KYC and Email: A Dangerous Mix
Anthony says that while it’s not often cited as the main reason to move away from email, when it comes to know-your-customer, cybersecurity should be near the top in a pitch meeting.
This month, I wrote about how the buy side is increasingly having to carry weight when it comes to know-your-customer/ anti-money-laundering (KYC/AML) requirements. The sell side is looking for help—and is tired of getting fined—and regulators want asset managers to provide greater transparency, as well.
As a result, many large buy-side institutions have turned to utilities and managed-services providers for help. While the decision-making is not likely to be outsourced, data collection and dissemination is.
But another reason why buy-side firms should consider a shift toward third-party offerings is security, specifically of the cyber kind. The Sony Pictures Entertainment hack should have been a thunderbolt for every industry—information sent through “secure” email is never really secure. One asset management source told me that cybersecurity “is a concern of course, but it’s not a driving factor,” in the firm’s attempt to lessen its reliance on email. Another asset management source put it more bluntly: “The security and privacy issues can be handled. I think it’s overblown, but I could be proven wrong.”
In public, buy siders like to talk about the necessity of security. In private, I’ve always had the impression that while it’s important, there’s a helpless feeling, too, so you can’t have cyber concerns paralyze you.
But there is reason for concern. Take, for example, what Bloomberg’s Dan Matthies—head of Bloomberg Entity Exchange—has to say: “When you think about a hedge fund wanting to identify, eliminate and mitigate risk, there’s a lot of concern about the fact that the process today happens over email,” he says. “When you multiply the number of counterparties you have, times the number of entities that you have, times the number of groups that you’re dealing with at those counterparties, there are hundreds of different people that you’re dealing with and if everything is being done over email, you’re susceptible to disorganization and to a lot of cyber risk.”
Hedge funds have never been comfortable having their personal details, their firm’s details, and their more sensitive documents being sent via email. They want control over that process
Even though it’s always been the way it’s done, hedge funds have never been comfortable having their personal details, their firm’s details, and their more sensitive documents being sent via email. They want control over that process, but when it comes to KYC, traditionally there haven’t been a lot of options.
In this new world, though, where vendors are entering into the KYC space specifically to help the buy side, it’s also imperative that the vendors change their ideas about liability, says Steve Pulley, head of Thomson Reuters’ risk managed services. “They all asked the following question and I think it’s the biggest question for all those other asset managers that we’d love to bring on board: What liability is the service provider prepared to take on and inherit in the event of a bad outcome around information security?” Pulley says. “Providers and vendors that say ‘zero’ or ‘de minimis’ aren’t going to do business with the big buy-side firms, period. It’s a cost of doing business in this space and you had better be good at what you do.”
Danger
For the feature, I laid out the challenge that buy-side firms are facing and why it’s different today, and then focused on the four vendors in the space that I’ve heard most about from my buy-side contacts. To me, it makes sense for asset managers to turn over some of their onboarding processes to specialists. It’s good for everyone involved because there is a ton of overlap and there’s no real competitive advantage. Large numbers of buy-side firms are still looking but not acting. As onerous as it could be, there’s a familiar comfort.
But if you need a reason to make the change, it’s cybersecurity. This is a new era and it demands new tools. Going it alone has worked for a long time, and, as one of my sources noted, you can think that the cyber issue is overstated, but it’s dangerous to be proven wrong.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Regulation
In 2025, keep reference data weird
The SEC, ESMA, CFTC and other acronyms provided the drama in reference data this year, including in crypto.
Waters Wavelength Ep. 299: ACA Group’s Carlo di Florio
Carlo di Florio joins the podcast to discuss regulations.
IEX, MEMX spar over new exchange’s now-approved infrastructure model
As more exchanges look to operate around-the-clock venues, the disagreement has put the practices of market tech infrastructure providers under a microscope.
FCA to publish bond tape tender details by end of January
Market participants must wait a month longer than expected for the regulator’s draft tender document, which will see several bidders vie for the chance to build the UK’s long-awaited consolidated tape for bonds.
Too ’Berg to fail? What October’s Instant Bloomberg outage means for the industry
The ubiquitous communications platform is vital for traders around the globe, especially in fixed income and exotic derivatives. When it fails, the disruption can be great.
New data granularity rules create opportunities for regtech providers
As evidence, Regnology increased its presence in North America with the addition of Vermeg's Agile business—its 8th acquisition in three years—following a period of constriction and consolidation in the market.
Bond tape hopefuls size up commercial risks as FCA finalizes tender
Consolidated tape bidders say the UK regulator is set to imminently publish crucial final details around technical specifications and data licensing arrangements for the finished infrastructure.
The Waters Cooler: A little crime never hurt nobody
Do you guys remember that 2006 Pitchfork review of Shine On by Jet?