Managing money and finding alpha is never easy. In addition to tough trading and market conditions, fund managers must also address cyber security risks. Cyber attacks against large banks generate most of the headlines, but asset managers are also targeted. According to a 2015 report by the US Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations, 74 percent of registered investment advisers surveyed by the SEC have experienced cyber attacks, either directly or through their vendors. Most of the attacks were related to malware and fraudulent emails, but ransomware is a growing concern. Given the elevated risks, investment managers, with their information technology (IT), legal and compliance teams, should protect themselves against cyber attacks and comply with SEC and Commodity Futures Trading Commission (CFTC) regulations by undertaking a five-step plan toward better cyber security.

Chief information security officer

The first step towards improved cyber security is to designate a chief information security officer (CISO) responsible for data privacy and security management. The CISO, who may also serve as the fund manager’s chief compliance officer (CCO), must be a senior executive with a deep understanding of the firm’s IT infrastructure. The CISO will be responsible for overseeing cyber risk assessments, reviewing policies and procedures, managing the firm’s cyber risk programme and implementing controls. Financial regulators require that the CISO report to the CCO, the chief technology officer (CTO) or other key persons in senior management.

Jul-Sep 2017 Issue

McGuirewoods LLP