Competition for investments is fierce across the alternatives industry, so what makes a fund stand out and what role does operational due diligence play in winning institutional assets? During a recent webinar, we invited Boris Onefater, Founder and Managing Partner at Constellation Advisers, to examine how alternative investment firms can leverage the ODD process to stand out from their peers. Below are a few key questions and answers from the conversation (paraphrased, of course). You can also watch the full webinar at the bottom of this article or by clicking here.
How has due diligence evolved over the years?
Due diligence has evolved significantly over the last 20-25 years. Prior to 1992, most of the focus was on investment due diligence. Starting around 2005, due diligence began to evolve on a fundamental level and verification and validation of service providers became a normal and accepted practice. Post-2008, the ODD pendulum really started to swing, particularly as firms began to rely more heavily on third parties.
The following article was written and contributed by James E. Grand, Esq. of The Securities Law Group, a specialized boutique law firm dedicated exclusively to representing investment advisers.
We are often asked by advisers who are switching firms whether they can use in their own performance presentation or the predecessor firm’s performance record at their new firm. There are two separate questions here: First; if Jill Doe moves from one firm to another, can Jill use her own performance record while she worked at the old firm in the new firm’s advertising? Second, can Jill use the old firm’s overall performance record in the new firm’s advertising?
A number of SEC staff no-action letters address these questions. These no-action letters generally take the position that an advertisement that includes prior performance of accounts managed by advisors at their prior place of employment will not, in and of itself, be deemed to be misleading so long as:
1. The advertisement is consistent with SEC staff interpretations with respect to the advertisement of performance results.
2. All accounts that were managed in a substantially similar manner are advertised unless the exclusion of any account would not result in materially higher performance. For example, in one case we know of the SEC allowed a newly registered adviser solely owned by an employee to use performance data of several accounts managed by the employee prior to registration. In other words, Jill could advertise the performance of some but not all of her prior client accounts so long as such performance is not materially higher than her accounts’ overall performance.
3. The accounts managed at the old firm are so similar to the accounts currently under management at the new firm that the performance record would provide relevant information to prospective clients.
4. The person(s) managing accounts at the new firm are also those primarily responsible for achieving the prior performance results at old firm. In other words, the individual(s) primarily responsible for achieving the prior performance results must also be the individual(s) primarily responsible for the accounts at the new firm. To put in another way, it would be misleading for an adviser to advertise the performance results of accounts managed at her prior place of employment when she was one of several persons responsible for selecting the securities for the adviser’s clients. The question is whether she was actually responsible for making investment decisions without the need for consensus from other advisers (e.g., an investment committee, etc.).
5. The advertisement includes all relevant disclosures, including that the performance results were from accounts managed at another firm.
Earlier this week Delta Airlines suffered a major system outage that resulted in more than 740 flight cancellations and thousands of flight delays.
Delta’s Chief Operating Officer Gil West explained that “Monday morning a critical power control module at [Delta’s] Technology Command Center malfunctioned, causing a surge to the transformer and a loss of power. The universal power was stabilized and power was restored quickly. But when this happened, critical systems and network equipment didn’t switch over to backups. Other systems did. [As a result, Delta saw] instability in these systems.”
As with any major “uh oh” moment, there are lessons that can be learned. So let’s take a look at what hedge funds can learn from Delta’s IT mishap.
1. Outdated technology can hurt in a big way. Airlines are saddled with legacy IT systems, complicated by mergers and acquisitions requiring complex integrations. Unlike airlines however, most asset management firms are not relying on technology from 80s or 90s. But that doesn’t give firms a pass when it comes to staying current with technology.
Outdated IT systems insert instability into a firm’s operations and provide holes for cyber hackers to exploit. The reality is that outdated systems will only continue to fall behind in the race of technology, trouble shooting will take longer, future applications will fail to run, or crash the server altogether, and the cost to migrate increases concurrently as the pool of experts shrinks.
2. You can’t ignore the IT industry’s transition to cloud computing. As noted in a ZDNet article, “the big question is why in 2016 airlines are being brought down by single points of failure when cloud services offer resiliency zones, backup options, and redundancy to keep critical systems running.”
Enterprise-grade clouds deliver significant resiliency in both the hardware and data centers, with cloud infrastructures spanning geographically diverse facilities. Beyond hardware, top tier cloud providers (Eze!) have teams of senior engineers managing and monitoring the infrastructure. Additionally systems are upgraded on a regular frequency.
In the investment management industry, it is common to hear investors state they are more comfortable with fund managers utilizing a private cloud rather than keeping IT on premise. At larger funds, the prevalence of cloud-based solutions provides Chief Technology Officers (CTOs) the opportunity to execute more strategic technology initiatives and focus on risk mitigation.
To help emerging hedge fund managers we are running a 6-week Hedge Fund Launch Webinar Series. This week we were joined by Frank Napolitani, Director, Financial Services at EisnerAmper. During the 30-minute interview, Frank shared insights on the benefits of outsourcing to service providers as well as advice on how to conduct proper due diligence on front, middle, and back office operations.
The Learning Curve
“There is a learning curve to get your hands around what it takes to run a business,” Frank began. Often, he said, a portfolio manager that has left a larger hedge fund complex or investment bank knows perfectly how to run a book, but has little knowledge about how to run a business. The smartest managers, Frank said, are the ones who “sit back, listen, and consult a number of different service providers in the space before moving forward.”
He went on to note that the operational due diligence (ODD) industry has grown dramatically post-Madoff. While a manager’s pedigree, investment process, and performance used to take precedence, it is now front, middle, and back office operations plus legal compliance that are most important.
Frank warned: “Keep everything up to date.” Sophisticated investors will follow up quarterly, twice a year, or annually. Because they collaborate with many ODD teams, research teams will immediately have a feel for what is right and what is wrong with a manager from a front, middle, and back office perspective. “They won’t waste too much time on someone they won’t seriously invest in,” Frank concluded.
Today’s the day.
The National Futures Association ("NFA") Interpretive Notice Regarding Information Systems Security Programs goes into effect. The NFA's Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 entitled Information Systems Security Programs requires Member firms to adopt and enforce written policies and procedures to secure customer data and access to their electronic systems.
The Cybersecurity Interpretive Notice applies to all membership categories--futures commission merchants, swap dealers, major swap participants, introducing brokers, forex dealer members, commodity pool operators and commodity trading advisors.
Rather than taking a ‘one-size-fits-all approach,’ the Cybersecurity Interpretive Notice adopts a principles-based risk approach to allow Member firms some degree of flexibility in determining what constitutes "diligent supervision," given the differences in Members' size and complexity of operations, customer types and counterparties.
But whatever approach is taken, the Cybersecurity Interpretive Notice requires Members to adopt and enforce an information systems security program (ISSP) appropriate to its circumstances.
Information Systems Security Program Key Areas
Similar to the SEC’s expectations, the Cybersecurity Interpretive Notice requires a written information security program to contain:
A security and risk analysis;
A description of the safeguards against identified system threats and vulnerabilities;
The process used to evaluate a security incident, including impact and incident response; and
Description of ongoing education and training related to information systems security for employees.Executive-level participation and annual review of the information security program is expected. Additionally, firms must provide employees training during the onboarding processes as well as periodically during employment.
Happy New Year! Here at Hedge IT, we’re looking forward to sharing more educational articles with you in 2016, but before we do, let’s take a look back at our readers’ favorite articles from last year.
Cybersecurity Regulations Take Center Stage
The Securities and Exchange Commission took major strides to regulate investment firm cybersecurity practices in 2015, with the release of multiple guidance updates (Click for the September 2015 update). At a high level, the SEC has identified the following six areas as paramount for investment firms to demonstrate preparedness:
In December 2015, we participated in a Wells Fargo Prime Services cybersecurity event and the panelists outlined everything your hedge fund needs to know about the SEC’s security expectations. Read “SEC Cybersecurity Checklist: 6 Areas Your Hedge Fund Better Have Covered” for the full scoop.
Earlier this week we presented at a Wells Fargo Prime Services breakfast briefing on cybersecurity. During the discussion, Stuart Levi of Skadden reminded attendees that the SEC has clearly defined (and communicated) its cybersecurity expectations. He recapped the following six areas advisers must have covered to demonstrate preparedness to regulators.
1. Risk Assessments
4. Access Control
5. Vendor Management
6. Information Sharing
Here's Eze Castle Integration's take on these focus areas:
#1 Risk Assessments
The April 2015 SEC Cybersecurity Guidance Update goes deeper into risk assessments expectations. Here are some key cyber risk assessment takeaways:
Define what confidential data is and determine how it's protected.
You must also understand where your data is located, how it is collected and who and what technology systems have access to it.
Registered investment advisers should have a clear understanding of the threat landscape, including potential internal and external risks as well as unique vulnerabilities specific to the firm. Evaluate a variety of potential scenarios as well as their likelihood to occur.
Once firms understand the risks facing their organization, they must conduct assessments of the existing controls and processes to ensure they account for the risk landscape and put the appropriate safeguards in place.
Be sure to understand the potential impacts of various cyber risk scenarios and outline specific protocols for incident response and quick resolution. The impact of cybersecurity incidents can range from financial to technological to reputational.
Finally, testing and assessing the governance structure, including administrative and technical safeguards, is key to ensuring effectiveness.
Gone are the days of management simply outsourcing responsibility to third-party experts and trusting them blindly. Telling the SEC, “we hired the best security consultant,” won’t cut it. Today management must understand their firm’s security posture and be able to outline the safeguards that are in place to minimize risk.
Additionally, management must instill the importance of security preparedness in all employees by making it a top-down priority.
A new year, which is just around the corner, brings us endless opportunities to improve. So here’s a list of the top 4 IT resolutions that will help keep your hedge fund safe and sound in 2016.
Effective hedge fund marketing strategies and materials allow firms to capitalize on new opportunities and stand-out from the crowd. However, crafting a unique story that reaches and motivates investors is challenging.
Today I moderated a webinar with speakers from Ovis Creative and Ledgex Systems looking at the current marketing landscape, marketing pitchbook best practices and the role of a hedge fund CRM platform.
Below you can watch the whole webinar or download the slides HERE.
To pique your interest, here is expert advice from Ovis Creative’s Creative Director, Lauren Colonna, about hedge fund pitch book best practices:
Don’t go overboard on the content. Create a cohesive but succinct story (total of 20 to 30 pages)
Focus on key pages with greatest opportunity for impact
Avoid overused terms; remember if a concept or phrase sounds generic to you... they are even more so to an investor who has heard the same theme over 1000 times
Maintain a consistent style, voice and tone (reflective of your pitch); Employ perfect grammar, succinctness, clarity and a consistent message
Use bulleted form rather than full text paragraphs; Consider a call out/side bar to enforce a key takeawayShe also covers what’s in a pitchbook, the role of a website and much more.
The following article is part of our Hedge Fund Insiders Article Series and was contributed by Eze Castle Integration (us!). Read more articles from the Series HERE.
Technology was historically an afterthought for many hedge funds and a “check-the-box” item at that. Many firms took the approach that they could get away with the bare minimum on the technology front, often overlooking the reality that technology today is a critical component to a hedge fund’s daily operations.
Today’s hedge funds are generally embracing the role technology plays in investment management operations. In fact, in today’s competitive landscape and with investors expecting more than ever from funds, technology has really emerged as a competitive differentiator and an asset that can help grow a firm’s business.
2015, specifically, has posed its challenges for hedge funds and investment firms, as the Securities and Exchange Commission (SEC) and the investor community as a whole have highlighted cybersecurity as one of the most critical areas of focus. Beyond security, hedge fund startups continue to face challenges as they look to keep pace with their established competitors and make their own impression on the marketplace. From a technology standpoint, we’ve identified three top priorities for hedge funds and investment management firms looking to find startup success.
Categorized under: Hedge Fund Insiders