Cybersecurity & Private Fund Advisers

Cybersecurity & Private Fund Advisers

 

 You can download a full copy of the slides from this webinar. 

 

Download

 

Full video transcript available below:

 

Then the next topic we have is cyber security. Yes, once again the SEC is talking about cyber security. This has really been kind of a hot issue for some time now and remains a focus. One thing I want to point out is you want to remember that failure to have a good cyber security plan can result in a lot more than a compliance violation. There's a great deal of reputational risk here. I'm sure none of you want to be that investment advisor that has to reach out to clients and let them know that their confidential information has been compromised.

If you've not already done so, you want to make sure you have a written cyber security policy. I still find that many of advisors I speak to have not established a formal policy. Really this has been a focus now since 2015, so if you don't have one definitely recommend getting one in place.

Once you have established your written cyber security plan you also want to be sure to periodically test that cyber security controls. You want to maintain documentation of the specific areas tested, how the test went, and then any changes you made to your policies as a result of the tests. In this could be great documentation to provide if the SEC were to come in and ask about your cyber security policy and what you're doing with respect to cyber security.

Another thing is don't forget to review the cyber security policies of your third party vendors. If you're using vendors that have access to confidential client information you wan to take steps to ensure that that information is safe, and you want to be able to show the SEC that you have taken steps to review and ensure that that information is safe.

Then it's also important to provide employees with training regarding cyber security. Employees should be aware of how their actions can cause the firm to be at risk. For example, failure to have a secure password or failure to report a lost laptop. Those are things that employees might not be aware of the implications of. You also want employees to be trained on how the firm will respond to cyber security issues and what their role in such response is.

Since cyber security carries such a high profile risk, if you're a small firm or if you don't have your own IT experts or IT individuals on staff, I really recommend using a third party vendor. These could be your current outside IT consultant if you have one, or you could reach out to someone who specializes in cyber security.

Then another thing I wanted to bring up is I recently read an article which I thought was quite interesting. The article said that SEC examiners have been calling CCOs giving them a cyber security scenario and asking how the firm would respond. I don't know of any firms that this has happened to, but I really found to that to be quite interesting because before I read this article I had never heard of any SEC just calling and asking a specific question like that and expecting the CCO to answer on the spot. It's just something to be aware of.

Now I'll turn it back to Vicky for private fund advisors.

Thank you, Colleen. I'm looking at the time. We were so excited to tell you about all of these priorities that we running out of time, so I'll make this quick about private fund advisors. The SEC kind of tacks this on to their initiatives as another initiative for their priorities. Private funds, of course, they're a lot of risk. I'd just like to bring one risk to the forefront in that I see over and over and I'm still seeing advisors to private funds tackle with this. It's the allocation of expenses, particularly across funds and across the funds and the management company.

Make sure that you have a methodology that's wring, spelled out about how such expenses are allocated across funds. Typical expenses would be travel and entertainment expenses or if permitted by the offering docs expenses for staff as well. Make sure that you have a methodology you follow that methodology. If there's an instance where you do not follow that methodology with respect to the allocation of expenses that you have a memo supporting the reasons why it was not appropriate to follow that methodology.

I could go on and on about the risk that private fund advisors conflicts of interest and disclosures. The SEC just kind of tacks it on to their priorities, so I guess we will too in this presentation.

 

Read 5 ways to improve Hedge Fund Compliance

 

This webinar was cohosted with NorthpointCompliance

Find out how MCO can help

Request a demo today to learn how MyComplianceOffice puts you in command of your compliance program, synchronizing your business needs with regulation. 

Request a Demo

 

MCO_brochure-image.png

Download our four page Portfolio of Solutions to learn about;

  • Personal Trade Monitoring
  • Gifts & Entertainment
  • Political Contributions
  • Third Party vendor risk management
  • Trade surveillance
  • And more

Brochure Download