Bringing you live news and features since 2006 

Lisa Smith, Eze Castle Integration

SEC alert places cyber security risk at forefront


Cyber security has quickly become a headline risk for hedge fund managers. On 15 April 2014, the SEC issued its Cyber-Security Risk Alert, a detailed 26-point questionnaire that aims to address various elements of a hedge fund’s technical and operational infrastructure to determine how vulnerable it is to cyber attacks and data theft.

This initiative is being driven by the SEC’s Office of Compliance Inspections and Examinations. It will assess 50 individual firms and based on its findings will draft a set of final guidelines for hedge funds to adhere to. This is essentially a way to address ‘technology risk’ and implement best practices through documentation in the form of a Written Information Security Policy (WISP).
According to Assured SKCG Inc, an insurance advisory firm, 37 per cent of security breaches between 2012 and 2013 affected financial organisations. Hedge funds are a high profile target. Establishing a WISP and becoming as data secure as possible is critical.
At Eze Castle Integration, the phones haven’t stopped ringing as clients look to address any gaps in their IT infrastructure and operational policies. 
“It wasn’t at the forefront of managers’ minds previously. It is now though,” says Lisa Smith (pictured), BCP/Data Privacy Manager at Eze Castle Integration. “Previously they put a lot of trust in their CTO, their service providers, to implement best practices around how to protect the firm. Now, rather than thinking someone else is taking care of it, there’s more emphasis on documenting everything and making sure that everybody is singing from the same hymn sheet.
“Everybody within a hedge fund should have a better understanding of what’s in place with respect to data privacy and infrastructure security. There needs to be firm-wide knowledge.”
A WISP acts as a blueprint. Just like the compliance manual, it sets all the firm’s internal policies and procedures covering everything from service provider outages to how often system passwords should be updated and so on.
“We start off by gauging where the client is. Do they have an IT policy? What type of infrastructure do they have in place? Fortunately for us, a lot of firms who have been calling us are existing clients so we have a good understanding of what they have in place. We as a firm follow industry best practices and implement those across our clients’ infrastructures,” explains Smith.
What Eze Castle is able to do in producing the WISP is apply their expertise (having already written dozens of WISPs for financial institutions) and paint a picture of how well a firm is protected against cybersecurity threats. This immediately overcomes the very real issue of ‘Key Man risk’. Say the CTO were to up sticks and join a competitor. If nothing has been written down and documented, nobody in the firm would have a clue as to how their IT infrastructure operates.
“Until it has been documented, everyone works off of assumptions,” comments Smith, who continues:
“We help put the controls in place to address data privacy. Some firms have documented this in their compliance manual, which we would make reference to in the WISP. It sets out a firm’s IT functions and applications and prioritises them.
“If a cyber attack takes place and impacts one system, having it documented means the manager will see where the impact is and what effect it will have on the rest of the firm.” 

Latest News

Saving and investing app, Moneybox, has doubled the number of ETFs available on the platform, in the light of ‘growing..
Global X ETFs has announced the appointment of Ryan O'Connor as its Chief Executive Officer effective as of April 8, 2024. ..
Value-driven structured credit investing firm, Angel Oak Capital Advisors, LLC, has announced the completed conversions of two of its mutual..
Confidence in the continuing strength of bitcoin and Ethereum is driving wider interest in altcoins and other digital assets, according..

Related Articles

Graham MacKenzie, Toronto Stock Exchange
The evolution of ETFs has been a multi-decade experience for Toronto Stock Exchange says Graham MacKenzie, managing director, Exchange Traded...
Frank Koudelka, State Street Global Services
ETF data provider and ETF Express data partner, Trackinsight, has published its Global ETF Survey 2024 Report: ‘50+ Charts on...
Matteo Greco, Research Analyst at Fineqia International writes that bitcoin (BTC) ended the week at approximately USD52,150, showing a notable...
US Distribution Awards trophies
The winners of the first US ETF Distribution Awards at the Exchange conference, hosted by ETF Express and sponsored by...
Subscribe to the ETF Express newsletter

Subscribe for access to our weekly newsletter, newsletter archive, updates on the site and exclusive email content.

Marketing by