Home >Business >Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Date post:15-Nov-2014
Category:
View:2,294 times
Download:0 times
Share this document with a friend
Description:
Your first priority is making sound investment decisions. But more than ever, investors and regulators expect firms to focus on their operations and infrastructure as well. Read on to learn more about how to meet your firm’s technology and compliance directives in 2012. Experts from ACA Compliance and Eze Castle Integration provided advice relative to:• Form PF and other report filing and registration requirements; • Tips for compliance program development, reviews and training; and • Technology must-haves including email security, encryption, and more.
Transcript:
  • 1. Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

2. Agenda Form PF: What You Need to Know Maintaining an Effective Compliance Program Technology Must-Haves Message Archiving Email Security Mobile Device Management 3. Hot Topics for Investment Managers: Compliance & Technology Directives for 2012Nothing herein should be construed as legal advice or as a legal opinion for1 any particular situation. Information is provided for generalguidance and should not be substituted for formal legal advice from anexperienced securities attorney. 4. Sections of Form PF Section 2: Large Hedge Fund Managers ($1.5B in RAUM) Section 1: All Filers ($150Min RAUM) Section 3: Large Liquidity Fund Managers ($1B in RAUM) Section 4: Large Private Equity Managers ($2B in RAUM) 4 4 5. Filing Deadlines 7/15/12 Liquidity FundManagers with $5B 8/29/12 - Hedge FundManagers with $5B 1/15/13 - Liquidity FundManagers with $1B to $5B 3/1/13 Hedge FundManagers with $1.5B to $5B 4/30/13 All other filers55 6. Filing Frequency Large Hedge Fund & Liquidity Fund Managers: Quarterly All Others: Annually66 7. IT Challenges Posed by Form PF Data from internal and external systems Internal methodologies allowed, but strive for consistencyand disclose assumptions Desire for a scalable process (maybe next time) 7 7 8. Form PF Recommendations Prepare a test filing Assign each question to the subject matter expert Coordinate with vendors early and often Document assumptions88 9. Maintaining an Effective Compliance Program99 10. Integration of IT and Compliance To the extent that firms dont have strong IT resourcessupporting their compliance program in areas such as riskassessment, surveillance and testing, that can be a real challengeto effectiveness. In todays market environment, if you have acompliance program thats not using technology in sophisticatedways to do monitoring, testing and surveillance, then youreprobably behind the 8-ball. Generally, were getting pretty goodat working with different data formats and developing tools thatcan help us take the data and perform effective analysis. Carlo di Florio, Director of the SECs Office of Compliance Inspections andExaminations1010 11. Integration of IT and ComplianceWere going to be doing it, so I suggest you do it as well. Norm Champ, Deputy Director of the SECs Office of ComplianceInspections and Examinations, discussing email surveillance1111 12. Common Email Review Focus Areas Correspondence with competitors Messages sent with attachments to personalaccounts (Hotmail, Gmail, AOL) References to restricted list entries Outbound messages referencing names subjectto confis References to known conflicts of interest Correspondence with government emailaddresses Political contributions Gifts and entertainment (conflicts of interestand FCPA) 12 12 13. Documenting Email Reviews Scope Risk areas and associated search terms Number of hits per search term Number of emails opened per search term Findings and responses Decide in advance how to respond to findings that appear to be especiallyserious. Consider escalating directly to outside counsel. Word spreads quickly. Discussing questionable emails with employees willlead to changes in email behavior throughout the firm.1313 14. Record Retention Electronic record retention welcomed Readily accessible Separately backed up Be prepared to produce in electronic or paper format Little flexibility in recordkeeping obligations Rule 204-2 Typically a 5 to 6 year retention period Most advisers keep all electronic communications Apple Messages are a problem 14 14 15. Technology Must-Haves for Investment Managers 16. Message ArchivingAll electronic messages must be captured and retained.SEC requires advisers to retain all internal andexternal electronic business communicationsTape backup by itself is not adequate!Know the regulations & sound practices forarchiving 17. Message ArchivingRule 204-2: Retain all internal and external electronic businesscommunications RequirementsSolutionRetain accurate records Archive all electronic messages for up to 7 yearsElectronic mediaWORM format with off-site backupIndex & retrieval Messages are indexed for easy & fast retrievalRule 206(4)-7: Adopt written compliance policies & procedures RequirementsSolutionPrevent & detectInternal supervisory compliance controls violationsAnnual review Robust reporting to facilitate annual reviewsMessaging archiving technology can simplify recordretention & compliance reporting. 18. Message ArchivingSome questions to ask your solutions provider...Will my data be stored on dedicated or shared storage?Is WORM storage used to ensure data integrity?Are all messages searchable from a single searchcommand?How is user access to data controlled?Do you archive messages from all devices?Do you provide 24X7 support and/or in-house legalsupport? 19. Email SecurityEmail Security helps comply with data privacy regulations.Regulations:Gramm-Leach-Bliley Act Data Protection Act of 1999 (GLBA) Section 501(b): Protect Non-public InformationMA 201 CMR 17 (Massachusetts ): Protect Personal Identifiable Information (PII) Common sense: Firms reputation is at risk the moment customer privacy is violated. 20. Email Security SolutionsA standard email security package goes a long way.Email Security Outbound Encryption Spam Filtering Anti-virus protection Data Loss PreventionEnsure security of all outgoing electroniccommunications! 21. Email SecuritySome questions to ask your solutions provider...What level of encryption is used to protect my email?How do I access an encrypted message?Can I create specific email security policies?How can I prevent sensitive data from leaving mynetwork?How do my virus-outbreak filters stay current?How much system maintenance is required of me? 22. Mobile Device ManagementEnterprise data is moving to smartphones & tablets!What devices are accessing your network?Are all the mobile apps safe to use?Has anyone lost a phone recently? 23. Mobile Device Management (MDM)Convergence of work and Visibility into mobile devices...personal devices... Context match activity to location, time, and network Activity user behavior patterns Content identify & secure files on each phone Application provision, configure, troubleshoot Device track settings, status, inventory, policies, functions MDM is essential for a comprehensive data protectionstrategy.Photo Source: Mobile Iron 24. Mobile Device Management (MDM)Some questions to ask your solutions provider...What mobile operating systems does your MDM solutionsupport?What asset management & inventory capability exists formanaging devices on the network?What remote administration functionality is available?Password enforcementWhat reporting is available across operators, operatingsystems and locations? 25. Other Technology Considerations Web Filtering Protection from malware originating over the internet Intrusion detection Protection against hackers attempting to invade a network Endpoint encryption Encryption of data on laptops and all other devices 26. Eze Castle Integration OverviewFounded 1995Headquarters260 Franklin Street, 12th Floor, Boston, Massachusetts, 02110Chicago, Dallas, Geneva, Hong Kong, London, Los Angeles, Minneapolis, New York City,AdditionalSan Francisco, Singapore and StamfordOffices Strategic IT Consulting Private Cloud Services Outsourced IT Solutions Business Continuity Planning Professional Services Disaster RecoveryCore Services Project & Technology Management Compliance Solutions Communications Solutions Storage Solutions Network Design & Management Colocation Services Internet Service E-Mail & IM ArchivingAwards Received 27. 260 Franklin Street, 12th floor Boston, MA 02110 Tel: 617-217-3000 www.eci.com

Popular Tags:

Click here to load reader

Embed Size (px)
Recommended