Weak cybersecurity practices of service providers pose material risks to private fund managers. As connectivity grows, managers run the risk that data entrusted to vendors could be compromised, or that the manager’s own system may be breached through one of its vendors. Consequently, it is critical to understand and manage the risks posed by vendors. See “Surveys Show Cyber Risk Remains High for Investment Advisers and Other Financial Services Firms Despite Preventative Measures
” (Jul. 20, 2017); and “Study Reveals Weaknesses in Asset Managers’ Third-Party and Vendor Risk Management Programs
” (Mar. 9, 2017). A recent program presented by Advise Technologies discussed ways to assess vendor risk; best practices for managing vendors; uses of due diligence questionnaires; and common errors in vendor management. Advise’s chief regulatory attorney and managing director, Jeanette Turner, moderated the discussion, which featured Jason Elmer, managing director at Duff & Phelps
, and Aaron K. Tantleff, partner at Foley & Lardner. This article summarizes their insights. For recent commentary from Advise and Turner, see “A Roadmap of Potential Landmines for Fund Managers to Avoid When Completing the Revised Form ADV
” (May 25, 2017); and “The ‘Why’ Behind the Recent Form ADV Amendments: What Information the SEC Will Require and How the Agency Intends to Use It
” (May 4, 2017).