“Cybersecurity threats know no boundaries. That's why assessing the readiness of market participants and providing investors with information on how to better protect their online investment accounts from cyber threats has been and will continue to be an important focus of the SEC.”
- SEC Chair Mary Jo White Hentsū is pleased to have submitted our responses to the AITEC-AIMA due diligence questionnaire. This has been completed on the Markit KY3P platform and is now available to all other users of KY3P. Current users include the UK’s leading law firms, asset managers and information technology providers.
Know Your Provider
For asset managers, transparency with vendors and providers is vital to remaining compliant. Due diligence and third party management continues to become more important and increasingly complex. Firms should be cognisant of the SYSC 8 requirements before, during and after the engagement and AITEC-AIMA DDQ helps with this clarity.
What Asset Managers Need to Know
If a firm outsources critical operational functions or any relevant services and activities, it remains fully responsible for discharging all of its obligations under the regulatory system.
Firms should review their IT outsourcing arrangements in light of SYSC 8 as a matter of good governance.
Where a third party delivers services on behalf of a regulated firm, including a cloud provider, this is considered outsourcing and firms need to consider the relevant regulatory obligations and how they comply with them.
Vendor management can be cumbersome and often lacks uniformity. KY3P is expected to bring some relief to asset management firms through the standardization; along with reducing time and risk associated with the vendor evaluation and risk assessment process.
Vendor Management Tips
Conduct risk assessment of vulnerabilities; understanding the breadth and depth of vendor dependencies
In-depth due diligence before engaging a vendor and ongoing regular due diligence during the relationship
Employ contingency plans for terminating vendor contracts
The SEC has made cybersecurity a matter of priority for asset managers. Completing the AITEC-AIMA DDQ shows Hentsū’s commitment to helping clients with cybersecurity preparedness and to staying on top of industry regulation. View the full OCIE 2015 Cyber Security Examination Initiative
Today, Amazon announced the launch of AWS data centres in London. In addition to the existing Dublin and Frankfurt locations, AWS now has a third European region choice, and one which is especially useful to UK customers. As usual for AWS regions, this UK location comes with multiple levels of resiliency and comprises of two data centres.
But what does this mean for asset managers using AWS technology and Hentsū customers in the UK?
Lower latency to your UK offices and data centres
Lower latency to other financial institutions, exchanges, and market data providers
If there are any specific requirements around UK jurisdiction, this is now easily mandated as part of the deployment
Connectivity is now available as a cross connect from multiple points of presence in London
Hentsū is now deploying to AWS London. For existing customers we can redeploy your existing environments to the UK region, with the minimum downtime.
The AWS Europe (London) Region offers two Availability Zones at launch. AWS Regions are comprised of Availability Zones, which refer to technology infrastructure in separate and distinct geographic locations with enough distance to significantly reduce the risk of a single event impacting availability, yet near enough for business continuity applications that require rapid failover. Each Availability Zone has independent power, cooling, physical security, and is connected via redundant, ultra-low-latency networks. AWS customers focused on high availability can architect their applications to run in multiple Availability Zones to achieve even higher fault-tolerance. AWS also provides multiple Amazon CloudFrontedge locations in the UK for customers looking to deliver websites, applications, and content to UK end users with low latency. These locations are part of AWS’s existing network of 68 edge sites across North and South America, Europe, Asia, and Australia. See the full press release here. Contact us for more information on how you can take advantage of the new UK London AWS region.