“Cybersecurity threats know no boundaries. That’s why assessing the readiness of market participants and providing investors with information on how to better protect their online investment accounts from cyber threats has been and will continue to be an important focus of the SEC.”
– SEC Chair Mary Jo White
Hentsū is pleased to have submitted our responses to the AITEC-AIMA due diligence questionnaire. This has been completed on the Markit KY3P platform and is now available to all other users of KY3P. Current users include the UK’s leading law firms, asset managers and information technology providers.
Know Your Provider
For asset managers, transparency with vendors and providers is vital to remaining compliant. Due diligence and third party management continues to become more important and increasingly complex. Firms should be cognisant of the SYSC 8 requirements before, during and after the engagement and AITEC-AIMA DDQ helps with this clarity.
What Asset Managers Need to Know
- If a firm outsources critical operational functions or any relevant services and activities, it remains fully responsible for discharging all of its obligations under the regulatory system.
- Firms should review their IT outsourcing arrangements in light of SYSC 8 as a matter of good governance.
- Where a third party delivers services on behalf of a regulated firm, including a cloud provider, this is considered outsourcing and firms need to consider the relevant regulatory obligations and how they comply with them.
Vendor management can be cumbersome and often lacks uniformity. KY3P is expected to bring some relief to asset management firms through the standardization; along with reducing time and risk associated with the vendor evaluation and risk assessment process.
Vendor Management Tips
- Conduct risk assessment of vulnerabilities; understanding the breadth and depth of vendor dependencies
- In-depth due diligence before engaging a vendor and ongoing regular due diligence during the relationship
- Employ contingency plans for terminating vendor contracts
The SEC has made cybersecurity a matter of priority for asset managers. Completing the AITEC-AIMA DDQ shows Hentsū’s commitment to helping clients with cybersecurity preparedness and to staying on top of industry regulation.
View the full OCIE 2015 Cyber Security Examination Initiative