Cybersecurity and the rise of cryptographic assets

International Management Services (IMS) is one of the leading providers of professional director services in the Cayman Islands. Sean Inggs, a professional independent director, offers his views on cybersecurity and cryptocurrency-related questions for hedge funds.

What are your thoughts on cybersecurity for governance generally and for hedge funds at the moment?

Companies of all types and in all industries can become the victim of cyber-related attacks. While a large number of these are most likely aimed at some sort of fraud, other attacks may have more political or social motivations.

Regardless of the motivation, it is of increasing concern and importance in investment fund corporate governance that directors need to be aware of cyber-related threats and especially so for cryptocurrency investment funds.

Outside of the IT department, cybersecurity is the responsibility of a company’s board of directors. For investment funds, it should now be very typical for board meetings to apportion some of the meeting time to an investment fund’s cybersecurity processes.

It is generally acknowledged that the global trend towards digitisation is accelerating around the world and directors should consider how a fund’s digital and electronic processes are set up and monitored, not just at the fund board level but also at the manager and the fund administration level.

Will this global digitisation continue and how should it be addressed?

We definitely expect that the move to digital will continue and that more intangible assets (including digital ones) will increase in value. It is mainly because of this movement that cybersecurity has become so important.

Cybersecurity is now a serious agenda item for fund directors to engage in. Directors should seek either assurance that a robust cyber risk governance framework will be put in place for an investment fund, or seek to help implement one.

The positives here are many: a fund will see improved decision-making processes, which will lead to better service development while at the same time providing more comprehensive assurance that risks are being identified, quantified, managed and mitigated.

What should directors be thinking about when it comes to dealing with cyber?

Questions should be raised regularly at meetings: has the fund suffered a cyber breach? Have any of the fund’s service providers suffered a cyber breach? If so, what steps were taken following the breach? How is the fund executing documents and is it using DocuSign or other browser signing programs? Are documents password-protected?

Many of our clients already engage cybersecurity professionals, be they third party cybersecurity firms or staff in-house. This increased oversight is part of a wider trend of alternative fund managers embracing regulatory compliance and corporate governance more completely. They recognise the value of having independent board directors in place as the risks facing investment funds continue to grow.

Prospective investors should also be committing some time to this subject as part of their due diligence processes. Investors should be asking questions around what policies the manager has in place or will have in place, what the manager’s disaster recovery plans are, and so on. Having written policies and procedures is very important.

Hedge fund formation has increased with regard to cryptocurrencies. What are your thoughts?

From a digital asset and currency perspective, Bitcoin and cryptocurrency investment funds have risen prominently in 2017 and we think this is set to continue in 2018. Institutional investors and other public market players have been brought into this space and this market is ripe for growth. With this growth there are increased risks and cyber-related risks are top among these.

Looking at the types of funds in this space, we see exchange traded funds, hedge funds and private funds which are covering a wide range of crypto asset types and investment strategies. The number of altcoins and other digital tokens available for trade is in the thousands (many of which can be traded on exchanges).

We expect that hedge funds will grow larger and develop different trading strategies, increasingly mixing cryptocurrency with mainstream asset classes such as listed equities and commodities.

In the private investment fund space, there is no reason for these funds not to diversify out of one cryptocurrency asset to other currencies and look to be listed on exchanges. If there are any publicly traded funds with a focus on Bitcoin, these may very well move into Ethereum or other currencies.

With the number of crypto-related hedge funds set to rise in 2018 and beyond, general corporate governance will almost certainly have to play catch-up in some respects. We at IMS are ready for these changes and investment managers and investors need to look carefully at whom they appoint to the boards of these types of funds.

My view is that the nature of these assets, their volatility and risk of loss, not only in value but to the assets themselves, means that appointing an independent director who does not have the requisite experience or knowledge of this new asset class is a significant risk for a fund manager.

Consider brokerage, custody and storage of digital assets. The allocation of digital assets between brokers will probably be determined by the investment manager according to the nature and type of transaction. But certain cryptocurrencies will have to be traded and held in exchange accounts and important considerations for directors and managers should be placed on where and how these are transferred to offline (cold) storage.

Who has access to the cold storage devices and who set them up? Where are the recovery phrases kept? Will the fund use multi-signature wallets and who are the signatories for these wallets? What exchanges is the fund exposed to?

One of the main aims for a fund manager looking at following best practices in governance will be to construct a diverse board of directors that can consider a broad range of risks. For cryptocurrency hedge funds, at least one of the independent directors on the board should have a good knowledge of how this asset class operates and what the risks to this asset class are.  

IMS can assist new hedge fund managers here as we have been at the forefront of this space from a governance perspective in Cayman. I act for some of the leading technology companies taking part in creating digital assets, as well as existing fund managers who have set up new funds for this asset class.

The pressure placed on new managers to take governance and board composition seriously is still there (and has been for some time), but appointing the right fund board members will certainly mean that a fund will be able to identify and manage these added risks.

Sean Inggs is a professional independent director at International Management Services. He can be contacted at: singgs@ims.ky