Lucy Frew's latest article has been published in the Hedgeweek Cayman Islands Fund Services 2018 report.
Significant developments in the regimes for data protection and cybersecurity, together with increasing investor awareness, mean that these are key issues for hedge fund businesses in 2018.
Technological advances have brought great opportunities and efficiencies to the alternative investment fund industry but not without also introducing previously unimagined risks, irrespective of geographical location.
With the introduction of new domestic legislation in the form of the Data Protection Law, 2017 (DPL), new international regulation in the form of the General Data Protection Regulation (GDPR) and heightened regulatory scrutiny from the Cayman Islands Monetary Authority (CIMA), investor demands, as well as commercial and reputational risk sensitivity, mean that data protection and cybersecurity are topping hedge fund businesses priorities lists for 2018.
Across the world, including the Cayman Islands, governments and regulators have been steadily increasing their focus and resources on cybersecurity. Ironically, it is also the legal and regulatory obligations to collect personal data resulting from new international data sharing regimes combined with cybersecurity concerns and innovative technology deployments which are making the regulation of personal data more complex than ever before.
CIMA had already announced in May 2016 that it sees cyber attacks as one of the key risks facing the financial sector in today’s digital environment.
CIMA has strongly encouraged licensees to assess their cybersecurity risks, reassess their strategies to ensure they are comprehensive and up-to-date for the current environment and to test their security programmes to identify vulnerabilities to their systems. CIMA had already made clear it will review licensees’ approaches to data security risk management and examine technical controls, incident response, and staff training. As part of its reviews, CIMA will also consider licensees’ ability to protect the confidentiality, integrity and availability of sensitive customer and other information.
Financial regulators, including CIMA, are typically not being prescriptive in setting out rules and standards to which alternative investment funds sector businesses must adhere. This makes sense given the breakneck pace of sophistication of both cyber attacks and prevention. However, CIMA is certainly increasing its focus on the issues of cyber risks and cybersecurity within the industry, especially as the industry is playing an everincreasing role in financing the economy.
Click to view full article