Joanne Kane, Chief Industry Operations Officer, Investment Company Institute.

Areas around cybersecurity and the merging threats are changing all the time, and more regulations are appearing in the area to help, says Joanne Kane, Chief Industry Operations Officer, Investment Company Institute (ICI).

In Clear Path Analysis’s recent report, Fund Technology, Data & Operations, North America 2022, industry leaders from companies including Capco, Lamar Associates, and Pzena Investment Management look at the best ways fund operators can protect themselves against global cyber threats and keep abreast of regulations.

"Any cyber security rule should be risk-based according to the size of the firm and multiple other factors. "

In April this year, the US Securities and Exchange Commission (SEC) issued a proposal for cyber programmes for asset managers, which included recordkeeping requirements for registered investment advisers and funds designed to enhance the Investment Advisers Act of 1940 and the Investment Company Act of 1940. According to SEC, the “proposed rules would require funds to adopt and implement written cybersecurity policies and procedures designed to address cybersecurity risks that could harm advisory clients and fund investors.” Kane said some of these proposals have been an issue of contention.

“Our initial concern was that the SEC would try to develop a one-size-fits-all type of rule proposal, which would be more difficult for smaller firms to implement,” she said. “We have always advocated against this type of structure and that any cyber security rule should be risk-based according to the size of the firm and multiple other factors. The SEC recognised this, which we commend them for.”

“Asset managers are probably getting attacked multiple times a second. There are concerns around the amount of reporting of this information, the timeliness of reporting, and what the SEC does with that information.”

Kane also shared her thoughts against the proposal for required notification of cyber breaches, saying that it would overburden those in the industry.

“This is the one piece that we don’t like. It would involve getting a lot of notifications,” she said. “Asset managers are probably getting attacked multiple times a second. There are concerns around the amount of reporting of this information, the timeliness of reporting, and what the SEC does with that information.”

Russia and cybersecurity attacks

One area that many are concerned about are the highly publicised attacks that are often thought to originate from Russia, which has become heightened since the invasion of Ukraine earlier this year.

“It isn’t a secret that Russia is good at hacking and cyber-attacks. Concerns around this has not manifested as of yet, which is surprising,” she said. “Our members have strong cyber programmes and exercise good cyber hygiene so now the biggest fear now is that they go after infrastructure, such as water systems, the electrical grid, or anything that is not as secure as a financial institution.”

Kane expanded upon praise for the industry modernising quickly and said the most critical way for fund operators to protect themselves was to invest in Artificial Intelligence (AI) and other technologies to monitor and mitigate cybersecurity attacks.

“Our members have very strong programmes and good cyber hygiene. Most hackers come in through a failed patch, which our members are on top of,” she explained. “We have a Chief Information Security Officer committee where we openly share threats, lessons learned, and best practices”

Moving staff remotely increases cyber risk, said Kane, and added that many of ICI’s members have had to change some of their protocols on the fly to deal with external hits including areas where firms are using AI and technology including AML and fraud.

"I really believe that operational technology can improve efficiencies and mitigate risks for multiple areas within asset management.”

In a recent survey, 25% of financial services workers who are now based at home reported an uptick in phishing/spam/fraudulent emails since the start of the pandemic 14% are concerned about cyber and data security while working from home.

“We have several members who are really deep into this. I really believe that operational technology can improve efficiencies and mitigate risks for multiple areas within asset management,” she said.

To read the interview in full, and see more from the report, please click here.

 

Please Sign In or Register to leave a Comment.