Page 29

Cayman Funds 2016

INTERTRUST CAYMAN Even well-intentioned fund directors could potentially be a threat to a fund and its investors if they are operating on outdated technology, or fail to have adequate data protection policies in place, as Rob Aspinall of Intertrust Cayman explains. Cybersecurity is a rapidly moving, constantly evolving concern to the hedge fund industry. It has caught the attention of regulatory organisations such as the US Securities and Exchange Commission (SEC) and global watchdogs such as the International Organization of Securities Commissions (Iosco), which are deeply concerned about the threats the industry faces. Greg Medcraft, chairman of the board of Iosco has ominously predicted “that the next big financial shock—or ‘black swan event’—will come from cyber space”. Despite the increased scrutiny, one often overlooked threat to hedge funds may, inadvertently, come from the board of directors themselves. Heightened regulatory focus It is no secret that global regulators are increasingly focused on the readiness of asset managers to resist cybersecurity threats. On September 15, 2015 the SEC issued an alert which outlined the steps it would be taking in its upcoming examinations to assess cybersecurity risks and preparedness in its security industries inspections. This alert included a governance and risk assessment, and indicated that the SEC will now be focusing on proper implementation and operation of cybersecurity policies and procedures. It has repeatedly been stated that this will be one of the SEC’s key inspection priorities in 2016 and given the number of articles and conferences already devoted to this topic, it would be a foolhardy industry participant that ignored these warnings. To reinforce the importance regulators are paying to this threat, September 2015 also marked the first enforcement action of its kind from the SEC in this area. On September 22, 2015 the SEC settled charges with a St Louis-based investment adviser which it alleged had failed in its duty to protect client data from hackers. The SEC claimed the firm did not conduct regular security assessments, failed to encrypt sensitive data and did not install a firewall. Consequently, the hackers had been able to access the details of more than 100,000 individuals, including thousands of the firm’s clients. Although no actual direct financial loss was incurred, the fund manager settled charges with a fine of $75,000. “As we see an increasing barrage of cyber attacks on financial firms, it is important to enforce the safeguards rule even in cases like this when there is no apparent financial harm to clients,” stated Marshall Sprung, co-chief of the SEC Enforcement Division’s Asset Management Unit. “Firms must adopt written policies to protect their clients’ private information and they need to anticipate potential cybersecurity events and have clear procedures in place rather than waiting to react once a breach occurs.” Industry in the spotlight The hedge fund industry represents a highly attractive targets for cyber criminals, not just because of the trillions of dollars collectively managed by the industry, but because their typical size and operating structure often do not afford them the resources and budget required to invest in the Shutterstock / Everett Collection CAYMAN FUNDS | 2016 29


Cayman Funds 2016
To see the actual publication please follow the link above