Below is an excerpt from our whitepaper, Is Hybrid Cloud Right For Your Firm?. If video is more your style, scroll to the bottom and watch our 30-minute webcast on hybrid cloud considerations for financial and investment firms.
With its security, privacy, and performance, the private cloud has been the go-to option for financial and investment firms that require enterprise-caliber IT infrastructure. In most cases, that private cloud is professionally managed by a service provider solely focused on monitoring, managing, and maintaining that infrastructure to meet business requirements and compliance directives. Thus, firms benefit from seasoned, industry-experienced professionals who live and breathe financial IT.
For many firms, so-called public cloud infrastructures offer compelling opportunities and advantages. For many smaller and younger firms in particular, the flexibility and ease of deployment are persuasive drivers. What’s more, the initial costs appear to be lower for certain feature sets (although an analysis of the total cost of ownership indicates that advantage is less clear-cut).
Hybrid Cloud: Bringing Them Together
Fortunately, investment firms needn’t take an “either/or” approach to their IT infrastructures. With a hybrid cloud approach that combines many of the most compelling features of public and private clouds, firms can leverage a uniquely flexible platform that meets a broad range of needs.
Which Cloud Has the Edge?
The decision regarding your IT infrastructure has significant implications on the ability of your investment firm to gain and maintain a competitive advantage. As you weigh your options – public, private or hybrid – it can be beneficial to consider the following aspects of cloud architectures and weigh their importance as unique to your individual firm.
We spend a lot of time making suggestions and recommendations about what financial and investment firms should do when it comes to their technology. And while it might sometimes seem obvious, we also think it wise to remind firms what not to do from time to time. In fact, the following technology pitfalls are prime examples of what not to do with respect to your firm’s IT.
Set IT and forget IT.
Technology isn’t evergreen, and it certainly isn’t infallible. With so many investment firms today reliant on managed service providers to support their IT operations, vendor management has become a critical area of importance. IT outsourcing provides great opportunity for firms to rely on experts to manage infrastructure updates, maintenance windows and network upgrades, but the onus remains on your firm to ensure your technology is up-to-snuff and meets not only your demands but those of investors and regulators as well. A “set IT and forget IT” strategy won’t work here; even via outsourcing, your IT management responsibilities fall on you.
Plan your infrastructure only for the short-term.
A crucial mistake often made by funds is not planning for the future. From the earliest pre-launch meeting, you should be thinking about what your firm will look like and what technology you will require down the road. Planning out two to three years in advance is recommended in order to reap the most benefits with regard to your infrastructure. Plus, if you don’t plan ahead, you may wind up incurring more costs and dealing with a much bigger headache if technology decisions need to be made unexpectedly (e.g. cloud and data migration).
Categorized under: Hedge Fund Operations Cloud Computing Security Operational Due Diligence Outsourcing Disaster Recovery Hedge Fund Regulation Infrastructure Business Continuity Planning Trends We're Seeing
As your firm evaluates moving to the cloud – as most firms today will inevitably do – your list of priorities will likely include:
Regulatory and investor impact
Migration plans and operational effects
Hardware disposal and infrastructure changes
But another critical business area your firm should put some thought into is the effect of the cloud movement on your internal IT department (assuming you have one). What exactly happens to a firm’s IT team once it moves operations into a cloud environment? Is there still value in maintaining an in-house staff?
The simple answer is ‘yes,’ but the day-to-day responsibilities for those staffers may not look quite the same post-cloud. Outsourcing to the cloud continues to grow in popularity among firms small and large. With a fully managed service provider, everyday management is typically taken care of – leaving internal resources with a lot more time on their hands. But that doesn’t mean there’s no longer a need for an IT department. And it certainly doesn’t mean IT managers should be left to twiddle their thumbs.
In fact, according to our Private Equity CTO Survey, 93 percent of firms believe their Chief Technology Officer is becoming more important to their business. As the role of the CTO evolves, particularly in light of cloud adoption, many firms expect their CTOs/IT Directors to take on additional responsibilities.
In today’s market, the pressure from both investors and regulators is at a steady incline. Reporting obligations have grown complex, transparency is in high demand and compliance technology has become a vital component to a firm’s success. With various demands tug-o-warring hedge fund managers in multiple directions, a Client Relationship Management (CRM) platform could be the solution your financial firm has been searching for.
That is why firms are increasingly adopting Ledgex CRM, the revolutionary, stand-alone Client Relationship Management solution offered by our sister company, Ledgex Systems. Ledgex CRM is ideal for managing and tracking investor communications, sales pipelines, client relationships and capital movements. The highly configurable, centralized platform is tailor-made for hedge funds, family offices and asset allocators.
The product offers the sophisticated Client Relationship Management capabilities necessary to raise and retain more assets, maintain and grow clients, provide outstanding client service and meet heightened reporting requirements. Out of the box, the web-based solution delivers efficiencies, transparency and flexibility without increasing headcount or costs. By streamlining investor relationship management and capital activity, Ledgex CRM enables managers to optimize their time and focus on fostering relations and growing business.
The following article originally appeared in HFMWeek's Cyber Compliance Focus.
It’s not enough to have strong security policies. And it’s not enough to have robust technologies in place to ward off cyber threats. In truth, it’s not even enough to have both of these.
An effective cybersecurity program, rather, can only be achieved through a consistent and comprehensive strategy that touches layers across the entirety of the organization – from perimeter security and access control to policy enforcement and employee training. Without each of these building blocks, the effectiveness of a cyber risk management program is crippled at best.
And today’s standards for cybersecurity are increasing rapidly.
When it comes to cybersecurity, the list of haves and have nots is constantly evolving due to the changing regulatory and threat landscape. In case you missed it, we hosted a webinar this week on Cybersecurity Basics for Asset Managers, during which we uncovered various elements within three primary cybersecurity layers: from Tier 0 (Basic Protection) to Tier 1 (Industry Standard) to Tier 2 (Advanced Protection).
How does your firm stack up when it comes to your cybersecurity practices? Watch the replay below and find out where you fit in.
Tier 0: We call this level Tier 0 in part because, well, there’s zero chance your firm will have long-term success in thwarting cyber risks if you don’t employ these basic security measures.
They say the more things change, the more they stay the same. Turns out it’s a pretty accurate assessment of the hedge fund industry then and now.
You see, back in 2011 we hosted a “State of the Hedge Fund Industry” event that yielded some interesting trends and perspectives, and we thought it might be fun to not only look back at those trends, but compare them to what we’re seeing in today’s industry – more than five years later.
Like I said: the more things change, the more they stay the same.
Hedge Fund Market Trends & Challenges
THEN (2011): It’s been an interesting year thus far for hedge funds and other alternative investment firms, as inflows have been high but performance low. In addition to performance challenges, hedge funds continue to deal with increased competition for investments, and thus asset-raising remains a hurdle for many funds – regardless of their size or strategy.
How much security protection is enough? That’s a tough question to answer and the catalyst behind our recently published whitepaper on selecting the right cybersecurity tier based on individual risk profiles (download it HERE). The paper outlines three common tiers including Tier 0 (the ‘must-have’ list) to Tier 2 (the ‘advanced’ list), however it only touches briefly on the human element of security.
The reality is that in today’s sophisticated cyber environment firms must go beyond physical or virtual firewalls firms and establish a ‘Human Firewall,’ because sometimes technology alone won’t stop some of the most damaging attacks. In many instances, employees are “holding the door open” to criminals or inadvertently “leaving the keys out.” At other times, disgruntled employees act with more malicious intent.
Building a ‘human firewall’ comes down to establishing a security-conscious workplace and culture where employees understand the risk landscape and know how to respond. So what goes into their ‘human firewall’? It has varying parts including policies, training, awareness and of course people(!).
Practical, User-Friendly Policies
Many firms create a 20+ page written information security plan that formalizes the definitions and policies that govern the creation, access, and deletion of confidential information and computing services. That can be everything from a definition of personally identifiable information (PII), a description of user access privileges and roles, or policies regarding data handling. What matters is that you’ve explicitly and unambiguously documented all aspects of your company’s at-risk assets and services.
While the plan should be comprehensive, firms should also avoid getting bogged down in “tech speak.” Employees need user-friendly policies that are straightforward to follow. For example, they want to know the implications of their actions (“If I read this on a mobile phone, am I creating a security vulnerability?” “What happens if I lose my mobile device?”).
2017 is already shaping up to be an interesting year. With a new presidential administration taking office and the hedge fund industry coming off the heels of a challenging year, there’s a lot to keep an eye on. We recently hosted a panel with law firm Morgan Lewis to discuss these and many other topics as part of our “2017 Outlook for Hedge Funds: Risk, Regulation and Technology” event.
Read on for some of our panel’s key takeaways.
2017 Regulatory Outlook
While little is known about how a Trump presidency will operate, there could be potential tax savings for managers depending on how the administration chooses to regulate Wall Street.
Firms should expect to see reforms with the Dodd-Frank Act and the Volcker Rule, which could add more competition into the marketplace if limits on bank investments are adjusted.
SEC Focus Areas
Top six areas of focus for the Securities & Exchange Commission will likely be: (1) expenses and fees, (2) trade allocation, (3) material non-public personal information, (4) valuation processes, (5) operating partners and due diligence, and (6) security, privacy, insider trading and business continuity.
Cybersecurity is not necessarily part of every SEC examination, however, the bar will continue to be raised in terms of preparations firms will need to employ.
In 2016, the SEC provided additional guidance on business continuity and transition plan requirements, highlighting the need for hedge fund and financial firms to maintain their fiduciary responsibility to their clients and investors.
Operational due diligence meetings have become impactful moments for hedge funds to impress both current and potential investors. Firms have the ability to answer questions, alleviate fears and market themselves in a one-on-one setting that affords more opportunity than a completed due diligence questionnaire and an up-to-date performance sheet.
But how can today’s hedge funds truly set themselves apart and impress investors during these ODD meetings? Here are five ways:
1. Demonstrate your knowledge of and commitment to regulatory compliance.
Increasing regulatory oversight of investment firms has been a consistent trend over the course of the last few years, and it can be a challenge for hedge funds to keep abreast of changing legislation and regulator expectations. Disclosure and reporting requirements under the Investment Advisers Act of 1940, record-keeping requirements under the Dodd-Frank Act, and growing cybersecurity recommendations as part of the SEC’s ongoing inquiry are just a few of the initiatives to keep track of. But demonstrating to investors that your firm has knowledge of these regulations and takes them seriously will serve you well.
Whether your firm is compliant to the SEC, FINRA, NFA, CFTC, FCA – phew! – or another regulatory body, it’s imperative that you take the time to fully understand your firm’s legislative requirements and, in writing, show investors your level of preparedness. For example, if you’re a registered investment adviser with the SEC, are you aware of the proposed rule that would require firms to implement business continuity and transition plans? Have you compiled a document that outlines the SEC’s 28 points identified in its cybersecurity risk alert? Coming to your next investor due diligence meetings with this knowledge and the appropriate documentation will demonstrate that you take regulatory compliance seriously and are equipped to comply with the necessary requirements facing your organization.