[ad_1]
Hedge funds are sounding the alarm over cyber blunders by financial regulators as they prepare to submit further details about their closely guarded investment strategies.
The Securities and Exchange Commission and the Commodity Futures Trading Commission last week adopted rules that expand what private fund advisers must confidentially report, including details of their credit strategies, including crypto investments and litigation funding. Regulators said the additional data will help monitor market risks and strengthen oversight of the private funds industry, which has grown to manage about $26 trillion in total assets.
Industry groups have raised concerns about the government’s ability to protect data in so-called Form PF, warning that the detailed information could provide a roadmap for funds’ confidential proprietary investment strategies. The SEC in particular is an attractive target for hackers and has a dodgy cyber record, as revealed last month when a hacker accessed his official SEC X account.
“People will file their data, but then the SEC will decide what their cyber strategy is,” said Jennifer Wood, global head of asset management regulation at the Alternative Investment Management Association. Let’s remain silent about strengthening the system,” he said.
The amendments are the latest in a series of changes to Form PF, which has been overhauled in recent months to address what regulators said were gaps in the information they receive from private fund advisers. It is something.
The SEC and CFTC dismissed security concerns in the final rule, saying they have “strong data protection measures in place to protect all information submitted on Form PF.” Republican committee members who opposed the rule, which is scheduled to go into effect next year, said government agencies’ cyber practices are under constant challenge, pointing to the risks posed by employees viewing sensitive data and taking industry jobs. did.
The SEC declined to comment beyond the rules release. The CFTC did not immediately respond to the request.
Granular data
Adopted in 2011 as part of the Dodd-Frank Act, Form PF can be used by regulators for enforcement activities and to assess the systemic risk that private funds may pose. Certain data contained in the report is not publicly available.
The new rules require large hedge funds with a net asset value of at least $500 million to provide more detailed information about their fund strategies, giving regulators more scope to monitor hedge fund operations. The authorities also expanded reporting requirements on things such as a fund’s investment exposure and financing arrangements.
Critics of the changes, including various industry groups, questioned whether regulators needed all the new information. The industry body warned that unauthorized disclosure of Form PF data could cause significant harm, given the level of detail that fund advisers must provide.
The risk of a cyber incident “will increase with the increasingly granular information that government agencies collect,” the MFA, formerly known as the Managed Funds Association, said in a 2022 comment letter on the proposal. The group’s head, Brian Corbett, last week reiterated his warning that regulators’ “broad and undisciplined data demands could put sensitive proprietary investment strategies at risk”.
Another group, the Securities Industry and Financial Markets Association, said the information could be used to reshape a fund’s investment strategy, potentially allowing for front-running.
Carl Egbert, a partner at Baker McKenzie and co-chair of the firm’s Global Investment Fund Management Committee, said the Form PF data is “very useful for people who know what they’re looking for. It will be helpful.”
cyber breach
The SEC has repeatedly come under fire for its lax cybersecurity defenses, a problem that plagues agencies across the federal government.
Last month, the SEC’s official X account was hacked with a fake post claiming the SEC had approved a Spot Bitcoin ETF, causing a temporary spike in trading. The committee gave approval the next day.
A few years earlier, the SEC’s public company filing system EDGAR was hacked as part of a large-scale breach that the government later blamed on an Eastern European group.
In response to questions from lawmakers about social media breaches, SEC Chairman Gary Gensler said in a letter this month that “the SEC takes its cybersecurity obligations seriously.” However, the SEC’s inspector general has repeatedly uncovered deficiencies in the commission’s cyber practices.
The SEC’s internal watchdog said in September that the agency was not fully compliant with cybersecurity standards, including requirements that public systems support multi-factor authentication. An independent assessment from the previous year found that the SEC did not consistently implement protocols to reduce the risk of unauthorized access to information systems.
The CFTC’s internal watchdog has also raised cyber concerns within the agency, including the transition to cloud computing platforms.
No neuralizer
In addition to amendments to Form PF, the SEC and CFTC announced an agreement to share the form’s data with each other. AIMA’s Wood said this “increases the likelihood that threat vectors will be attached to the data.”
SEC Commissioner Mark Ueda and CFTC Commissioner Caroline Pham, both Republicans, also raised security concerns.
“Given the increasing sensitivity of Form PF data and the continuing challenge for government agencies to protect their own databases and accounts, it would be imprudent to release SEC-only Form PF data to the CFTC. ” they said in a joint statement.
Even putting aside concerns about hacking, government employees who encountered the data may recall what they saw as they leave for jobs in the private sector, which could include positions in the private funds industry. “We cannot forget,” Ueda said.
“Despite the vast resources of the federal government, the Neuralizer remains a fiction,” he said in a separate statement, referring to the memory-erasing device featured in the 1997 film “Men in Black.” Stated.
SEC “Drill Down”
With last week’s changes, Form PF has been amended for the third time in the past 12 months. This is part of a broader SEC effort led by Gensler to increase transparency in the private fund industry.
“This is an important step toward drilling down and seeking more detailed information and reporting on private funds, particularly their structure,” said Christine Ayako Schlepegrell, partner at Morgan Lewis & Bockius LLP and former head of the SEC. “It supports and underpins the SEC’s goals.” Private fund branch.
One of the most significant changes went into effect in December, requiring hedge funds and private equity advisers to report extraordinary investment losses and certain other material events to the SEC within 72 hours. The industry group said cumulative changes to Form PF would require an overhaul of private fund reporting systems.
While acknowledging the SEC’s good intentions to closely monitor market risks, some question whether the SEC’s changes justify the additional compliance costs.
“For me, the question is, is it ultimately worth the money?” Egbert says.
[ad_2]
Source link
