SBAI publishes a toolbox memo on cash handling & cyber security
The Standards Board for Alternative Investments (SBAI) has released its newest Toolbox memo on Cash Handling and Cyber Security.
Cyber-enabled fraud attempts are escalating and evolving, and the current remote working environment has created additional vulnerabilities that firms need to address. The memo, produced by the SBAI’s Governance Working Group, provides guidance on key controls that help protect managers’ payment processes. It also can be used as a tool for investors to evaluate these controls during due diligence.
Alex Baker, Chief Technology Officer at Orchard Global Asset Management says: “Cyber-security is an increasingly important topic and can provide strong protection against cyber-frauds targeted at payment processes. Combining these systematic protections with strong payment processes provides credible mitigation against these risks. This memo shows the importance of combining both technology and process controls to protect payment processes.”
Betty Martin, Director of Investment Services at Employee Retirement System of Texas, says: “Cash controls and cyber-security programmes are core focus areas in operational due diligence on investment managers. Whilst this memo provides guidance for the managers, it also can be a useful tool for investors conducting operational due diligence of a manager’s protections against external fraud and cyber-attacks. It also serves as a strong reminder that institutional investors need to ensure that their own controls and process around financial transactions are robust.”
The memo provides an overview of the threat environment, explains common types of cyber-fraud and an overview of controls required to mitigate the risk. The memo also includes mini case studies and specific illustrations of payment controls for electronic payments, non-electronic payments as well as specific considerations for investor subscription payments, redemptions and capital calls.
Nic Miller, Virtual CISO at Aedile Consulting, says: “Cyber-criminals will almost always initially seek to compromise a company’s email system as a gateway to gather information and impersonate individuals. A range of technical controls can help mitigate this risk, including Multi-Factor Authentication, Single-Sign-On (SSO) and Email protections. The SBAI’s memo provides some practical steps to increase security protections.”
The SBAI’s Governance Working Group consists of 32 leading industry practitioners, the Cash Handling and Cyber Security Workstream includes representatives from CERN Pension Fund, Employees Retirement System of Texas, Ionic Capital Management, Ontario Teachers’ Pension Plan, Orchard Global Asset Management, Periscope Capital and Public Sector Pension Investment Board (PSP Investments).
Maria Long, Content Director of the SBAI, says: “The SBAI’s working groups are a visible manifestation of what makes the SBAI so valuable – institutional investors and managers working together across geographies to improve industry practices to the benefit of all market participants and the wider economy.”
The memo forms part of the SBAI Toolbox, which provides guidance to institutional investors and managers on a broad range of topics, including addressing conflicts of interest, risk and fee transparency and responsible investment. The SBAI Toolbox complements the Alternative Investment Standards, to which investment managers formally sign up to on a comply or explain basis.
The SBAI has previously published memos on cyber security, including the Cyber Security Memo in 2019, which provides a series of practical tools for smaller and mid-sized alternative investment managers. Currently the SBAI’s Governance Working Group is also actively reviewing other areas of relevance, including Fund Governance and Fee Transparency. In addition to the work in Governance, currently the SBAI is running a number of working groups focusing on the following areas: Responsible Investment, Alternative Credit, Insurance Linked Funds, Alternative Risk Premia and Standard Investor Profile Template, as well as regional focus groups in China and Japan.