Insights

24 November 2022

Information Security Risks that Should Keep Hedge Fund Managers Up At Night

Information security is a growing concern that impacts almost every aspect of our daily lives – from the soccer mom whose email gets hacked to the multi-billion dollar corporation whose business is ground to a halt due to a massive data theft. Darkness lurks everywhere as our society, commerce, and culture become more and more electronic.

This reality is particularly scary to hedge funds, who are less likely to be equipped to deal with these types of threats than larger institutions such as banks who have dedicated security resources in place. Given the sheer size of many hedge funds and their potential to ‘move markets,’ all industry stakeholders – fund managers, investors, and regulators – are concerned. Regulators and investors specifically have taken several steps over the past couple of years to hold asset managers accountable for proper information security measures which include industry guidance and heightened due diligence requirements.

So, what should hedge fund managers start thinking about when it comes to their information security? As a good first exercise, I recommend that hedge funds develop an understanding of what the actual risks are – in other words what is the bad that can happen if something does go ‘bump in the night.’ It is important to remember that security risks should not be confused with threats – which are scenarios/actors that influence the bad outcome (e.g. hacker attack, insider theft, etc).

With this in mind, here are the top six information security risks that would keep me up at night if I were a hedge fund manager:

Theft or unauthorized sharing of intellectual property. Hedge funds live and die by their ‘secret sauce’ and their ongoing ability to generate alpha. Theft of intellectual property can have serious implications and should be a primary concern for portfolio managers.

Theft or unauthorized sharing of client information. Fund managers have a duty and obligation to ensure that their client information (e.g. account numbers, personally identifiable information, etc) are safeguarded both in house and at an external service providers. A breach of sensitive client data can lead to irreparable damage (e.g. redemptions, lawsuits, etc).

Theft of fund and/or client assets. Wire fraud is a huge risk in the hedge fund space, where billions of dollars in cash and securities are moved each minute. It is critical for organizations to understand their internal and external cash movements as there are countless ways for bad actors to exploit them.

Front running and position copying. Within billions of dollars in trades happening each day, there is ample opportunity for a hedge fund to get “front run.” While this may not be a large concern to some funds, the economic effects can be quite damaging to a market player of size. In addition, competitors can use position copying techniques to potentially back into strategies which increases the likelihood of #1.

Availability and integrity of information systems. Technology security – applications, networks, hardware, etc – is the layer that sits on top of it all. This is both due to the sensitivity of information in which it houses but the ongoing business that it supports.

Loss of key personnel. This is an intellectual property business, and as such it is of utmost importance to protect key individuals within any hedge fund which goes well beyond information security. Fund managers should actively consider information protection, physical security, and executive protection of mission critical staff and their families.

2
0

Leave a Reply

Your email address will not be published. Required fields are marked *

Search
Recent posts
LATEST INSIGHTS
2 August 2024
FDIC Proposes Sweeping Changes to Brokered Deposits Rules
The Federal Deposit Insurance Corporation (FDIC) has proposed a significant overhaul of its brokered deposits rules. This move, announced on July 30, 2024, could reshape the landscape for banks, neobanks, fintechs, and other financial industry players.
2 August 2024
Explaining the FCA's Public Offer Platform rules
The UK's Financial Conduct Authority (FCA) has released a consultation paper outlining proposed rules for the new public offer platform (POP) regime.
25 July 2024
What new ARGA legislation will mean for UK GRC
The King's Speech has unveiled plans for a Draft Audit Reform and Corporate Governance Bill, signalling significant changes in the UK's regulatory landscape. MBK Search has pulled out these crucial aspects that risk managers and compliance professionals need to understand:
24 July 2024
FTC sets its sights on surveillance pricing: Key points
The Federal Trade Commission (FTC) has launched a significant investigation into "surveillance pricing" practices, signalling a new frontier in consumer protection and data privacy. This will have implications for risk managers and compliance professionals across financial services. Here are five key aspects to consider:
css.php