Jun. 17, 2021

How Law Firms Can Prevent, Detect and Respond to Ransomware Attacks

Sophisticated cyberattacks target law firms, legal departments and courts, seeking their troves of sensitive information about entities. In 2020, a ransomware gang stole from the law firm Grubman the data of Lady Gaga and other entertainment stalwarts, then demanded $42 million. Jones Day was a victim of ransomware in February 2021. On April 28, 2021, a ransomware attack took down a Brazilian state’s court system. This article discusses distinct challenges that ransomware poses to attorneys and law firms and shares insight from interviews with cybersecurity advisers from Clark Hill, Sensei Enterprises and Splunk on the latest ransomware developments and how enterprises across industries can prevent attacks, as well as their comments during recent ransomware panels hosted by the American Bar Association and U.S. Chamber of Commerce. This article contains valuable insights, not only for law firms that handle fund manager information, but also for fund managers whose sensitive information is routinely handled by their lawyers. See our two-part series “How Fund Managers Can Identify and Prepare for Ransomware Threats”: Part One (Apr. 19, 2018); and Part Two (May 3, 2018).

Central Bank of Ireland Requires UCITS Managers to Review Liquidity Risk Management Frameworks

The European Securities and Markets Authority (ESMA) recently concluded an E.U.‑wide review of the liquidity risk management (LRM) practices of Undertakings for the Collective Investment in Transferable Securities (UCITS) fund managers. The review was conducted by the relevant regulator of each member state. Although ESMA found generally sound LRM processes, it identified a number of areas where some managers have room for improvement. Following the publication of ESMA’s findings, the Central Bank of Ireland (Central Bank) issued its own letter to the industry, flagging the specific issues it identified in its review of Irish UCITS managers and directing all supervised Irish UCITS managers to conduct an in-depth review of their LRM policies and procedures. This article analyzes both ESMA’s public statement and the Central Bank’s letter to industry, with commentary from Donnacha O'Connor, partner at Dillon Eustace, and Declan O’Sullivan, partner at Dechert. For more on liquidity risk, see “FSOC Report Focuses on Liquidity, Leverage and Other Risks Facing Hedge Fund and Asset Managers” (Apr. 28, 2016).

Understanding and Mitigating Risks Associated With Trading Driven by Social Media

Trading influenced largely by online discussion boards recently resulted in extraordinary swings in the price of GameStop shares, huge windfalls for some retail investors and massive losses for fund managers that had shorted GameStop. A recent panel at the Morgan Lewis Annual Advanced Topics in Hedge Fund Practices Conference analyzed the risks associated with retail investment activity driven by social media and commission-free trades, including the GameStop volatility; associated market disruptions; potential regulatory response; and the implications for both fund managers and broker-dealers. The program featured Morgan Lewis partners Amy Natterson Kroll and Timothy W. Levin. This article outlines the principal elements of their presentation. For further insights from Kroll, see “MiFID II May Have Significant Ramifications on Research Payments Involving U.S. Managers With Cross-Border Operations” (Jul. 27, 2017). For additional commentary from Levin, see “Growing SEC Enforcement of Hedge Fund Managers Requires Greater Focus on Cybersecurity and Financial Disclosure” (Jul. 7, 2016).

U.K. Senior Managers and Certification Regime Now Covers All FCA‑Regulated Firms

The U.K. Senior Managers and Certification Regime (SMCR) was introduced for the banking sector about five years ago and then applied to insurance companies. It recently became applicable to all private fund managers and other financial services firms regulated by the U.K. Financial Conduct Authority. Thus, all 48,000 regulated U.K. financial services firms are now subject to the regime. A recent program presented by ComplySci provided an overview of the SMCR and examined regulators’ expectations for firms subject to the SMCR in light of the ongoing coronavirus pandemic, common challenges and pain points associated with the SMCR, as well as enforcement of the regime. Jordan Robb, senior product manager at ComplySci, moderated the discussion, which featured Iain Colquhoun, CCO and chief financial officer at Sona Asset Management, and Daniel Ridler, managing director at BCS Consulting. This article distills their insights. See “Advisers Must Prepare for the Upcoming Expansion of the E.U. and U.K. Prudential Regimes” (Nov. 12, 2020).

Using RegTech for Compliance Efforts and Potential Benefits of Emerging Technologies (Part Two of Two)

It can sometimes be difficult for a fund manager to keep its proverbial “finger on the pulse” of regulatory technology (RegTech) because of how rapidly its functions and applications are expanding. When viewed holistically at a given moment, however, it is readily apparent that there is an array of ways RegTech can make compliance officers more efficient and effective at overseeing their firms’ practices. ACA Compliance Group (ACA) hosted a webinar aimed at providing a snapshot of the state of RegTech in the private funds industry and some potential future trends of note. The webinar featured Dan Campbell, partner and managing director; Raj Bakhru, partner and chief innovation officer; and Carlo di Florio, partner and global services officer. This second article in a two-part series details different compliance functions that can be addressed using RegTech, along with some emerging technologies that hold promise in the coming years. The first article summarized how RegTech has been adopted by fund managers and regulators in recent years, and potential future trends in the area. For additional commentary from ACA, see “The SEC Under the Biden Administration: Ten Areas to Watch” (Jan. 21, 2021).