Backstop and ACA Compliance co-host panel on operational due diligence (ODD), compliance and data security

Backstop Solutions

Learn more about Backstop Solutions Group

Recent Posts

Backstop and ACA Compliance clients and industry peers came together on February 24th in New York City for a discussion on this year’s greatest challenges and priorities to the alternative investment industry. The panel included experts:

Emma Sugarman, Head of Investor Relations at Hudson Executive Capital

Vin Molino, SVP, Director of Operational Due Diligence at Permal

Michael Abbriano, Senior Principal Consultant at ACA Compliance

Marc Lotti, Partner - Cybersecurity and Risk at ACA Compliance

Led by Backstop’s Vice President of Product and Market Strategy, Robert Goldbaum, panelists discussed how regulatory issues like data security and compliance are affecting operational due diligence, investor servicing and capital raising.

The panel kicked off with a conversation around transparency between managers and allocators, with Molino noting his firm still meets managers who embellish in their sales pitches. When this happens, Lotti said, it creates a trust issue or suggests deficiencies. Other red flags, Lotti said, include using unknown service providers, because they pose potential conflict of interest and security risks.

Turning to a broader discussion around third-party vendors, Abbriano reminded the audience of the limits to outsourcing the chief compliance officer function, especially following an alert from the SEC staff highlighting certain risks that may be associated with outsourced CCOs. For example, the SEC staff will examine whether outsourced CCOs are empowered to carry out the compliance function in the same way someone would be in-house and whether the vendor has the requisite knowledge of the firm to be effective.

As risky as outsourcing can be, however, Sugarman pointed out that with such high security risks, having a strong in-house team is only half the equation. Firms need a fully built-out infrastructure, which includes both in-house and external experts, and regular testing. Allocators, Molino said, also need to put pressure on managers to do ongoing due diligence with their vendors to ensure they are testing their security controls.

Cybersecurity remained the focus of the discussion, with majority of the audiences’ questions relating to an interest in how we keep our data safe, and the importance of having a convergence between compliance and technology. When asked why we have such trouble preventing these attacks, Lotti explained how difficult it is to keep up with hackers, who are on to their next scheme faster than security officers can de-bug, citing the need for an evolving information security program to help mitigate these risks.

A big thanks to our panelists and attendees for a great event!