first 2-3 years.

Operating capital may be limited in the first few years after your launch, so careful budgeting and long range planning will serve your firm well. Your information technology budget should include priorities and figures for at least two to three years, including infrastructure/hardware and software requirements. Some questions you’ll want to consider:

How many offices are you launching with? Do you plan to open additional offices in the near future?
How many users do you have on day one? How many can you expect to have in years 2 and 3?
Where are your offices located? Are there cost differences between domestic and international offices?
What are your trading practices and how does this impact your budget?
What kinds of systems do you need? (Order Management, Portfolio Accounting, Risk Management, CRM, etc.)

Ensure your technology budget coincides with your firm’s growth plan. Do you expect to grow quickly? Open new offices? Expand internationally? You will need to account for these changes.

Understand hedge fund regulations and how they affect your firm.

Governmental oversight of the financial industry has evolved dramatically in the last decade. Hedge funds, private equity firms and registered investment advisers now operate in a world where they are beholden to regulatory bodies with growing expectations and requirements. When launching your hedge fund, you’ll need to be clear up front with any responsibilities you may have to any applicable agencies – in the United States, that means the Securities and Exchange Commission (SEC). Are you required to register? If so, represent your firm accurately and be descriptive of your operations. If not forthcoming, you may open up your firm to serious regulatory and criminal prosecution.

Apart from registration, you should also determine if there are any legislative implications for your new firm. The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, which redefined the registration requirements for hedge funds, also set forth new reporting requirements and standards for safeguards. For example, system safeguards such as data protection, disaster recovery measures and email archiving are requirements under Dodd-Frank.

Since 2014, cybersecurity preparedness is also a critical area of focus for regulatory bodies. With the prevalence of cyber threats and attacks, the SEC’s Office of Compliance and Examinations (OCIE) has incorporated cybersecurity into its examination targets. Having released two extensive questionnaires and several risk alerts focused on security, the SEC has made it clear to investment firms that they will be investigating the practices employed at firms and increasing expectations for the future. Regardless of the assets your firm is launching with, you will be expected to have sophisticated and comprehensive policies and procedures in place from day one to combat cyber threats. Be sure to enable your firm’s processes to comply with SEC recommendations including risk assessments, infrastructure practices, policy documentation, etc.

Remember that when it comes to technology, you have options.

It wasn’t too long ago that a new hedge fund faced a significant technology hardship: investing in hardware and building out an expensive and complicated Communications Room. Fortunately, times have changed. Startups have a variety of options when it comes to settling on their technology infrastructure. With the birth of cloud technology, firms can save on upfront capital expenditures and host their infrastructure in the cloud – providing flexibility within those startup budgets.

Cloud services offer more flexibility than traditional infrastructure models and, beyond cost-savings, can reap rewards for new launches. Firms can add users nearly instantly – a welcome benefit for startups looking to ramp up quickly. Users can gain access to email, file services and applications from virtually anywhere, and built-in disaster recovery provides confidence that everything is protected from the inside out.

Of course, one of the greatest benefits to using an outsourced cloud service is professional management and monitoring. As a new firm, your priority is on the investment side of the business, as it should be. And while it’s imperative to build a strong operational fortress, working with trusted service providers means you don’t have to sweat the small stuff. A reputable cloud services provider not only provides world-class infrastructure and resiliency; it also assumes responsibility for the management and daily maintenance of your cloud environment. If you don’t want to staff an IT department, no need. Your cloud services provider should act as your trusted technology adviser and, as such, give you the flexibility and time you need to focus on your investment priorities without worrying about security updates and patch controls.

Implement safeguards to protect your firm and investor assets.

Today’s new startups are entering an environment riddled with challenges. Among them is the perpetual objective of mitigating operational risk. As already mentioned, the SEC – and other regulators including FINRA and the FCA – are monitoring firms closely and conducting examinations focused on cybersecurity preparedness. Investors also have high expectations, and before they will even consider allocating money to your firm, they want to understand what protections you’ve put in place to protect their assets. With hackers savvier than ever and financial firms as known targets, it’s critical that firms establish a comprehensive approach to security to not only meet investor and regulatory demands but also to protect firm assets and mitigate business risk.

To start, you should understand your firm’s specific risks and exposures. After assessing your technology safeguards, you should be able to identify gaps.

Has your firm implemented intrusion detection and prevention systems?
Do you have robust firewalls in place?
Are you planning to conduct regular vulnerability testing?

Beyond infrastructure safeguards, it is critical that firms implement policies and procedures to protect firm and client assets. Your hedge fund should employ Access Control, Incident Response and Personal Information Security policies (among others) to ensure sensitive and confidential data and systems are not compromised by internal or external security threats.

Lastly, as you launch your firm, make it clear that security is a priority. You can do this by conducting employee awareness training to keep all users informed and educated about the cyber environment and the threats that may arise. Users should understand how security threats may present themselves (phishing schemes, social engineering, etc.) as well as how they can become cybersecurity assets to your firm.