“Cybersecurity threats know no boundaries. That's why assessing the readiness of market participants and providing investors with information on how to better protect their online investment accounts from cyber threats has been and will continue to be an important focus of the SEC.”- SEC Chair Mary Jo White Hentsū is pleased to have submitted our responses to the AITEC-AIMA due diligence questionnaire. This has been completed on the Markit KY3P platform and is now available to all other users of KY3P. Current users include the UK’s leading law firms, asset managers and information technology providers.
Know Your ProviderFor asset managers, transparency with vendors and providers is vital to remaining compliant. Due diligence and third party management continues to become more important and increasingly complex. Firms should be cognisant of the SYSC 8 requirements before, during and after the engagement and AITEC-AIMA DDQ helps with this clarity.
What Asset Managers Need to Know
- If a firm outsources critical operational functions or any relevant services and activities, it remains fully responsible for discharging all of its obligations under the regulatory system.
- Firms should review their IT outsourcing arrangements in light of SYSC 8 as a matter of good governance.
- Where a third party delivers services on behalf of a regulated firm, including a cloud provider, this is considered outsourcing and firms need to consider the relevant regulatory obligations and how they comply with them.
Vendor Management Tips
- Conduct risk assessment of vulnerabilities; understanding the breadth and depth of vendor dependencies
- In-depth due diligence before engaging a vendor and ongoing regular due diligence during the relationship
- Employ contingency plans for terminating vendor contracts
Date(s) - 01/01/1970
12:00 AM - 12:00 AM
600 5th ave. NY, NY