Data Security and Handling Risks for Asset Management Firms

Funds, fund advisers, and their service providers have the potential to hold much sensitive information regarding investors/clients, portfolio holdings, and other institutions they interact with daily. This can make them potentially appealing targets to those with nefarious intent – whether criminals or a rogue employee seeking to steal individuals' valuable personal information, a state actor committing commercial espionage, or a "hacktivist" out to embarrass your company by exposing its information security vulnerabilities. These risks are on top of the financial loss and reputational injury that may occur through the inadvertent loss of a loosely protected computer asset such as a laptop or an iPhone.

Regulators from the SEC to states’ Attorneys General have grown concerned about the cybersecurity risks present in many businesses – chief of which are those businesses operating in the finance sector.  No longer is a paper policy that meets a particular regulation – a check the box approach to privacy and security – enough. The developing expectation is that an organization, including its senior representatives, has an awareness of the organization’s data risk profile and that it takes reasonable steps to adopt policies, procedures, and actual organization-wide practices intended to address those risks.

Ropes & Gray’s data privacy and security team is widely recognized as a leader in handling the challenges that data and data breaches can present. We explored these trends and provided guidance on steps organizations should take to meet the growing expectations of regulators and their clients.

The speakers  were James DeGraw, Douglas Meal and Elizabeth Reza of Ropes & Gray.

 Contact info: RGevents@ropesgray.com