The following article originally appeared in FundFire and was written by Lydia Tomkiw.
Hedge funds are starting to worry about complacency and frustration – and the risk of compliance and cybersecurity problems – growing in their ranks as employees cross yet another remote working day off their calendars, with many at 50 days and counting – and possibly several more months to go.
The hedge fund industry has managed to successfully transition to working from home, with no segment of the industry or individual players yet dropping the ball, says Chris Addy, president and CEO of Castle Hall, an operational and ESG due diligence specialist. The challenge now, as firms debate if, when, and how to fully return to work in their offices is a combination of “complacency and frustration” that could give rise to problems.
“It’s no longer ‘I’ll survive this for a couple of weeks,’ it’s now ‘I’m doing this for eight weeks and how am I doing and am I interested in sticking with the rules?’” he says.
Now is a moment for compliance officers to remind firm members of mandatory rules and behaviors and to increase their testing in areas including phishing, Addy adds.
Cybersecurity remains an ongoing concern, especially increased levels of phishing attacks. That has prompted frequent email reminders on staying vigilant, the head of compliance at a hedge fund, who requested anonymity, told FundFire.
Hackers are leveraging human emotions and unprotected data under the shadow of the pandemic, sending emails about the CARES Act and news related to the coronavirus, says Vinod Paul, COO of Align. Funds cannot drop their guard from a technology perspective and have to remain vigilant about the source of emails as well as use encryption and dual factor authentication.
“Covid-19 has been a shining example of why employees have to be diligent,” he says.
That has included increasing cybersecurity education and asking employees to shore up their own personal networks and keep devices they use to access firm data and systems separate from what they use to connect with their families, says John Araneo, Align’s managing director and general counsel.
“This is just another reason why tech is becoming a louder voice in risk management conversations and accordingly a larger item on the annual budget,” he says.
The Securities and Exchange Commission (SEC) is now increasingly focused on how the pandemic is impacting firms and where cybersecurity, IT systems control and business continuity and disaster recovery plans overlap or converge, says Sidney Wigfall, managing partner at SCA Compliance and Consulting. In addition, there are ever-present concerns surrounding insider trading, he adds.
“Where the SEC seems to be focusing is are you continuing to maintain your same systems protocols now that you are working in a mobile environment for everyone and are you maintaining your appropriate policies and procedures for conducting your advisory business?” he says.
Now is a good moment to send standard reminders to staff to continue to observe firm rules from home, including copying and pasting your firm email if you are ever forced to use another system, Wigfall says.
And the SEC will have questions down the line, just as the agency did for years following the 2008 financial crisis, says Todd Cipperman, founder of Cipperman Compliance Services. Hedge funds need to make sure they can explain any business decisions they are making now.
“The cases aren’t going to be now – they are going to be later. You better document now,” he says.
As firms examine possibilities on how to return to offices, several sources told FundFire they are eyeing a return that could coincide with kids going back to school, as well as smaller phased returns in late summer, but that many situations are not set in stone.
But until that moment comes, firms will need to keep an increased focus on testing, Addy says.
“What’s required here is leadership within organizations really reinforcing the message of safety and precaution and reminding employees of the necessity to be safe and prudent,” he says.
Has your fund implemented cybersecurity training and testing?
Align's award-winning Cybersecurity Advisory Practice can help you improve security awareness company-wide through our Cybersecurity Education solution. For more information, contact us here. Alternatively, reach out via email at firstname.lastname@example.org or call +1 855-IT-ALIGN (1-855-482-5446).