In the first segment of this two-part blog series, John Araneo and Vinod Paul of Align sit down with HFM Global to reflect on the changes and developments seen since the beginning of work-from-home practices.
We'll discuss key considerations for business continuity, technology and cybersecurity with regard to registered investment advisers, in addition to regulatory trends and SEC examinations.
Investment Managers Adapt to a Post-Covid-19 World
Question (Q) The pandemic has caused an abrupt and visceral disruption as to how investment managers operate. As Align provides both fully Managed IT and Cybersecurity Advisory Services to its investment manager clients, how do its technology and cyber solutions fit into the equation?
John Araneo (JA) As to our Managed IT Services, we think that technology has emerged as the primary agent of change in assisting fund managers in adapting to a post-Covid-19 world. More specifically, the meteoric rise of the public clouds has had the largest, almost universal impact in this regard.
From a practical standpoint, the biggest ‘real-life’ change we’ve observed is a mass exodus from the traditional “hive” environment of a traditional corporate office type workplace, to a completely decentralized workforce; and technology has certainly played a large role in facilitating this transition.
As to cybersecurity, you can't have a conversation of such an over-arching change in the manner in which people work and operate without talking about how cybersecurity risks have adapted to exploit this societal change.
First, since many social engineering and phishing attacks attempt to create a sense of confusion or disorientation, the pandemic already has created such an environment, whether it be the largely inaccessible customer support lines of many retail banks and other financial institutions or the widespread confusion around virus testing and financial aid which have caused many to open phishing emails labelled as such.
And second, the abrupt shift from the cubicle to the kitchen table has created a number of issues as to what controls have followed each employee to their home workspace and which have not.
Vinod Paul (VP): In a matter of three days, we saw 100% of our clients go from being in the office to working from home full time. Our client base was able to access all of their systems just as if they were in the office.
The big difference, though, was that they went from a hive mentality, to being at their homes. The biggest challenge, I think, that the hedge fund industry as a whole now exists in people having to remember that the same rules still apply.
Regulatory Focus and SEC Exams
Q Recently, regulators have tried to react quickly, not by providing additional guidance, but rather by launching a series of examinations specifically on disaster recovery and business continuity. How has Align been able to assist its clients not only in strengthening their posture in this regard but also in enduring these examinations?
JA We’ve noticed the recent regulatory focus here and found that form the substance of the inquiries actually received by our clients, the content really presents nothing new, as the focus is largely on the same disaster recovery and business continuity control requirements that have been in place prior to the pandemic.
Both our IT and cybersecurity solutions have robust disaster recovery and business continuity controls already baked in. To our amazement, the public cloud environment upon which our IT platform is built has allowed our contingency plans, which were originally conceived to be a temporary fix, has proven itself as a fully-functioning “Plan B.” For us, the harder questions from clients have centered around how each of them can maintain their unique operational controls and checks in the new distributed, remote working environment.
Fortunately for us, from both an IT technology perspective and a cybersecurity aspect, all of the practices have been able to be transferred effectively to this new state of affairs. Operations have not really changed very much.
The devices and endpoints we provide are working well- and securely- as they have been transported from one location to another and all the data's being protected at the endpoint irrespective of what’s changed.
"In a matter of three days, we saw 100% of our clients go from being in the office to working from home full time." - Vinod Paul, Chief Operating Officer, Align
Focus Areas for Investment Managers
Q What should the investment managers be thinking about in terms of business continuity, technology and cybersecurity?
VP I believe we are seeing in our client base that the post-Covid-19 world is a world where work from home isn't a once per week event. We're seeing a clear change of mentality with our asset management client base, and we foresee that, when it's safe to go back to work, clients’ user bases may not come back to work at the same time.
We might see a scenario where only 50% of the office is working at one time physically at the same time. Gone are the days where 100% of our employee base is going to be in the office at the same time.
In terms of business continuity, technology and cybersecurity, I will tell you that our clients have been, and continue to expect that they will be, able to get the same collaboration tools, the same experience, the same disaster recovery from their home as in the office.
They need to have the same protections in place. They need to have the same availability in place and the same experience. With advances in technology over the past years, this is entirely possible.
The meaningful observation here is that clients are now expecting their IT providers to continue to provide the same cybersecurity controls that are in place, wherever they work – that’s the new standard.