A stellar group of active and recently retired regulators came together at GAIM Ops Cayman to give the low down on what new rules are coming down the pipe.
The landmark Newman case in the US on insider trading has changed the landscape for prosecutors in the US and the representatives in the room were clear that Newman was not a safe harbor for insider trading. What it has done is introduce definitions regarding the pecuniary gain required to prosecute.
Regulators worldwide are getting to grips with cybersecurity and it is the biggest issue on the table at the moment, with plenty of resources to assist in getting the industry up to speed. AIMA has produced a modular plan, breaking down the benchmarking in the market, while the MFA recently released guidance for all categories of its membership.
The MFA guidance states that a supervisory process must be in place to address the risks you have and to be prepared for any type of threat to your technology systems, as well as outlining how you intend to deal with them. The plan must be approved by senior management and must be appropriate for your holding company structure if relevant. After a full assessment of vulnerabilities for any ‘at-risk’ data, safeguards must be put in place. A key point here is that service providers and third parties must meet these standards or you should look elsewhere.
The main issues within cybersecurity that are giving the industry sleepless nights are the challenges presented by technology and the level of spending required, as well as knowing when to stop spending money. Other concerns include education for employees and conducting due diligence on counterparties.
A relatively new tactic which has been seen in the compliance arena, checks to see how staff are responding to the threat, by sending out a fake phishing email and seeing how many people click on it. One panelist said 30% of staff clicked on the suspect link at his firm. These phishing emails are a major threat because they can sit dormant for some time before striking.
Making passwords strong and changing them regularly is pretty basic advice. Firewalls and anti-virus software also needs to be updated to the latest versions. Mobile devices must be given the same attention and there is also the prospect of voicemail phishing to deal with. Other issues centre on training of employees and making sure to test the plan every 12 months.
To illustrate the scale of the problem facing the hedge fund sector, there was a story of a group of hackers had a hedge fund firm under surveillance for some time and noticed that the same Chinese restaurant was delivering food there each day. The hackers simply accessed the systems of the restaurant and placed malware in the menu that was emailed to the hedge fund firm, which gave them access. That is the reality of the situation facing the industry today.