Asset managers are reporting an increasing focus on cyber-security by their clients amid rising concerns over high-profile hacking cases, such as the WannaCry ransomware attack last month.
Some fund houses, such as Bermuda-based Fidelity International, are taking action, though consultants say many are lagging in this area, as AsianInvestor reported earlier this week.
Sam Coco, associate director of information security and technology risk for Asia Pacific at Fidelity International, said there had been “a material increase” of clients globally conducting due diligence on his firm's IT systems and procedures in the past three years. Such site visits by investors are now more common, he told AsianInvestor.
“There is a growing interest in overall cyber-security governance [and] vendor management including cloud services, as well as an increased focus on incident response,” said Coco, who is based in Hong Kong.
Ashley Dale, chief business development officer at Harvest Global Investments, agreed: “Cyber security is under increased scrutiny by global asset owners, especially in the wake of recent news of breaches.”
Response to cyber threats
Fidelity has responded by, in the first quarter of this year, setting up a devoted global cyber-defence team to search for and counter digital threats. Coco said an internal team could identify and resolve incidents more quickly and efficiently than outsourcing the function.
He noted that recent efforts had focused on ensuring that client-facing websites were secure and adopting practices such as SMS account verification. In addition, Fidelity International runs a training and awareness programme for staff that includes regular phishing simulation exercises.
Coco pointed out that the impact of a cyber attack could be widespread, including regulatory fines and considerable reputational loss.
However, fund houses generally are lagging when it comes to countering potential digital threats, say consultants, as AsianInvestor reported earlier this week.
Seven out of nine asset managers approached by AsianInvestor either declined to comment or said they could not provide someone to discuss the subject, suggesting a certain sensitivity in this area. They were: Aberdeen Asset Management, Ashmore, Axa Investment Managers, BlackRock, JP Morgan Asset Management, Pimco and Schroder Investment Management. Standard Chartered Private Banking also declined to comment.
Unified regulation needed
Meanwhile, regulators, such as Hong Kong's Securities and Futures Commission, have been taking action on cyber security. On May 8, the SFC started consulting on proposals to expand its regulation of electronic trading of securities on exchanges – which currently apply to brokers – to unit trusts and mutual funds.
While acknowledging a greater focus on cyber risks among regulators globally, Fidelity’s Coco stressed the importance of unified regulation across countries. “While the majority of jurisdictions appear to be mostly aligned, with a few differences they can become complex to navigate for a multinational organisation.”
Leading names in risk and compliance will offer the latest updates at the 2nd Compliance Summit Southeast Asia in September and the 6th Compliance Summit North Asia in Hong Kong in November. For more details, email Amy Rotman or call her on +852 3175 1917.