Most hedge fund managers have taken action to protect their firm’s data from external attacks. However, there is a growing recognition of the importance of shielding the firm from risks which can breed within the firm itself, and also protecting data in transit particularly in the hybrid working environment most of the world currently finds itself in.
Most hedge fund managers have taken action to protect their firm’s data from external attacks. However, there is a growing recognition of the importance of shielding the firm from risks which can breed within the firm itself, and also protecting data in transit particularly in the hybrid working environment most of the world currently finds itself in.
“In a hybrid working environment it is important to use tools not only to protect users and data, but also to ultimately safeguard the firm,” highlights George Ralph (pictured), Global Managing Director & CRO at RFA. “Understanding the way data is being used by people within a firm is critical to protect against potential internal bad actors.”
For example, when the data arrives at the endpoint, firms need to know how that data is being used and kept secure by the user. “There are several questions managers need to consider, such as – Should the user be able to send the data on? Is there is two factor authentication process in place to access the data? Should the data be sent as a read only file or so that the document expires after a certain amount of time?” Having a detailed understanding of the answers to these questions will help outline a robust data management strategy.
According to Ralph, another area for concern is how data is being kept secure in transit: “We might think the data is secure in the data warehouse and at the endpoint, but we need to also consider the data journey.
“Understanding what data a firm holds, where is it, how it travels and how it is used is key to an effective data management strategy. I think that some firms would struggle to know the answer to all of those points.”
Having a holistic grasp on data is key. Ralph explains: “If a firm suffers a data breach, the regulator will ask for a report on how the infiltration happened and what the effect of the breach was. In these circumstances, a firm would need to have a good understanding of their overarching data management strategy in order to answer the regulator’s questions, so it is key to have a 360 degree view of your data.”
Firms may need to expand the type of data they currently consider when taking this all-encompassing view. In light of the growing calls by investors for firms to report on environmental, social and governance (ESG) factors, managers will most likely need to manage additional data sets to cover this. This development can present a number of challenges. Ralph notes: “ESG data doesn’t have specific benchmarks and different data providers measure ESG in different ways, so reading the data and making recommendations can be time consuming. The data can also be expensive, so an effective strategy allows the manager to get the best out of it.”
Regulation and the way forward
As observed earlier, regulation has a role to play in the way hedge fund firms manage their data. A strong focus on operational processes and procedures is a good place to start, as this will help deliver the detail required to make the right decision in terms of digitisation.
In Ralph’s view, data management strategies can have a really positive impact on regulatory reporting: “You are able to digitise a large part of the reporting obligations. This, in turn, allows firms to pull back time and cost which can be focussed on other parts of the business.”
He says platforms and apps play a large part here too as they have the ability to record calls and messages for regulatory purposes and read and store data for reporting.
Most firms have now centralised their data management, which underscores the importance of understanding of data. They have also decentralised their cybersecurity – an evolution which requires careful attention. Ralph comments: “The focus around decentralised cybersecurity shows no signs of abating. External bad actors are becoming more professional, more focussed and have access to market leading tech. A strong technical, process and people based programme can prevent attack. AI and machine learning tools can support a strong cyber governance programme.”
He outlines that most funds aren’t big enough to warrant the technical expertise necessary to run their infrastructure in house: “This is where tech partners like RFA come in. Outsourcing is a big part of most funds strategies and accepted by the regulator as a part of strategic business modelling.
“As funds move more towards digitising operational processes, an outsourced partner makes sense. Managers need to focus on finding the right tech partner, who works with funds with a similar strategy which allows the fund to benefit from their experience of supporting others with their digital transformation strategies.”
In view of this, RFA has always been a vocal supporter of public cloud solutions. Ralph says this allows the firm to build scalable solutions for clients.
Regarding future evolution of the way managers communicate and share information, Ralph says: “I think most fund managers now have the right collaboration tools in place, like Teams and SharePoint. The next step is learning how to get the best from those tools and to change the way people communicate. It’s time to move away from emails and use Teams to share documents in a more secure environment.”
George Ralph, Managing Director, RFA
George Ralph CITP, has successfully founded three technology firms along with C-level advisory services include M&A to numerous firms. George is a true leader and has been managing teams internationally, and leading technology transformation projects for over 20 years. A certified GDPR, Cyber assessor, Auditor, Architect and widely experienced cybersecurity and RegTech professional, George has extensive technical experience in network and server architecture, large scale migrations utilising leading technology brands, and IaaS offerings.
