Davies case study on a cybersecurity review for a US hedge fund

Sionic has become Davies Learn More

Cybersecurity review for a buy-side client

We performed an end-to-end review of a US hedge fund's security policies, processes, controls and governance to ensure alignment with SEC guidance

The challenge

In their 15 April, 2014 Risk Alert OCIE Cybersecurity Initiative, the US Securities and Exchange Commission (SEC) identify 28 measures to gauge the effectiveness of a regulated firm’s preparedness to combat cyber threats.  In fact the guidance actually raises 71 actions they consider important to address in any effective cybersecurity programme. Our brief was to ensure alignment with SEC cybersecurity guidance.

Our approach

We performed an end-to-end review of a US hedge fund’s security policies, incident management processes, access controls, event monitoring, user awareness practices, and vendor governance, aligning the SEC guidance to industry standard cybersecurity frameworks to ensure complete coverage.  We also reviewed the hedge fund’s primary technology vendor and admin services company.

We used in-house bespoke valuation and risk tools, which were mainly excel based, an SQL service data repository and documentation storage in file shares with dedicated on-site routers to provide a conduit to the primary technology provider.

Our impact

We identified the high priority improvement opportunities on which the hedge fund should focus, aligning their budget priorities with the SEC guidance and defining a roadmap for continuous improvement.  During the review, it became clear to the hedge fund that a new technology provider was required, and our work also helped to inform their selection process.

Meet our specialists

Joseph Cataldo

View full profile

Explore more case studies

Financial Crime & Regulatory Compliance

Regulator-facing remediation documentation

We helped our client respond to a regulatory audit by documenting their end-to-end process, control and ownership focusing on EU and US credit and capital processes with regard to IRBA securitisation

Financial Crime & Regulatory Compliance

Recovery and resolution planning

With our technology partners, we helped mitigate operational risk and increase contract data efficiency for a top 3 global custodian

Financial Crime & Regulatory Compliance

Improving global trade and transaction reporting

We helped our client decide between hosted IT and managed services and better understand the real costs of trade and transaction reporting