Earlier this year, operational and technical leaders of hedge funds attended the HFM With Intelligence European Technology Leaders Summit in London. Amongst many of the thought provoking panels, one of the key themes that was highlighted as a risk factor in modern funds was the notion of key person risk.
Carrie Whamond, Founding Partner at Alternit One discusses the challenges presented by key person risk and what companies can do to limit the exposure to this problem.
In the world of information technology and digital transformation, key person risk occurs when a company becomes too heavily reliant on either one or a select number of key individuals to manage their IT. The problem with having a limited number of people understanding IT infrastructure within a business is that when they leave, this departure can be damaging to a business if people within the organisation are not able to understand how their IT systems work.
Legacy systems, traditionally built by internal IT teams and managed in the same way, have always carried an element of key man risk. Digital transformation, including the advent some years ago of the public cloud has meant most business have migrated to Microsoft 365. This was initially regarded as a platform that significantly reduced key man risk because, by building layered security options, teams could easily interact with the system. If somebody in the IT team left the business, day-to-day operations were far less vulnerable than before.
However, Microsoft 365 is a great example of a widely used solution that also has the ability to be ‘personalised’ to a specific firm’s trade and deal flow, depending on their strategy, size and AUM. Microsoft’s Power platform is a suite of add-ons designed to digitise data processing and management that can be tailored to suit each fund’s needs. This can lead to key man risk, just in a different way to legacy IT systems. If a firm suffered a loss of data or a breach, this may trigger questions from regulators and investors that could be difficult to answer if sufficient controls and governance are not in place to support any integrated systems for clarity of information. Compliance may not understand the IT, and IT may not understand the demands of the compliance team. The risk has not been eradicated.
Most funds also choose to work with a specialist outsourced provider to support their technology stack. While this does not negate the funds responsibility as the regulated firm, it does provide a partnership with whom the fund can work with should the worst happen, and you suffer data loss or cyber breach. Your outsourced partner will have a team with experience who can support your internal operations, providing you peace of mind as you build your digitised operational model. With guidance, governance procedures can be put in place to support both the IT and compliance teams, and if the need arises, the fund has the benefit of the experience from their outsourced provider. A1 is a specialist outsourced partner for firms operating in the financial services sector. If you would like to learn more about how we can assist you with the management of your IT systems, do not hesitate to contact us.
Comments