Many alternative investment firms are lagging in internal IT, compliance, policy enforcement, business continuity planning and IT security, according to analysis by Richard Fleischman & Associates, a provider of outsourced technology and IT services.
The findings come from a 12-month review of more than two dozen RFA Due Diligence Assessments, which focus on IT, business processes and compliance.
The assessment analyses an alternative asset firms’ capabilities from an institutional investor’s perspective, identifying compliance vulnerabilities and business process deficiencies and prioritizes remedies in anticipation of investor requests.
Despite increased scrutiny from investors and regulatory agencies, the RFA analysis found many areas of deficiency including: business continuity planning in case of a disaster; IT policy and code of conduct (creation and enforcement); IT security, for example password-protected work stations that preserve the confidentiality of client information; Service Level Agreement enforcement, including a lack of understanding/making assumptions about what they are supposed to be getting; and lack of high availability and redundancy inside their networks.
Don Previti, director of business development at RFA, says: "Many clients have a challenge when determining where their compliance vulnerabilities and business process deficiencies are. The RFA Due Diligence Assessment looks at a firm’s operational process from an institutional investor perspective. Then we deliver a comprehensive risk registry that clearly defines any deficiency. More importantly, the assessment becomes a baseline where known risks can be tracked and closed."
