KYC and Email: A Dangerous Mix
Anthony says that while it’s not often cited as the main reason to move away from email, when it comes to know-your-customer, cybersecurity should be near the top in a pitch meeting.
This month, I wrote about how the buy side is increasingly having to carry weight when it comes to know-your-customer/ anti-money-laundering (KYC/AML) requirements. The sell side is looking for help—and is tired of getting fined—and regulators want asset managers to provide greater transparency, as well.
As a result, many large buy-side institutions have turned to utilities and managed-services providers for help. While the decision-making is not likely to be outsourced, data collection and dissemination is.
But another reason why buy-side firms should consider a shift toward third-party offerings is security, specifically of the cyber kind. The Sony Pictures Entertainment hack should have been a thunderbolt for every industry—information sent through “secure” email is never really secure. One asset management source told me that cybersecurity “is a concern of course, but it’s not a driving factor,” in the firm’s attempt to lessen its reliance on email. Another asset management source put it more bluntly: “The security and privacy issues can be handled. I think it’s overblown, but I could be proven wrong.”
In public, buy siders like to talk about the necessity of security. In private, I’ve always had the impression that while it’s important, there’s a helpless feeling, too, so you can’t have cyber concerns paralyze you.
But there is reason for concern. Take, for example, what Bloomberg’s Dan Matthies—head of Bloomberg Entity Exchange—has to say: “When you think about a hedge fund wanting to identify, eliminate and mitigate risk, there’s a lot of concern about the fact that the process today happens over email,” he says. “When you multiply the number of counterparties you have, times the number of entities that you have, times the number of groups that you’re dealing with at those counterparties, there are hundreds of different people that you’re dealing with and if everything is being done over email, you’re susceptible to disorganization and to a lot of cyber risk.”
Hedge funds have never been comfortable having their personal details, their firm’s details, and their more sensitive documents being sent via email. They want control over that process
Even though it’s always been the way it’s done, hedge funds have never been comfortable having their personal details, their firm’s details, and their more sensitive documents being sent via email. They want control over that process, but when it comes to KYC, traditionally there haven’t been a lot of options.
In this new world, though, where vendors are entering into the KYC space specifically to help the buy side, it’s also imperative that the vendors change their ideas about liability, says Steve Pulley, head of Thomson Reuters’ risk managed services. “They all asked the following question and I think it’s the biggest question for all those other asset managers that we’d love to bring on board: What liability is the service provider prepared to take on and inherit in the event of a bad outcome around information security?” Pulley says. “Providers and vendors that say ‘zero’ or ‘de minimis’ aren’t going to do business with the big buy-side firms, period. It’s a cost of doing business in this space and you had better be good at what you do.”
Danger
For the feature, I laid out the challenge that buy-side firms are facing and why it’s different today, and then focused on the four vendors in the space that I’ve heard most about from my buy-side contacts. To me, it makes sense for asset managers to turn over some of their onboarding processes to specialists. It’s good for everyone involved because there is a ton of overlap and there’s no real competitive advantage. Large numbers of buy-side firms are still looking but not acting. As onerous as it could be, there’s a familiar comfort.
But if you need a reason to make the change, it’s cybersecurity. This is a new era and it demands new tools. Going it alone has worked for a long time, and, as one of my sources noted, you can think that the cyber issue is overstated, but it’s dangerous to be proven wrong.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Regulation
Consolidated tape hopefuls gear up for uncertain tender process
The bond tapes in the UK and EU are on track to be authorized in 2025. Prospective bidders for the role of provider must choose where to focus their efforts in anticipation of more regulatory clarity on the tender process.
Fighting FAIRR: Inside the bill aiming to keep AI and algos honest
The Financial Artificial Intelligence Risk Reduction Act seeks to fix a market abuse loophole by declaring that AI algorithms do not have brains.
Waters Wrap: The rise of AI washing… and regulation washing?
The SEC recently levied fines against two investment advisors over “AI washing”. Anthony takes issue with the announcement.
Prepare now for the inevitable: T+1 isn’t just a US challenge
The DTCC’s Val Wotton believes that firms around the globe should view North America’s move to T+1 as an opportunity—because it’s inevitable.
European firms prime for lopsided settlement in North America and at home
With T+1 imminent in North America and increasingly likely to traverse the Atlantic, operations and trading professionals in Europe are fighting on two fronts.
As crypto ETFs become reality, benchmark providers take center stage
The SEC’s approval of the first spot bitcoin ETFs will expose a growing number of traditional market participants to the maturing world of crypto data, a moment that some—such as CF Benchmarks, BlackRock’s benchmark provider—have been eagerly awaiting.
Waters Wavelength Podcast: Looking into the EU regulatory landscape
Eflow’s Ben Parker joins the podcast to discuss EU regulations.
FCA declines to directly regulate market data prices
A year-long investigation by the UK regulator to determine whether competition is hindered in the wholesale data markets has concluded with its decision not to directly regulate much-maligned data pricing and licensing structures.
Most read
- Women in Technology & Data Awards 2024: All the winners and why they won
- Witad Awards 2024: Above and beyond award (vendor)—Susan Bennett, Tradeweb
- Dark horse: Deutsche Börse building dark pool