Many hedge funds and other alternative investment firms are ill-prepared to protect their investors from identity theft. This was the conclusion after a year-long analysis by Richard Fleischman & Associates (RFA), which provides outsourced technology and IT services to more than 400 alternative asset firms.
The analysis was based on a review of more than two dozen RFA Due Diligence Assessments that identified compliance vulnerabilities and business process deficiencies for alternative asset firms. The analysis found several areas of concern, including little creation and enforcement of IT policy and code of conduct, workstations that weren’t password-protected to preserve the confidentiality of client information, and a lack of business continuity planning in case of a disaster.
Don Previti, director of business development at RFA, commenting on the report in an e-mail message, “You wouldn’t give your Social Security number to someone on the street, but that’s in essence exactly what you are doing if the investment firm you do business with does not perform employee background checks or take proper precautions for protection of investor information.”
Previti said his firm’s risk assessment would help prevent, among other things, pilfering of confidential information by obvious sources, like a disgruntled employee or unvetted vendor, but sources that were frequently missed by investment firms.