Cybersecurity and human capital risk rank higher in due diligence checks

Investment managers need a plan for management of cyber attacks and personnel misbehavior, panelists at the Texas TRS conference said.

Increasingly alive to the threats of cybersecurity scandals and misbehavior among key personnel to their investments, institutional investors are taking a deeper dive into the preparedness of managers before committing capital.

Panelists speaking on a due diligence-focused panel at the Texas Teachers’ Retirement System Emerging Manager Conference in Austin, Texas earlier this month observed how managers’ cybersecurity and ability to respond quickly to attacks has come under more scrutiny in recent years. Both the Securities and Exchange Commission and investors performing due diligence on managers across asset classes are recognizing that successful cybersecurity breaches could result in massive financial losses and reputational damage.

“I think they’re going to get to a point where they are sort of done on educating the investment community on where they stand and what they feel is important,” said Luke Wilson, partner and private markets practice leader at governance, risk and compliance advisory services firm ACA Compliance Group. “They are going to start making examples of people.”

Investigations into cybersecurity and the readiness to respond to potential breaches are not limited to the firm. Scrutiny also extends to any subsidiaries and portfolio companies owned by the investment manager, according to Wilson.

Even if a cybersecurity breach does not result in monetary losses, stolen personal information such as email addresses can still lead to reputational risk, added Chris Sandberg, vice-president and head of the operational due diligence team at global investment and advisory firm GCM Grosvenor. Investment managers need a concrete risk management plan, otherwise they will be having tough conversations with their investors, he warned.

Investors are also paying more attention to topics such as harassment and discrimination during their due diligence checks. They search for red flags, such as a history of litigation at the firm, Sandberg noted. Investment managers need to be proactive as talent management and HR issues start to hold more weight in the conversation between investors and managers. Investors want proof of clear policies and procedures to deal with any cases of sexual harassment or discrimination, according to Sandberg. They also want to see that the firm has provided training for its employees — ideally to prevent, or at least curb, certain misbehaviors, he said.

Chenxing Ferensen, chief financial officer at private real estate investment firm The Roxborough Group, stressed the importance of managers conducting their own thorough background checks, even on existing employees. She recommended managers pay special attention to key management teams and conduct checks every two years.

In his years of conducting background checks, Sandberg said he has found instances of litigation, prior fraud, falsified information, DUIs and the like. “There are many times where we are bringing this to the manager’s attention about their employees and those are very uncomfortable conversations to be had,” he added.

The Texas Teachers’ Retirement System and Employees Retirement System of Texas hosted the 2019 Emerging Manager Conference in Austin, Texas. Attendees of the conference included emerging managers across asset classes, institutional asset managers and institutional investors.