Another SEC Cybersecurity Reminder: Fund managers have just received a few pointed suggestions from the Securities and Exchange Commission’s Division of Investment Management on just how they should monitor their cybersecurity risk.
Although the new guidance doesn’t carry the force of a rule, it does put fund managers on alert for what the SEC will be looking for when it conducts exams. The next step could be cybersecurity enforcement actions.
The SEC recommends ensuring periodic assessments, a cybersecurity strategy, and written policies and procedures. The assessments should include locating where confidential information is stored, identifying threats and vulnerabilities, reviewing security controls, and measuring the impact of a data breach on a firm’s governance structure. Also on the list is controlling access to confidential data, restricting the use of removable storage media, encrypting data, ensuring data backup and retrieval and developing an incident response plan.
The guidance follows cybersecurity exams that the SEC and Financial Industry Regulatory Authority (FINRA), the broker-dealer regulatory agency, conducted last year. Both organizations have made cybersecurity risk management an examination priority for the past two years. For more information check out the cybersecurity roundtable of regulators and industry experts hosted last year by the SEC.
T+2 Going Global? Financial industry professionals expect two-day settlement to become the global norm within the next ten years, with the US and Canada the next big markets to follow Europe’s lead, according to the results of a new survey just released by post-trade communications service provider Omgeo.
Of the 583 firms which responded to Omgeo’s questionnaire, about 52 percent thought that the US would move to a T+2 settlement cycle from T+3 within the next three years, while 34 percent thought Canada would do so. Most European countries already moved to a T+2 timetable in October 2014 and about 77 percent of the respondents believed the shift went off smoothly. About half of survey participants represented buy-side companies, while 34 percent represented sell-side and 9 percent represented custodians.
Just what does it take to move to a two-day settlement cycle? Or rather, how reasonable is it to expect same-day allocations and confirmations as well as correct legal entity identifiers (LEIs) and correct standing settlement instructions (SSIs)?
About 62 percent of the respondents said that it made sense for fund managers to send allocations and settlement instructions to broker-dealers the day the trade is executed with broker-dealers affirming allocations within just two hours of receiving the information from fund managers. About 52 percent believe that new regulations requiring depositories to fine members who fail to settle their trades on time will motivate them to speed up the post-trade communications process necessary to acknowledge trade details, and 51 percent think that the European super-regulatory body European Securities and Markets Authority (ESMA) should be able to monitor adherence to the so-called same day affirmation process. Despite the progress made to achieving T+2 in Europe, 56 percent of respondents didn’t think T+1 was likely to be achievable.
When it comes to LEIs, about 42 percent of those surveyed, said that the identifiers were relevant to meet a T+2, but 29 percent said they were unable to identify their accounts using LEIs and 37 percent said they could not identify their clients or counterparties with LEIs. Accurate SSIs topped the list of what buy and sell-side firms think is required to achieve T+2 with over 90 percent of respondents. SSIs are the last leg of the post-trade communications process where asset managers inform their custodians of the specific details on how they wish their trades settled.
Given the survey was based on responses from Omgeo’s customers, the subsidiary of the US Depository Trust & Clearing Corp. took the opportunity to promote its services in the report. “Omgeo Central Trade Manager and Omgeo Alert are well-positioned to help the industry meet this growing need [for same day affirmation and correct SSIs],” concluded Omgeo. As reported last week in FinOps Report, Omgeo is now allowing custodians and prime brokers, not just asset managers, to input SSIs into ALERT to improve accuracy.
Staying on Top of Operations: Chief operating officers and chief financial officers of hedge funds who worry about task slippage putting their performance and compliance at risk can now keep an eye on everything going on across the firm with a new software application called OpsCheck.
The platform, says its designer Frank Caccio, is not meant to replace in-person meetings, but to allow senior operational managers to walk into those sessions already knowing the status of current operations by drilling down into automated reporting that can be accessed in minutes, rather than hours of internal research. Use of OpsCheck, Caccio says, also helps alternative investment funds demonstrate vigilant oversight to regulators and investors, as well as helping them win SSAE16 attestation to commitment to strong internal controls.
Officially launched on Wednesday, OpsCheck tracks the progress of recurring or special tasks in compliance, regulatory reporting, trading operations, accounting and even third-party fund administrators and prime brokers. Here is how: when working on or completing tasks, users of OpsCheck use a simple web-browser based interface to input comments and securely link to files in the firm’s own network. Such documentation in the form of spreadsheets, word documents and PDFs can include data related to striking net asset values, regulatory filings, and collateral posted at various counterparties.
C-level executives, managers and end-users can be alerted either when they log into the application or via email when deadlines are approaching or work has not been completed on time. Mistakes, such as trading off a bad position, can be greatly minimized using OpsCheck because controls and procedures are incorporated as tasks.
Access to information on OpsCheck’s centralized database can be customized by senior management in creating user profiles. So far, OpsCheck has nabbed ten US and global hedge fund managers as customers ranging in size from under US$100 million in assets under management to over US$20 billion. Clients pay a subscription fee based on the number of users. OpsCheck is owned by FJC Partners, founded by Caccio, a former chief operating officer and director of operation for several mega hedge funds.