Rules Navigator

Cybersecurity, rising costs of professional advice and paring back regulation discussed at roundtable

View from the GR London office.
Photo: GRIP

Alex Viall

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

Compliance professionals wrestled with current challenges at the latest Global Relay Hedge Funds event in London.

In the latest of Global Relay’s regular compliance roundtables in London, senior figures from across the alternative asset manager sector gathered to exchange opinion on some of the pressing issues of the moment.

Insurance and cybersecurity

The Jersey regulator is conducting a review of every regulated firms’ insurance arrangements to ensure they are in place.

The cost of cyber insurance is going up – investors feel more comfortable that it is in place. One firm had an incident recently and by far the most valuable input was the consultant team that they sent to help remediate and investigate the incident. They have since written in this team explicitly into their renewed insurance contract.

Another had three investment managers hacked last month. The most challenging element was the reporting requirements within 24 hours when nothing concrete had been established in terms of the extent of the breach within that timeframe. This was a phishing originated breach through a mailbox and customer information was exposed. It was a Microsoft patch incident that was not the firm’s vulnerability.

Ransomware was discussed and it was clear that in many cases many firms do not reveal an incident and also do not let it be known if they have paid a ransom. The key concern is, if things are properly backed up, whether the firm can be back up and operating with little downtime.

Another firm uses TeleMessage which was hacked, and messages on WhatsApp with customers and also internal messages were exposed.

Cyber incident reporting

The group discussed ICO threshold reporting and said that their website is good at explaining the process after a cyber incident – one of the group said that they use a company called Precursor Security who provide excellent live analysis of their perimeter and can detect attacks as well as take things down that have been breached.

One of those attending said that they have disabled the ability for their employees to send attachments via LinkedIn as this is potentially where the next big market abuse scandal might take hold.

FCA and HK SFC update

The group noted that enforcement messaging from FCA is all related to market abuse, insider trading and the potential for Organised Crime Groups to abuse the markets. In the private asset management sector, their focus is very much on conflicts and their management/identification.

Camille Blackburn is moving from FCA London to FCA Australia as the regulator expands into overseas satellites and it was agreed she has been a bonus for the asset management sector in London so she will be missed.

One of the participants said that the SFC in Hong Kong had been particularly testy over an out-of-date passport and had written a very stern letter about this being unacceptable because it might result in a full review, all of which was viewed as excessive. Another said that SEBI in India can also be similarly demanding in that all documents need to be certified and notarized which is both a burden and an expense. They often reject these overworked documents if they are 45 days old by time of receipt.

It was added that the Chinese regulator, CSRC, requires certain documents to be signed in fountain pen ink. One of those attending needed to disclose a position as required by the Japanese regulator and this could only be submitted in Japanese.

The group welcomed the FCA review into the potential for it to pare back the many regulations that require duplicative reporting and are very burdensome as well as a barrier to entry.

Wrestling with new regulation

Everyone is now wrestling with the new Economic Crime and Corporate Transparency Act 2023 (ECCTA). It is new obligation that calls for a risk assessment, policies and training.

The recent reversal of regulation on research unbundling was touched on and most feel that this regulation driven by MiFID II will not see many making the change back. Some might recharge the fund for research they use through the operating research payment account.

Rising costs of professional advice

The rising cost and methods of charging for specialist legal advice was discussed. It is clear that hourly rates and double charging are both increasingly unpopular. Most are moving to a package approach with caps and fixed fees. Clever tricks called out were the costs of associates being bolted on in addition to the cost of the advising partner.

US firms also have been known to charge for prep work ahead of a meeting, and the write-up after it. One attendee had been billed for just giving a quote!

Office hours and AI

Most firms are now requiring all employees to attend the office four days a week, with some still on three, and some demanding five. Many are using a version of AI internally to improve productivity and finding it especially useful to gather research and also summarize documents and make appropriate changes to policy documents. But the work of AI needs to be checked! It is also excellent for board minute compilation and could replace the company secretary function.

, , , , , , , , , , , , , ,

You may also like