Follow Us

Follow us on Twitter  Follow us on LinkedIn
 

12 July 2017

Hedgeweek: Cybersecurity challenges for investment managers


The Cybersecurity phenomenon has completely changed the game in both the investment management industry and the broader financial services sector.

Attacks on fund managers, investment advisers and other fiduciaries ("Fund Managers") are increasing in frequency, sophistication and severity. And both the regulators and the investor community have been paying close attention. To responsibly manage Cybersecurity risk, Fund Managers need to, at minimum:

  • understand certain existing legal obligations and an evolving regulatory focus;
  • comprehend fundamental IT and technology principles;
  • monitor evolving threats, technologies and attack protocols;
  • appreciate its data use and information work flows; and
  • simultaneously manage its employees' training needs, its vendor controls and its investors' expectations. Align Cybersecurity" solves all of these challenges.

As it stands today, Cybersecurity law consists of a crazy quilt of federal, state and international laws and statutes, which are further complicated by additional industry-specific rules and best practices, together creating a body of jurisprudence that is disjointed and convoluted. Similarly, since early 2014, we've seen regulatory initiatives demonstrating that Cybersecurity is squarely in the crosshairs of investment management regulatory bodies, including the SEC. Examples include the SEC's recent "Cybersecurity Sweeps," its triaging Cybersecurity as a top regulatory priority for the last four years running and its recent enforcement actions activities, which have induced at least one seven-figure settlement. 

And yet the elements of constructing a model Cybersecurity Program remains unclear, leaving Fund Managers struggling to understand their legal, compliance and fiduciary obligations. 

"Clearly, ‘Cybersecurity Preparedness' is viewed by the regulators as both a core control and a minimum standard, yet one which they refuse to define," says John Araneo, managing director, Align Cybersecurity, and general counsel of Align. "The guidance provided to date has been largely principals-based, failing to provide a clear construct on precisely how to design an unimpeachable Cybersecurity Program. Unfortunately, in the absence of any bright line rules or black letter law espousing the required elements of a sound Cybersecurity Program, Fund Managers have been left scratching their heads on how to comply."

Full news



© Hedgeweek


< Next Previous >
Key
 Hover over the blue highlighted text to view the acronym meaning
Hover over these icons for more information



Add new comment