IMS (International Management Services Ltd) is one of the leading providers of directorship services in the Cayman Islands. Its directors bring a wealth of experience to the funds they represent. One area of corporate governance that has become increasingly pertinent relates to the growing threat of cybersecurity.
It is, according to Sean Inggs (pictured), Fund Director at IMS, typical for board meetings to dedicate a portion of time to an investment fund’s cybersecurity processes. Directors should be considering and enquiring after how a fund’s digital and electronic processes are set up and monitored, not just at the fund manager level but also at the fund administration level? Has the fund suffered any cyber breaches? Have any of the fund’s service providers suffered any cyber breaches? If so, what steps were taken following the breach?
“When considering compliance at the fund board level, it is one of the key areas for fund directors today,” says Inggs. “Almost all my US clients are engaging cybersecurity professionals. It’s encouraging to see that the funds industry has been proactive on this issue over the last 12 months.”
In his view, governance professionals are best advised to take a practical approach to this issue by asking specific questions aimed at determining what practical steps a fund manager is adopting towards cybersecurity.
“Those steps include appointing a properly qualified third party cybersecurity provider or, for a larger fund that has the financial resources, hiring professionals within their existing IT team to handle cybersecurity. They should also involve reviewing the fund’s service providers to check they are adequately prepared and have proper policies and procedures in place.
“We see some investors committing quite a large amount of time during due diligence asking cyber-related questions. They want to know what policies the manager has in place, what their disaster recovery plans are, and so on. Having something written down is very important.
“Furthermore, directors should be assessing cybersecurity risks within their general risk management responsibility that comes with being a director. Many private equity fund boards have separate risk meetings or, if not, they certainly form part of their quarterly board meetings. Cybersecurity risks now have to be part of a fund’s ongoing risk assessment,” states Inggs.
This increased oversight is part of a wider trend of alternative fund managers embracing regulatory compliance and corporate governance more completely.
“The pressure placed on new managers to take governance and board composition seriously is still there. Investors are still asking all the usual questions, in terms of how many appointments a fund director has, what their experience is, do they have experience in a particular asset class and so on. I am seeing more questions on risk management and compliance as well.
“Interestingly, one trend we have started to see is more fund directors being appointed to the internal governance committee inside a fund, to provide an additional layer of corporate governance and independent oversight at the master fund level. This is being driven by a number of large institutional investors, among others.
“We are seeing this with some of our US clients where they have independent directors sat at the master fund level as well as at the offshore feeder fund level. That is a positive shift in my opinion,” concludes Inggs, adding that he hopes to see this hedge fund trend spread to LPACs of private equity funds.