Compliance and Regulatory Consulting
Local and global compliance expertise for the financial services industry.Compliance and Regulatory Consulting
David Copland was interviewed by HFMWeek to talk about the dangers behind a lack of cyber knowledge.
HFMWeek (HFM): What cyber risks does the hedge fund industry face and which are the most prevalent?
David Copland (DC): It is important to note that on face value, the amount of cyber-security breaches felt by hedge fund managers in Hong Kong and indeed around the globe is not as high as for banks and credit card providers, although the industry continues to face an increasing amount of cyber hostility. One such example occurred in 2014 when Bloomberg reported that a number of systems had been interfered with and information had been stolen from quant funds. Another example of the current cyber risks faced in the industry is that there have been multiple reports of individuals attempting to steal source code of quant programs.
What is even more important is how the industry is responding to this heightened cyber volatility. In 2015, the US Securities and Exchange Commission (SEC) took a hard-line approach to an investment advisor for not having cyber-security policies in place. Th e company suffered a breach of client data, but it wasn’t the data breach which led to the prosecution. Th e regulator prosecuted because of the sheer lack of preparation for a cyber-att ack as there were no information security policies in place. Th is was a signifi cant message from the regulator and it has recently happened again to another company. Th e SEC and also Hong Kong’s Securities and Futures Commission (SFC) in particular are now highly interested in seeing that hedge fund managers have security policies in place and those within the industry must urgently get up to speed with regulatory expectations and requirements for their cyber governance.
HFM: What are the regulatory expectations surrounding cyber-security?
DC: Regulators key concern is the protection of investor client data. The concern is that client data must not end up in the public domain in any form whatsoever or be used for some other cyber-crime. Regulators are consistently communicating that...Read the full interview