The fund industry proved this year that rigorous preparation and active member exchange make all the difference in meeting the unexpected. Fostering that preparedness is at the heart of the mission of ICI’s Operations Department, which continually seeks to help members improve and fortify operational capabilities from distribution and servicing to cybersecurity and fraud prevention. The close cooperation that members have developed working on these issues together over many years enabled them both to manage an unprecedented global crisis and to bring to fruition ongoing priorities in a challenging year.
Fending Off Cyberattacks at the Home Office
Chief information security officers (CISOs) know that dogged preparation and scenario planning pay off when a crisis occurs. Mutual trust gained among members of the CISO Committee over many years enabled them to share their experiences and ideas to help the industry manage a smooth transition and maintain strong operations and defenses during the novel coronavirus crisis.
In mid-March, when the fund industry transitioned from business as usual to working from home across the globe, the cyberthreat landscape expanded dramatically. Cybercriminals intensified attacks to take advantage of potential vulnerabilities of home office environments with a notable rise in phishing and ransomware attempts playing upon pandemic fears and the prospect of government stimulus checks.
With the rapid switch to working from home, fund complexes quickly ramped up systems that had previously accommodated only occasional remote working. To fortify against network incursions in a more dispersed work-from-home environment, the industry’s technology teams equipped employees’ home offices with stronger security and controls to facilitate tighter network monitoring.
During this time, ICI Operations also continued to engage in its regular cybersecurity work, issuing—for the sixth year—surveys on domestic and global security practices. These two surveys are the only cybersecurity surveys focused on the mutual fund industry. The US survey—the ICI 2020 Cybersecurity Survey—collects, anonymizes, and aggregates responses from US members on their practices, including encryption, authentication, access controls, and security operations. The results are tiered by asset size to enable firms to compare their practices to those of their peer group.
On behalf of the International Organization of Securities Commissions (IOSCO), ICI collects data from individual firms through IOSCO’s Affiliate Members Consultative Committee (AMCC) to conduct the AMCC 2020 Global Cybersecurity Survey. Together, the US and global surveys provide insights into the cybersecurity practices of the industry around the world, including the evolving threats and defenses.
Benchmarking Industry Transfer Agent Costs
As part of important ongoing work, ICI published its 18th biennial Mutual Fund Transfer Agents: Trends and Billing Practices study. The comprehensive data gathered from members provides a premier benchmarking tool for fund complexes to compare their transfer agent charges against those of other funds to assess the competitiveness and efficiencies of their operations.
Advocating for the Needs of Small Funds
Small funds—those with assets less than $10 billion—bring innovation and choice to the fund industry. These funds also face challenges different from those of their larger counterparts. The Small Funds Committee has long provided a forum to facilitate exchange among this distinct peer group.
A newly created sales and marketing subcommittee this year is helping small funds achieve more efficient and effective ways to reach investors. Because modest staff size and budgets present unique issues for their distribution efforts, a top priority for the subcommittee is to help small funds market through online channels. To help do this, the subcommittee has offered presentations and hands-on workshops with expert sales and marketing professionals, including sessions on how to devise digital strategies, use social media, and shop for the appropriate technology. The subcommittee’s meetings have been well attended, as the pandemic forced virtual meetings that enable broader participation.
Meanwhile, the Small Funds Committee continued its mission to facilitate direct engagement with regulators. This year, members participated in the third annual roundtable of the Smaller Funds Outreach initiative from the Securities and Exchange Commission (SEC), to explore whether regulatory compliance may be creating barriers to competition. Members had an opportunity to discuss with regulators how rulemakings might affect small funds. This year, smaller funds obtained regulatory relief in the SEC’s 13F reporting threshold rules. Issues now under discussion with the SEC include the potential impact of the fair valuation rule proposal on smaller funds.
COVID-19 health fears, the shortage of masks and protective gear, and government stimulus checks provided gold mines of opportunity for fraudsters seeking to take advantage of the stresses created by the global pandemic. ICI’s Fraud Prevention Working Group—already in operation for two years—was well-equipped to help members manage the significant uptick in crisis-related scams this year.
At the onset of the pandemic, the group released a white paper, Red Flag Indicators: Warnings of Potentially Fraudulent Activity, identifying telltale signs of scams. The paper provides information to help funds train staff and create automated systems to detect and head off such attempts. The group also focused on training members to monitor and combat fraud targeting vulnerable adults, including the elderly, who may be even more isolated and susceptible during the pandemic.
Members continued to share information regularly on the newest frauds they were encountering, including real-time fraud alerts. These alerts often give indications of coordinated fraud schemes across states, which ICI refers to the Federal Bureau of Investigations (FBI) for further examination.
ICI set up an online resource center for members, which includes a year-over-year comparison of key fraud statistics and trends gathered on a quarterly basis from working group participants on the details of the fraud attempts and successes in deterrence they have experienced. The group is also helping funds educate shareholders with an upcoming paper on what shareholders can do to protect their own accounts.
On June 1, the fund industry reached a unique industry-led agreement providing a solution to a challenge introduced by recent European regulations governing funds’ oversight of fund distribution.
Under these regulations, fund managers of Undertakings for the Collective Investment in Transferable Securities (UCITS) and alternative investment funds (AIFs) must exercise enhanced oversight of their fund distribution channels. Fund managers have taken varying approaches to this requirement—confronting distributors with an unmanageable volume of requests for answers to multiple, often conflicting, due diligence questionnaires (DDQs).
In March 2019, ICI convened fund managers and distributors to create a uniform due diligence questionnaire for distributors to make the process more efficient and effective. By including both fund managers and distributors, the group was able to come to an agreement that saves significant time and cost, benefiting funds, distributors, and investors alike.
ICI also continues to foster stronger global cooperation in other areas of fund operations. As in the United States, ICI’s Chief Information Security Officer Committees in London and Tokyo hold meetings twice a year with law enforcement agencies and cybercrime units in their respective regions, as well as with US Federal Bureau of Investigations and Secret Service representatives who work from US embassies in these locales. The meetings help create the channels and lay the groundwork to coordinate responses to attacks when they occur. ICI also uses these occasions to discuss effective cyberhygiene practices, offer insights on current cybersecurity trends, and provide other helpful resources. During the COVID-19 crisis, the meetings took place virtually, which expanded participation significantly.