For Financial Firms, 'Set IT and Forget IT" Is Not an Effective Technology Strategy
We spend a lot of time making suggestions and recommendations about what financial and investment firms should do when it comes to their technology. And while it might sometimes seem obvious, we also think it wise to remind firms what not to do from time to time. In fact, the following technology pitfalls are prime examples of what not to do with respect to your firm’s IT.
Set IT and forget IT.
Technology isn’t evergreen, and it certainly isn’t infallible. With so many investment firms today reliant on managed service providers to support their IT operations, vendor management has become a critical area of importance. IT outsourcing provides great opportunity for firms to rely on experts to manage infrastructure updates, maintenance windows and network upgrades, but the onus remains on your firm to ensure your technology is up-to-snuff and meets not only your demands but those of investors and regulators as well. A “set IT and forget IT” strategy won’t work here; even via outsourcing, your IT management responsibilities fall on you.
Plan your infrastructure only for the short-term.
A crucial mistake often made by funds is not planning for the future. From the earliest pre-launch meeting, you should be thinking about what your firm will look like and what technology you will require down the road. Planning out two to three years in advance is recommended in order to reap the most benefits with regard to your infrastructure. Plus, if you don’t plan ahead, you may wind up incurring more costs and dealing with a much bigger headache if technology decisions need to be made unexpectedly (e.g. cloud and data migration).
Ignore the importance of a business continuity plan.
It has become commonplace for financial firms to employ disaster recovery strategies to protect mission-critical data and applications, both to satisfy regulator and investor expectations and to mitigate threats posed by unexpected disruptions (e.g. natural disasters, local terror threats, onsite issues, etc.). But firms often overlook the equally important business continuity plan, which provides guidelines for what employees need to do in the event of a disaster. Yes, focusing on your infrastructure is essential to keeping your business afloat, but that business also cannot survive without its employees. Don’t forget to test that BCP plan once you’ve developed it – a good plan will only work if employees know how to follow it.
Skimp on security.
This one is a no-brainer, right? There are times when firms think it’s okay to cut back on security, or they easily dismiss the idea that their business could ever be subject to a cyber-attack. Hackers have become incredibly sophisticated in recent years, and financial services firms are high on their list for targets. It’s critical for firms to invest in robust infrastructure and advanced cybersecurity protections (e.g. managed phishing, active threat protection and monitoring, targeted attack protection, etc.) to ensure they do not become victims, whether due to unauthorized intrusion, system corruption, email fraud or worse.
Fail to comply with industry regulations.
Regardless of whose jurisdiction your firm falls under, it’s essential you take the appropriate steps to ensure you meet all necessary regulatory directives. Whether it’s system safeguards and cybersecurity plans recommended by the SEC or increased transparency requirements as a result of AIFMD, you can bet there’s some type of legislative requirement your firm is responsible for meeting. Can these regulatory bodies keep tabs on all financial and investment firms? Maybe not. But if the day comes when you receive an audit notice, you don’t want to be the firm who’s noncompliant.
Be opposed to change.
Just like the investment industry, technology is constantly evolving. Just a few years ago, firms were building out large Comm. Rooms to store massive servers and other equipment. That practice is fading today as firms rely on the cloud to meet their technology needs without unnecessary hardware purchases. And even within the cloud space itself, we’re seeing increased interest in hybrid solutions born of continuous technology innovation. Remember that just because you’ve always done something one way, it doesn’t mean it’s the only way. Be open to adapting with the changing industry and learning about new technologies and IT strategies.
Read more on IT outsourcing and vendor risk management:
Five Steps to Effectively Managing Third-Party Service Provider Risk
How Today's Private Equity Firms are Managing and Mitigating Risk
Editor’s Note: This article has been updated for freshness and was first published in June 2013.