Service Providers: Managing Interdependencies
Asset management companies use an assortment of third-party service providers such as prime brokers, fund administrators, broker-dealers, and IT companies, which together with securities exchanges form an intricate web of services that constitute the infrastructure.
As was made all too apparent from Superstorm Sandy, this infrastructure is vulnerable to natural disasters, in which case the dependence on service providers can threaten the very existence of a business.
Business continuity experts advise companies to understand the dependencies which exist not only between them and their service providers, but among the service providers themselves.
“Every business has different needs and requirements; it’s up to each business to assess critical requirements, and in turn what the dependencies for these requirements are in terms of external vendors,” said Christopher Horne, assistant vice president of business continuity management and corporate security at CIBC Mellon. “Once critical vendors have been identified, find out what those vendors have in place in terms of business continuity, disaster recovery – essentially, how would they continue to do business during a crisis situation or business disruption.”
It’s also important to work with vendors to communicate requirements in advance. “There should be dialogue (and written agreement) between your firm and your third-party providers about how services would function during a widespread outage or challenge,” said Horne.
It is important to develop an oversight program that monitors service providers. Service providers with a higher risk rating should be monitored more frequently.
“Firms should review service provider’s BCPs and ensure critical services can be restored on a timely basis. In addition, firms should inquire whether the provider maintains, updates and tests its BCP,” said Carl Versella, principal at Rothstein Kass, a tax and advisory firm serving the alternative investment industry.
“As part of the planning process, it is important to develop a call list with key contacts from your fund administrators, prime brokers and service providers,” Versella said. “Other key elements that should be addressed include establishing an alternate communication method and how information will be exchanged in case of a business interruption.”
State of Readiness
Some larger companies have reduced their dependence on third-party service providers by performing more functions internally.
GFI Group, whose 55 Water Street headquarters was literally swamped and made unavailable for ten weeks after Sandy, was able to function with scarcely a ripple because it had foreseen the threats long before the storm struck.
“We have reduced our reliance on third parties, because of the delicate nature in which our trading operation needs to be managed and maintained,” said Jerry Dobner, GFI’s chief technology officer. “I think that was a good move though it may have been somewhat more expensive–not terribly more but definitely more time consuming. When you take it really seriously, as we do, and you say this is something that can happen, then for a trading environment or trading firm, you really want to do it yourself. That’s what we’ve done it at GFI.”
As a registered stock exchange, Direct Edge strives for flawless performance every trading day. “We maintain a very robust third party risk assessment protocol for critical business and technology providers that is executed with military-like precision. You saw this with Hurricane Sandy,” said chief information officer Saro Jahani. “We make sure that we understand their business continuity capabilities and make sure they meet the very highest standards of stability and resiliency.”
Part of this readiness is to understand that business time recovery objectives might be very different for each and every one of Direct Edge’s vendor firms. “It is an ecosystem with lots of parts. Unless these protocols are properly tested in a real-life simulated environment, they will not be something that we can rely on,” Jahani said. “So, we have worked very closely with 3rd party vendors as well as the member firms to make sure that these protocols are properly tested jointly and they can be executed during a disaster.”
He continued, “We ensure that the providers are in sync with our recovery time objectives. Direct Edge is critical to the U.S. financial infrastructure and as such, we have to be sure that even catastrophic failures in a data center or with another vendor can be recovered, or a back-up plan enacted, for trading the next trading day. Finally, we perform drills constantly with vendors so the crisis management protocol is fully understood by everyone and executable by everyone.”
During a new client onboarding, fund administrator Custom House Fund Services was asked to present its global business continuity plan and disaster recovery plan for review. “It was vetted and then we were asked a series of questions about how the current the plan is implemented and how it is tested,” said Scott Price, regional director and head of sales. “I think the first point to note is that just asking for it, checking the box and moving on, from an operational due diligence perspective is not adequate. Now it is being read, critiqued and understood by our current and prospective clients.”
“Clients are managing us, as a service provider with an agreement and if we pass on any documents, including a business continuity plan, we have to stand by it,” Price said. “I would therefore recommend all asset management companies to not only ask about the business continuity plan but also read and understand the deliverables that are communicated in that document.”
Global ETFs had record net inflows of $1.3 trillion in 2021.
The Universities Superannuation Scheme is the UK’s largest private pension scheme.
Buy-side and sell-side firms need to integrate applications to streamline traders' UX.
Passive funds represented nearly all U.S. equity inflows.
President and chief executive officer of State Street Global Advisors will retire in 2022.