Interview with Denise Voss, alfi

Denise-Voss-Chairman-ALFI-2016Denise Voss is the chairman of alfi since 2015 and has been a member of the ALFI board of directors since 2007. She is also Chairman of the European Fund and Asset Management Association (EFAMA) Investor Education working group. Denise is Conducting Officer of Franklin Templeton Investments and has worked in the financial industry in Luxembourg since 1990. Mrs. Voss, alfi recently held a risk management conference. What are the biggest risks for fund managers as of today?
Denise Voss: Several well-known mega trends we face include increased geopolitical risks, the possible fragmentation of the EU, migration and social instability and a move to populist parties in some countries.  Low or nearly zero growth, our current zero/negative interest rate environment in many parts of the world and demographic changes, including the aging of the population, all have an impact on savings and therefore, investor behavior.
Cyber risk, digitalization and technology round out some of the main trends and risks the fund management industry must contend with.  It’s fair to say that the fund management industry has not traditionally been a leader in technology or cyber security issues in particular, however ALFI’s members within the ALFI Risk Management technical committee and working groups and our newly launched ALFI Digital/FinTech Forum are hard at work looking at these technology-related topics. Cyber security seems to be something everybody heard of, but only a few fund managers care about it. Is the threat real and what is the worst-case scenario for fund managers?
Voss: The threat is definitely real.  The World Economic Forum has estimated that cybercrime cost the global economy over $450 billion in 2014 – close to the GDP of Switzerland. Hackers can and have attacked all types of companies, including fund management companies, stealing propriety corporate and commercial information.  From the theft of passwords to sophisticated phishing email fraud schemes there is no lack of new ways to attempt to steal assets and information from all types of companies, including fund management companies.  An important risk linked to cyber security is a potential hit to the reputation of a company if a cyber-attack results in a loss of assets or in non-public information being made public or getting into the hands of criminals. Given the asset management business is primarily based on data and information, fund managers are particular vulnerable to cyber security breaches and the associated reputational risk. Lots of fund managers see the main risks at the fund administrator or prime broker side, but not in their systems. Their biggest fear is rather that the internet stops working or a computer crashes. What is your take on this?
Voss: Fund managers’ computer systems are just as susceptible to attack by hackers as those of their fund administrators and other service providers.  System failures can have a serious impact on a fund manager’s day to day business but the biggest fear of fund managers should in fact be that cyber breaches result in the theft of the personal and financial data of the fund manager’s clients.  The reputational risk and loss of confidence in the fund manager by clients can be much more severe to a fund manager’s long term business than a computer crash.  This is why fund management companies should ensure that cyber security is a top corporate priority.  CEOs, and other members of the C-suite must “set the tone at the top” of the organization and ensure that cyber security technology, policies and procedures are appropriate for today’s (and tomorrow’s) business environment, and that this “tone” is respected throughout the entire organization.  A company is only as strong as its weakest link when it comes to technology and cyber security. Small fund managers might say they are not big enough to be an attractive target and the cost outweighs the benefits to have a good cyber defense system in place. At what size should fund managers put more emphasis on cyber security?
Voss: I don’t believe size matters when it comes to cyber security.  Studies show that a significant number of cyber-attacks come from inside companies, meaning that even small fund managers can be at risk of loss of critical commercial or client data.  The reputational risk that arises from cyber-attacks and their consequences can be even more devastating for small fund managers, who may find it more difficult to restore client trust in the safety of their data, than larger fund managers. Thank you for the interview.