+ All Categories
Transcript
Page 1: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Page 2: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Agenda

Form PF: What You Need to Know

Maintaining an Effective Compliance Program

Technology Must-Haves– Message Archiving– Email Security– Mobile Device Management

Page 3: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Nothing herein should be construed as legal advice or as a legal opinion for any particular situation. Information is provided for generalguidance and should not be substituted for formal legal advice from an experienced securities attorney.

1

Page 4: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

44

Sections of Form PF

• Section 1: All Filers ($150M in RAUM)

• Section 2: Large Hedge Fund Managers ($1.5B in RAUM)

• Section 3: Large Liquidity Fund Managers ($1B in RAUM)

• Section 4: Large Private Equity Managers ($2B in RAUM)

Page 5: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

55

Filing Deadlines

• 7/15/12 – Liquidity Fund Managers with ≥ $5B

• 8/29/12 - Hedge Fund Managers with ≥ $5B

• 1/15/13 - Liquidity Fund Managers with $1B to $5B

• 3/1/13 – Hedge Fund Managers with $1.5B to $5B

• 4/30/13 – All other filers

Page 6: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

66

Filing Frequency

• Large Hedge Fund & Liquidity Fund Managers: Quarterly

• All Others: Annually

Page 7: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

77

IT Challenges Posed by Form PF

• Data from internal and external systems

• Internal methodologies allowed, but strive for consistency and disclose assumptions

• Desire for a scalable process (maybe next time)

Page 8: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

88

Form PF Recommendations

• Prepare a test filing

• Assign each question to the subject matter expert

• Coordinate with vendors early and often

• Document assumptions

Page 9: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

99

Maintaining an Effective Compliance Program

Page 10: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

1010

Integration of IT and Compliance

• To the extent that firms don’t have strong IT resources supporting their compliance program in areas such as risk assessment, surveillance and testing, that can be a real challenge to effectiveness. In today’s market environment, if you have a compliance program that’s not using technology in sophisticated ways to do monitoring, testing and surveillance, then you’re probably behind the 8-ball. Generally, we’re getting pretty good at working with different data formats and developing tools that can help us take the data and perform effective analysis.

– Carlo di Florio, Director of the SEC’s Office of Compliance Inspections and Examinations

Page 11: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

1111

Integration of IT and Compliance

We’re going to be doing it, so I suggest you do it as well.

– Norm Champ, Deputy Director of the SEC’s Office of Compliance Inspections and Examinations, discussing email surveillance

Page 12: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

1212

Common Email Review Focus Areas• Correspondence with competitors

• Messages sent with attachments to personal accounts (Hotmail, Gmail, AOL)

• References to restricted list entries

• Outbound messages referencing names subject to confis

• References to known conflicts of interest

• Correspondence with government email addresses

• Political contributions

• Gifts and entertainment (conflicts of interest and FCPA)

Page 13: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

1313

Documenting Email Reviews• Scope

• Risk areas and associated search terms

• Number of hits per search term

• Number of emails opened per search term

• Findings and responses

– Decide in advance how to respond to findings that appear to be especially serious. Consider escalating directly to outside counsel.

– Word spreads quickly. Discussing questionable emails with employees will lead to changes in email behavior throughout the firm.

Page 14: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

1414

Record Retention

• Electronic record retention welcomed

– Readily accessible

– Separately backed up

– Be prepared to produce in electronic or paper format

• Little flexibility in recordkeeping obligations

– Rule 204-2

– Typically a 5 to 6 year retention period

– Most advisers keep all electronic communications

• Apple Messages are a problem

Page 15: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Technology Must-Haves for Investment Managers

Page 16: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Message Archiving

SEC requires advisers to retain all internal and external electronic business communications

Tape backup by itself is not adequate!

Know the regulations & sound practices for archiving

All electronic messages must be captured and retained.

Page 17: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Message ArchivingRule 204-2: Retain all internal and external electronic business communications

Requirements Solution

• Retain accurate records Archive all electronic messages for up to 7 years

• Electronic media WORM format with off-site backup

• Index & retrieval Messages are indexed for easy & fast retrieval

Rule 206(4)-7: Adopt written compliance policies & procedures

Requirements Solution

• Prevent & detect violations

Internal supervisory compliance controls

• Annual review Robust reporting to facilitate annual reviews

Messaging archiving technology can simplify record retention & compliance reporting.

Page 18: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Message Archiving

Will my data be stored on dedicated or shared storage?

Is WORM storage used to ensure data integrity?

Are all messages searchable from a single search command?

How is user access to data controlled?

Do you archive messages from all devices?

Do you provide 24X7 support and/or in-house legal support?

Some questions to ask your solutions provider...

Page 19: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Email Security

Gramm-Leach-Bliley Act Data Protection Act of 1999 (GLBA) – Section 501(b):

– Protect Non-public Information

Email Security helps comply with data privacy regulations.

MA 201 CMR 17 (Massachusetts ):

– Protect Personal Identifiable Information (PII)

Regulations:

Common sense:

Firm’s reputation is at risk the moment customer privacy is violated.

Page 20: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Email Security Solutions

Email Security

Outbound Encryption

Spam Filtering

Anti-virus protection

Data Loss Prevention

A standard email security package goes a long way.

Ensure security of all outgoing electronic communications!

Page 21: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Email Security

What level of encryption is used to protect my email?

How do I access an encrypted message?

Can I create specific email security policies?

How can I prevent sensitive data from leaving my network?

How do my virus-outbreak filters stay current?

How much system maintenance is required of me?

Some questions to ask your solutions provider...

Page 22: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Mobile Device Management

What devices are accessing your network?

Are all the mobile apps safe to use?

Has anyone lost a phone recently?

Enterprise data is moving to smartphones & tablets!

Page 23: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Mobile Device Management (MDM)

MDM is essential for a comprehensive data protection strategy.

Convergence of work and personal devices...

Context – match activity to location, time, and network

Activity – user behavior patterns

Content – identify & secure files on each phoneApplication – provision, configure, troubleshootDevice – track settings, status, inventory, policies, functions

Visibility into mobile devices...

Photo Source: Mobile Iron

Page 24: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Mobile Device Management (MDM)

What mobile operating systems does your MDM solution support?

What asset management & inventory capability exists for managing devices on the network?

What remote administration functionality is available? Password enforcement

What reporting is available across operators, operating systems and locations?

Some questions to ask your solutions provider...

Page 25: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Other Technology Considerations

Web Filtering– Protection from malware originating over the internet

Intrusion detection– Protection against hackers attempting to invade a network

Endpoint encryption– Encryption of data on laptops and all other devices

Page 26: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

Eze Castle Integration OverviewFounded 1995

Headquarters

Additional Offices

260 Franklin Street, 12th Floor, Boston, Massachusetts, 02110

Chicago, Dallas, Geneva, Hong Kong, London, Los Angeles, Minneapolis, New York City, San Francisco, Singapore and Stamford

Core Services

• Strategic IT Consulting• Outsourced IT Solutions• Professional Services• Project & Technology Management• Communications Solutions• Network Design & Management• Internet Service

• Private Cloud Services• Business Continuity Planning• Disaster Recovery• Compliance Solutions• Storage Solutions• Colocation Services• E-Mail & IM Archiving

Awards Received

Page 27: Hot Topics for Investment Managers: Compliance & Technology Directives for 2012

260 Franklin Street, 12th floor Boston, MA 02110 Tel: 617-217-3000 www.eci.com


Top Related