As data security continues to be a focus in the hedge fund space, clearly articulated compliance manuals can be a competitive advantage for firms and result in more allocations. More and more Operational Due Diligence (ODD) teams are requesting this information, and willingness to provide transparency can increase your chances of winning over new business. At the same time, sharing compliance information beyond your company firewall can increase the risk of losing the confidential data to competitors.
At recent industry events I’ve attended, increased transparency around the communication of compliance information was a much discussed topic.
Some funds only allow investors onsite to review the compliance manual, to reduce the possibility of confidential information being leaked. This method, however, adds an extra burden to an already lengthy ODD process (say goodbye to Day 1 investments!). To speed up the ODD process, some funds provide copies of compliance manuals electronically via email or by hard copy mail – which are indeed quicker but much less secure methods of furnishing information to investors. Beyond just security, the issue here is also that the fund manager has no visibility into where the shared information is travelling and how investors are interpreting the information. A compliance manual can be bulky – or a work-in-progress – and the fear is that the information in it may be misconstrued if the fund manager is not physically present to walk through it with the ODD team.
Neither of these methods seems like a foolproof way to keep confidential information safe. So, what’s a reliable and effective solution?
Information Rights Management (IRM) protection
It goes without saying that the ODD compliance review process moves a lot faster when a fund engages specialist service providers. Certain hedge fund reporting portals provide IRM which offers lifetime protection for confidential information and files shared with parties outside a company’s firewall – even after those files have been downloaded. Application of watermarking, “no print” / “no download” settings and password protection to marketing materials, portfolio information and strategy information – as well as compliance manuals – are some effective measures to protect confidential information from unauthorized use and access.
Investors today understand the confidential nature of fund-related information and are open to receiving a copy of the compliance manual with IRM protection enabled. Investors value transparency, integrity and efficiency in making information available to them. Adding a time limit or expiry to the document when posted on a portal is also another effective solution – one that can be used to ensure that the compliance manual is not being scrutinized excessively; investors can liaise directly with the fund managers to seek clarification on questions regarding the furnished information.
Would love to hear your thoughts, and whether or not you think IRM protection could offer a solution to the transparency or data protection balancing act. You can email me at firstname.lastname@example.org.