Heightened Hedge Fund Regulation: IT, Cybersecurity and Preparation

The following article was featured in Hedgeweek and offers an exclusive interview with Vinod Paul, chief operating officer of Align, and John Araneo, managing director and general counsel of Align. 

Technology is playing a key role in the delivery of compliance within the world of hedge funds and managers are becoming more pro-active in understanding how technology can help them meet these challenges.

As hedge funds continue to feel both regulatory and investor ODD pressure regarding its information technology infrastructure, managed service providers are being forced to bolster their offerings to support managers in tackling cybersecurity and compliance challenges.

According to Vinod Paul, chief operating officer at Align, clients are demonstrating a sharper need for more detailed information and support in the realm of operational due diligence. He elaborates: “Our client base has become educated in what their needs are as a firm and how they deal with operational due diligence and the regulatory changes taking place…. Their needs in this area are changing. We’ve seen a tremendous increase in operational due diligence data requests coming through. These are sophisticated documents and it is evident that the individuals conducting the operational due diligence on the other side really understand technology. You can’t just send them a one-pager anymore.”

John Araneo, managing director and general counsel at Align, agrees: “Before, clients would just be aiming to tick the box. Now they’re asking questions and requesting our help to make sure policies and procedures are sufficient, that they have been fully integrated and how they can demonstrate the same. We’re definitely seeing a growth in demand, and our clients have become interested in being able to articulate and identify the fundamental components of their respective IT environments and at least strive to be conversant about it. They also want to understand their own cyber security posture, whatever approach they’re taking.”

More broadly, the growth and development of its cybersecurity offering is a good manifestation of the fact that as a firm, Align, has kept pace with industry trends: “In many industries we’ve seen the regulators gently, over the past 10 years, start to encroach their jurisdictional reach over their respective registrants’ information systems. Information technology (IT) has never been more regulated than it is now, and hedge fund managers, both emerging and established, cannot afford to let IT be the last thing on their list,” Araneo explains.

He believes the compliance component of technology is going to be a driver which can set Align apart over the coming 5 to 10 years. This is particularly important given the outlook for regulation in the cybersecurity arena.

Araneo highlights: “The SEC and even the FCA have articulated that they intend to be aggressive in looking at regulation around cybersecurity. And the reality is that this phenomenon is still nascent, and security standards are still emerging.”

As regulation will undoubtedly continue to increase, firms like Align need to guide clients in navigating this new environment. They need to help managers strike a balance between investing to meet the requirements without spending too much money on something which could become obsolete in a few years’ time.

Paul concludes: “The way you get through this is by making reasonable decisions and demonstrating engagement without going from one extreme to another. We had clients who first were defensive and didn’t want to spend any money on cybersecurity who then get wind of a cyber sweep or ODD exam and then want to build the space shuttle overnight. Our advice is that you need a common sense, reasonable approach and be able to demonstrate you have a baseline. Look at what you’re good at and see what you can improve. Then show you’ve made methodical, rational improvements over a sequence of time.”