A key take-away from the Bernie Madoff ponzi scheme was a lack of independent transparency related to fund valuation. In retrospect, it was a risk we all knew only too well: financial transparency is only achieved when provided by an independent entity – which is why the fund administration industry quickly evolved. This scenario is the same for IT service providers and cybersecurity regulatory compliance. Often, asset managers rely on their IT Managed Service Providers to perform cybersecurity assessments and related regulatory compliance services. While this approach may initially make sense, utilizing a single vendor to provide both IT services and cybersecurity compliance (e.g., “one throat to choke”), it breaks all the rules of independence. The asset management industry is rapidly evolving in an outsourced model in which IT services and cybersecurity are closely integrated – which they should be. However, when it comes to regulatory audit and oversight, it’s critical to get in external, unbiased entity to perform your annual regulatory required Risk Assessment, Penetration Testing, and related services.
For more information on how BW Cyber, LLC can assist you, please contact us at firstname.lastname@example.org.