Don't Forget to Share this Post

Outsourcing in the Alternative Investment Management Industry: Navigating Cyber, Legal and Operational Risks + Webinar Replay

By Amisha Shah | Thursday, October 25th, 2018

Investment firms are increasingly drawn to outsourcing to manage complex technology and operational requirements. And, of course, with this evolution comes a range of considerations. In a recent webinar, Eze Castle Integration’s Executive Director, Dean Hill, and, Lawrence Brown, Information, Communications and Technology Partner at law firm Simmons & Simmons, explored the cyber, legal and operational risks for firms looking to outsource.

Below is a summary of the key points of discussion, as well as the full webinar replay.

The Current Outsourcing Landscape: What functions are being outsourced?

Infrastructure - Cloud adoption has grown at a steady rate, with more and more firms deploying various forms of the cloud. There has been a significant rise in alternative investment firms adopting the hybrid cloud platform, and we’re also seeing the public cloud platform emerge into this sector, as a cloud first strategy is widely adopted.

Applications – Financial services applications are increasingly being delivered in a Software-as-a-Service (SAAS) form, making it easier for firms with global offices to ensure connectivity across locations. 

Compliance Oversight – We’re coming into an era with more demands for compliance outsourcing, to cover the duties of key business roles such as chief information security officer, chief compliance officer and data protection officers, to manage data centres, third-party vendors and infrastructure as a whole.

Security – Firms continue to rely on cybersecurity experts as cyber-attacks become more sophisticated in their approach to extract confidential data or money, making it more difficult for firms to build the layers of security needed to keep up with this.

Outsourcing Middle- and Back-Office Functions

  • Cost Savings – Along with the bonus of resource augmentation that comes with outsourcing, the use of offshore locations for storing servers and infrastructure significantly reduces costs for firms.

  • Drawing on Supplier Expertise – It’s a great relief for firms looking to hand over the responsibility of their technology and infrastructure to a reliable third-party expert, trusting them to take care of all things IT on their behalf.

  • Economies of scale – Working with an established managed IT services provider enables firms to draw on economies of scale when it comes to IT spend, and use savings in other areas of the business.


  • Loss of Control – Control is a common concern for firms looking to outsource. This can be overcome with clear arrangements around levels and areas of control, prior to partnering.

  • Regulatory Focus on Outsourced Arrangements (FCA, EBA, etc.) – Regulators are increasingly highlighting the associated risks of working with suppliers, and provide guidance on how to do this in the most secure way.

  • Failure to Retain Expertise for Effective Oversight – Effective oversight ties in with control, so it is important to set and manage expectations right from the start of an outsourcing partnership.

  • The Need to Ensure a Smooth Exit at the End of the Term – Firms should be mindful that anything less than a smooth exit could lead to a disruption of services firms provide to their clients.

Structuring Outsourcing Agreements and Balancing Responsibilities

A clear and defined level of education is required from the vendor and client in order to structure a clear agreement. Additionally, firms are responsible for thorough due diligence to assess if a vendor is able to meet the regulatory requirements specific to their firm. When it comes to balancing responsibilities, firms also should take an active interest in third parties their vendor/aggregator uses as part of a solution provided to them. As the end user, it is important for firms to be familiar with any subcontractors they’re essentially partnering with. 

Managing the Critical Elements of Vendor Due Diligence

There are many elements to assess if a vendor is right fit for your firm, before outsourcing any business process or function. These include: 

  • Audit processes

  • Certifications

  • Subcontractors used

  • Vendor and subcontractor locations

  • History of service level compliance

  • History of cyber and personal data breaches

  • Business continuity and disaster recovery processes

  • Any cyber and data breach notification processes in place

Watch the webinar replay to listen in on the full discussion.

Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!