Craig Plane, Director, Unite Consulting.

Fund Operator: How are cyber security risks impacting operations teams at financial services firms?

Craig Plane: Cybersecurity challenges keep mounting and have become a focal point for investors and financial services firms.

While there are technical controls to prevent cyber attacks, the training element and awareness is crucial, as usually people are the weakest link.

Regulators are playing a role to raise cyber security standards.

"The regulators have gone a step further and conduct simulation cyber security test drills with selected fund managers."

In August, we saw the Monetary Authority of Singapore (MAS) issue a set of legally binding requirements to strengthen cyber resilience in the finance sector, covering a number of areas such as:

• robust security for IT systems
• deployment of security devices
• measures to mitigate the risk of malware infection
• strengthening access controls for critical systems used to access customer information.

If we also look at Malaysia, the regulators have gone a step further and conduct simulation cyber security test drills with selected fund managers.

FO: You want to have plenty of dry runs so that if the unwanted ever happens you will have the tools to handle it?

Craig: Yes, that is one component to ensure you know systems and controls are functioning effectively and teams know their roles and responsibilities if there is a crisis event.

It’s equally important to adopt a forward-looking approach, a typical audit looks at a firm’s compliance with policies and procedures, however ODD reviews take on a proactive approach to ensure not only are existing controls and the investment process sufficient but they can adapt to market changes and shocks.

FO: Obviously cyber security isn’t the only risk management that needs to happen, what about other areas like unit pricing errors or liquidity management?

Craig: Our Operational Due Diligence (ODD) approach assesses different core factors, such as governance and organisational structure, regulation and compliance, risk management, investment process, valuation and accounting, IT and business continuity and investment operations and we drill into the risks across these core factors.

An area that we are applying greater scrutiny and increased expectations on managers is liquidity management.

Investors are commanding more information, such as drilling down into the percentage of illiquid assets in the fund, including Level 2 and 3 assets, effectiveness of risk management tools, fund level stress testing being performed and disclosure to investors.

"Private equity is something that a lot of investors still don’t have a full grasp of the associated risks and issues"

This is an area that depending on the asset class could have a big impact in the future.

Also, the majority of ODD work that we do is on alternative strategies. Clients are looking for higher allocations into some of these strategies, but it does bring an entire new set of complexity issues, such as structuring and disclosures.

Private equity is something that a lot of investors still don’t have a full grasp of the associated risks and issues, such as independent fiduciary oversight, structuring of funds and associated tax impacts and transparency in terms of conflicts of interests and fee disclosures.

 

Please Sign In or Register to leave a Comment.