Protecting Against Asset Management Operational Risks

March 29, 2022
An overview of asset management operational risks for 2022, with tips for cybersecurity, preventing data leaks and more.
asset management operational risk management

Asset management operational risks continue to develop and evolve as quickly as the industry itself. In recent years it has become apparent that one of, if not the largest threat, lies in the security risks that come with the collection and usage of sensitive data necessary within our asset management and wealth management industry. 

In addition to the growing importance of asset management data security, firms must be aware of other emerging operational risks in the industry, including compliance with ever-changing regulations and the rethinking of daily operations for employees brought upon by the pandemic. 

This article will highlight what we view as the three biggest operational risks for 2022 in the asset management industry.

 

The Biggest Asset Management Operational Risk: Cybersecurity

In the asset and wealth management sector, data is paramount. It informs every aspect of the business, from client operations to marketing plans. While this is universal to nearly every industry, few industries are privy to the amount of personal data that asset and wealth management professionals utilize on a daily basis. 

Threats to asset management cybersecurity can come in a variety of forms. Data breaches of company or client data can be detrimental and at times fatal, to an asset management firm.

Business Email Compromise Attacks

One of the most common operational risks, not specific to the asset management industry, are business email compromise (BEC) attacks. The 2020 FBI Internet Crime Complaint Center recorded 19,369 BEC attacks in a single year, with losses amounting to $1.8 billion.1 These numbers will most likely only continue to grow. 

As the name suggests these attacks occur through email correspondence. In the asset management industry this will most likely take the form of a threat actor imitating a person, client or employee.

BEC attacks can also be used to gain business and client-sensitive information. BEC attacks can come from a variety of sources. In recent years they have also been adopted by some firms as a form of ‘industrial espionage’ where competing firms try to gain insider information on competitors.

Ransomware

Another asset management operational risk concerning a firm’s data can occur through ransomware. In the last year alone, the world experienced a 105% increase in ransomware cyberattacks.2 

With the nature of asset management data, this can come in the form of stealing sensitive data, or encrypting time-sensitive data needed for operations. 

Threat actors will request a ransom to either not release or perform malicious actions with sensitive data of a firm or its clients, or to decrypt data that is needed to perform time-sensitive operations such as investments and funds transfers. 

These ransomwares can occur through a variety of mediums such as BEC attacks, not properly secured datasets, investment models and more.

Ways to Improve Asset Management Cybersecurity

There are several steps a firm should take to combat these cyber operational risks in the asset management industry.

Employee Training

All employees in an organization should be properly trained to recognize and properly report BEC and spear-phishing attacks. This includes stressing vigilance in areas such as the verification of unrecognized email addresses and avoiding suspicious links to avoid BEC and ransomware attacks.

Employees should also be trained on best practices for passwords for email accounts, platforms and any portal that contains sensitive company or client information.

Invest in Asset Management Cybersecurity

Firms should also invest in their cybersecurity programs. This can involve increasing budgets to hire third-party cybersecurity vendors, or increasing existing cyber protocols. Asset management firms should have specialized software such as secure investor portals to protect sensitive information such as account data, documents, and forms.

 

A Second Operational Risk: Asset Management Regulatory Compliance

Avoiding criminal security threats is only part of the operational risks asset management firms have been and will continue to face in 2022. This should come as no surprise, but it is vital to be aware and compliant to changing regulations. Each year brings about new areas that regulatory bodies focus on, and with it, new penalties for compliance negligence and failures. 

In 2021 fines collected by the Financial Industry Regulatory Authority (FINRA) rose by 60% compared to the prior year.3 These increases in fines can be expected to grow in the coming year, emphasizing the importance of proper compliance.

Asset Management Compliance for 2022

Areas that should be revisited for proper compliance in 2022 should include:

  • Cyber, fraud, and financial crime
  • Modernization of investment advisor marketing
  • Derivatives
  • Fair valuation
  • Changes to money market fund pricing
  • Digital assets
  • ESG investing
  • DEI and financial inclusion4

Achieving Proper Asset Management Regulatory Compliance

Luckily, unlike the operation risk of cybersecurity, asset management compliance is fairly straightforward. Proper compliance involves hiring effective compliance professionals and supplying them with the compliance software tools they need, or hiring a third party compliance firm.

 

A Third Asset Management Operational Risk: The Work From Home Employee

The emergence of the work-from-home employee, necessitated by the pandemic, will most likely have lasting impacts on the business landscape. One operational risk that has emerged for asset management firms specifically, relates back to cybersecurity concerns. 

Working from home may cause certain employees to be more susceptible to the cybersecurity attacks previously mentioned in this article.

Mitigating Risks 

Work from home has only increased the importance of having both cloud-based CRMs and secure data exchange platforms for employees that need access to sensitive data, proper training to avoid BEC, ransomware and other cyberattacks and computers and work devices with effective security features. 

Some companies may choose to continue work from home programs in perpetuity, even after the pandemic ends. As a result, it may be worthwhile to make investments now to ensure that your employees, and the data they use, will be secured with proper training, software, and devices.

Asset Management Operational Risk Solutions and More for 2022

Satuit provides a suite of software products designed for asset management professionals. Our award-winning cloud-based asset management CRM was developed by investment professionals who understand the complex nature of investment sales, client service and compliance regulations.

Our secure investor portal provides secure access to sensitive data that can be easily incorporated into existing systems. Create secure investor reporting and due diligence packages for investors with our client report automation software and integrate the Satuit platform securely with our secure data exchange platform

 

Contact us today to learn more about how Satuit’s software solutions can help mitigate asset management operational risks and increase productivity and efficiency.

 

Sources Used:

1https://resources.infosecinstitute.com/topic/the-state-of-bec-in-2021-and-beyond/ 

2https://fortune.com/2022/02/17/ransomware-attacks-surge-2021-report/ 

3https://www.wealthmanagement.com/regulation-compliance/finra-fines-jump-60-2021-even-case-numbers-dip 

4https://www2.deloitte.com/us/en/pages/regulatory/articles/investment-management-regulatory-outlook.html