KYC and Email: A Dangerous Mix
Anthony says that while it’s not often cited as the main reason to move away from email, when it comes to know-your-customer, cybersecurity should be near the top in a pitch meeting.
This month, I wrote about how the buy side is increasingly having to carry weight when it comes to know-your-customer/ anti-money-laundering (KYC/AML) requirements. The sell side is looking for help—and is tired of getting fined—and regulators want asset managers to provide greater transparency, as well.
As a result, many large buy-side institutions have turned to utilities and managed-services providers for help. While the decision-making is not likely to be outsourced, data collection and dissemination is.
But another reason why buy-side firms should consider a shift toward third-party offerings is security, specifically of the cyber kind. The Sony Pictures Entertainment hack should have been a thunderbolt for every industry—information sent through “secure” email is never really secure. One asset management source told me that cybersecurity “is a concern of course, but it’s not a driving factor,” in the firm’s attempt to lessen its reliance on email. Another asset management source put it more bluntly: “The security and privacy issues can be handled. I think it’s overblown, but I could be proven wrong.”
In public, buy siders like to talk about the necessity of security. In private, I’ve always had the impression that while it’s important, there’s a helpless feeling, too, so you can’t have cyber concerns paralyze you.
But there is reason for concern. Take, for example, what Bloomberg’s Dan Matthies—head of Bloomberg Entity Exchange—has to say: “When you think about a hedge fund wanting to identify, eliminate and mitigate risk, there’s a lot of concern about the fact that the process today happens over email,” he says. “When you multiply the number of counterparties you have, times the number of entities that you have, times the number of groups that you’re dealing with at those counterparties, there are hundreds of different people that you’re dealing with and if everything is being done over email, you’re susceptible to disorganization and to a lot of cyber risk.”
Hedge funds have never been comfortable having their personal details, their firm’s details, and their more sensitive documents being sent via email. They want control over that process
Even though it’s always been the way it’s done, hedge funds have never been comfortable having their personal details, their firm’s details, and their more sensitive documents being sent via email. They want control over that process, but when it comes to KYC, traditionally there haven’t been a lot of options.
In this new world, though, where vendors are entering into the KYC space specifically to help the buy side, it’s also imperative that the vendors change their ideas about liability, says Steve Pulley, head of Thomson Reuters’ risk managed services. “They all asked the following question and I think it’s the biggest question for all those other asset managers that we’d love to bring on board: What liability is the service provider prepared to take on and inherit in the event of a bad outcome around information security?” Pulley says. “Providers and vendors that say ‘zero’ or ‘de minimis’ aren’t going to do business with the big buy-side firms, period. It’s a cost of doing business in this space and you had better be good at what you do.”
Danger
For the feature, I laid out the challenge that buy-side firms are facing and why it’s different today, and then focused on the four vendors in the space that I’ve heard most about from my buy-side contacts. To me, it makes sense for asset managers to turn over some of their onboarding processes to specialists. It’s good for everyone involved because there is a ton of overlap and there’s no real competitive advantage. Large numbers of buy-side firms are still looking but not acting. As onerous as it could be, there’s a familiar comfort.
But if you need a reason to make the change, it’s cybersecurity. This is a new era and it demands new tools. Going it alone has worked for a long time, and, as one of my sources noted, you can think that the cyber issue is overstated, but it’s dangerous to be proven wrong.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Regulation
DSB says industry is ready to meet UPI mandate ahead of deadline
The Unique Product Identifier will be required for certain OTC derivatives in the EU at the end of April, following US adoption in January.
‘Very careful thought’: T+1 will introduce costs, complexities for ETF traders
When the US moves to T+1 at the end of May 2024, firms trading ETFs will need to automate their workflows as much as possible to avoid "settlement misalignment" and additional costs.
Court case probes open-source licenses as movement stands at crossroads
The Software Freedom Conservancy’s lawsuit against TV-maker Vizio begins trial in California, raising questions about open-source licenses and the risks posed by adhering to them.
Waters Wavelength Podcast: Countdown to T+1
DTCC’s Val Wotton joins the podcast this week to discuss the impending move to T+1 in the US.
Consolidated tape hopefuls gear up for uncertain tender process
The bond tapes in the UK and EU are on track to be authorized in 2025. Prospective bidders for the role of provider must choose where to focus their efforts in anticipation of more regulatory clarity on the tender process.
Fighting FAIRR: Inside the bill aiming to keep AI and algos honest
The Financial Artificial Intelligence Risk Reduction Act seeks to fix a market abuse loophole by declaring that AI algorithms do not have brains.
Waters Wrap: The rise of AI washing… and regulation washing?
The SEC recently levied fines against two investment advisors over “AI washing”. Anthony takes issue with the announcement.
Prepare now for the inevitable: T+1 isn’t just a US challenge
The DTCC’s Val Wotton believes that firms around the globe should view North America’s move to T+1 as an opportunity—because it’s inevitable.
Most read
- Sell-Side Technology Awards 2024: All the winners
- Systematic tools gain favor in fixed income
- Sell-Side Technology Awards 2024: Best sell-side front-office platform—Bloomberg