Apr. 8, 2021

Digital Identity Management in a Post‑Pandemic World: SolarWinds, Zero Trust and the Challenges Ahead (Part One of Two)

A primary challenge for organizations during the global pandemic is running remote operations securely and efficiently as new and malicious threats are rapidly introduced into the cybersecurity landscape. Getting digital identity management right is a key part of the solution. This first article in a two-part series on digital identity and authentication processes discusses – with commentary from identity experts at Venable, ServiceTitan, Microsoft and Google – how the pandemic has shifted the virtual landscape, the identity aspects of the SolarWinds incident, the Zero Trust infrastructure and some of the identity management challenges firms are facing. The second article will offer a framework for approaching an identity-centric cybersecurity program. See “Critical Components of a Hedge Fund Manager Cybersecurity Program: Resources, Preparation, Coordination, Response and Mitigation” (Jan. 15, 2015).

The SEC’s New Disgorgement Powers: Questions and Consequences

Although predominantly a military spending bill, the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 includes consequential changes to the SEC’s power to recover disgorgement of ill-gotten gains for securities violations. Fund managers should be aware of those changes and the questions that courts will need to answer about them in coming years. In a guest article, Vinson & Elkins attorneys Palmina Fava, Cliff Thau, Marisa Antonelli and David Hoffman provide concrete steps managers can take in anticipation of this sea change in SEC enforcement. See “Recent Amendments to the Securities Exchange Act Pose New Risks for Private Fund Managers” (Feb. 25, 2021).

Digital Assets Remain Top of Mind for SEC Division of Examinations

Private funds that invest in digital assets face unique compliance challenges, especially with regard to trading, valuation and custody. The SEC Division of Examinations recently issued a broad risk alert (Alert) on the activities of advisers, broker-dealers and transfer agents relating to the offer, sale and trading of digital assets that constitute securities. As used in the Alert, “digital asset” refers to “an asset that is issued and/or transferred using distributed ledger or blockchain technology,” including, without limitation, virtual currencies and tokens. This article discusses the key takeaways from the Alert, with added insight from Genna N. Garver, partner at Troutman Pepper. See “Symposium Examines the State of the Cryptocurrency Market (Part One of Two)” (Jun. 25, 2020); and “HFA Program Explores Trends and Challenges in Digital Assets, Including Need for Clearer Regulations” (Feb. 13, 2020).

Reformed QFII/RQFII Programs Facilitate Investment in China

The People’s Republic of China has notoriously strict rules for access to its securities markets, but a number of programs initiated by China in the past two decades have opened the window to trading by foreign investors. A recent Simmons & Simmons webinar provided an overview of the opportunities for investing in Chinese securities, with a focus on the reformed and expanded Qualified Foreign Institutional Investor and Renminbi Qualified Foreign Institutional Investor programs, which now provide the broadest access for managers with alternative investment strategies. The program featured Simmons & Simmons partner Melody (Fan) Yang and David R. Mulle, partner at Seward & Kissel. This article explores their insights. For additional articles relating to raising capital in China, see “New Rule Offers Managers a Way to Raise Capital in China” (Apr. 13, 2017); “How Private Fund Managers Can Access Investor Capital in Hong Kong and China: An Interview With Mayer Brown’s Robert Woll” (Feb. 23, 2017); and “K&L Gates Partners Offer Practical Guidance for Hedge Fund Managers on Raising Capital in Australia, the Middle East and Asia” (Oct. 30, 2014).

Drafting Data Privacy and Security Provisions in Vendor Agreements: Negotiating Critical Provisions and Responding to Incidents (Part Two of Two)

As fund managers face unique regulatory and civil litigation risks through the vendors that they employ, it is vital for them to ensure that the agreements they have with those third-party service providers include sufficient data privacy and security provisions. In addition, in the event of a cyber breach, a fund manager must ensure that it works with its vendors to properly respond to the incident. This second article of our two-part coverage of a recent Strafford seminar featuring Davis Polk attorneys Matthew J. Bacal, Daniel F. Forester and Matthew A. Kelly addresses critical data privacy and data security provisions fund managers should include in vendor agreements, along with key considerations for incident response. The first article detailed the current risk environment; provided guidance for managers on vendor management and due diligence; and discussed underlying considerations when negotiating vendor agreements. See “Hedge Fund-Specific Issues in Portfolio Management Software Agreements and Other Vendor Agreements” (Aug. 4, 2011).