Blog

Long gone are days when hedge funds could rely solely on custom software development for their process automation and productivity enhancement needs. Today the market is saturated with packaged software solutions that provide a wide variety of functions that support the front, the middle and the back office operations of hedge funds, funds of funds, and family offices. Some of the vendors are so successful that they have shaped the way funds use technology and have created new ways of trading, modeling, sharing information and communicating with investors. Even so, many managers, when faced with the need to automate processes, consider the “old-fashioned” way of developing a proprietary solution. This article examines the main advantages of custom software development.

First and foremost, building custom software ensures that the fund will be able to keep and further enhance their unique business processes as opposed to modifying business processes to match a packaged solution. This is especially important in today’s market as managers try to gain alpha and attract investment capital by coming up with unique investment strategies.

Another advantage of custom software development is better cost management. While many think that custom applications are more expensive than packaged solutions, it is rarely the case. There are a number of factors that make custom solutions more cost effective.

First, with a custom solution you can only develop features that you need, and not have to pay for those that you do not require. When built properly, a custom system will be able to scale and grow with your business and new features can be added over time. This “phased” development approach is more cost-effective, produces faster ROI, and is not possible with packaged solutions.

Second, there are no recurring licensing fees, and you may have as many users as you want run and use the system for the same price. Packaged solutions always come with annual licensing renewal fees, expensive support contracts and very high customization costs.

Third, the cost and the amount of training required is reduced significantly by having your key end-users participate in the design and development processes. This ensures that when the system is ready, users are familiar with the system and know exactly how to use it. Further, including your staff in the development process and actively seeking their feedback helps the change management process by gradual introduction to the new system.

Another aspect that many tend to overlook when comparing custom software to packaged solution is quality. Development of a custom software system requires that a full software development lifecycle be executed. This includes careful analysis and design and quality assurance measures throughout the project. Because there is only one client, every step of the development lifecycle can and should be tailored to specific requirements of the client. This makes the quality assurance procedures more precise and results in greater overall quality of the end-product. Delivery deadlines are also less strict and can be prolonged in an event of last-minute issue discovery, so the system does not go live with a long list of known issues as is often the case with packaged solutions.

As fund managers prepare to meet the many requirements of the Hedge Fund Transparency Act they are looking for ways to reduce overhead and streamline tedious administrative processes. There are countless software and technology solutions designed to automate manual tasks and improve productivity. One key solution that many hedge funds consider are Online Reporting Systems, also sometimes referred to as “Investor Websites.”

Online Reporting Systems have many advantages when it comes to sharing investors’ data. For example, investors have the ability to access their performance reports from any place and at any time. Also, the generation and distribution of these reports is significantly simplified and expedited due to the ability to pull data directly from source databases onto their screens. However, before rushing to implement an Online Reporting System, whether packaged or custom-built, it is very important to consider the security risks involved and understand how to minimize them.

The most obvious but often overlooked security feature is password strength. A strong password should be between 12-14 characters long and include at least one of each – an uppercase, a lowercase, a number, and a symbol. It is also crucial to remind users that passwords should never be based on repetition, dictionary words, letter or number sequences, usernames, relatives’ or pets’ names, or any biographical information. While an unusual password may be harder to memorize, it will significantly reduce the risk of a security breach.

Further, passwords should always be stored in an encrypted format. Often, developers use industry-standard encryption algorithms that require an encryption key. The problem with this approach is that encryption keys can be compromised. A more secure way to encrypt sensitive data is to use one-way hash functions. Basically, a hash function is an encryption algorithm that does not require a key and produces a result that cannot be decrypted. The encrypted value of a user’s password is stored in the database. When a user logs in, the submitted password is encrypted and compared with the value stored in the database. If they match, the user is authenticated.

In addition to requiring strong passwords and storing them in an encrypted format, it is very important to use HTTPS connections and to apply a security certificate, such as TLS or SSL. These measures prevent eavesdropping, tampering, message forgery and other attacks that hackers use to gain access to website accounts and sensitive information.

The next important security measure is to implement an advanced session timeout that would automatically log an idle user out of the system and hide their account information. Most secure websites have timeouts set at 10 minutes of inactivity, and when users return, the site simply re-directs them to a timeout or site home page asking them to log in again. While this strategy may be fine for some websites, Hedge Fund Reporting Systems should always log a user out automatically once the timeout period is reached. This will prevent others from seeing sensitive data on the screen if a user happens to be away from the computer.

It is also advisable to minimize the usage of third-party tools when building a custom solution and to opt for commercial products as opposed to open-source software. The main reason for this recommendation is insufficient knowledge and control over third-party tools, the way they function, and their security features. Also, any time third-party software is embedded within an application, certain information about the application is stored at the third-party provider’s database, which increases the risk of potential security breach.

Additionally, most Online Reporting Systems have an administrative interface that provides data loading, user management and other administrative functions to authorized users. It is crucial to separate the administrative module from the public module and to create dedicated database connection strings for each one. The administrative module should also be kept inside the corporate network and be accessible via a VPN connection when working from outside the office.

Finally, a regular data backup schedule should be created and data should be taken offsite to a secure data facility. Today, there are numerous online backup companies that offer fully managed data backup, storage and restore services. Generally, these vendors make significant investments into their data centers and backup software to ensure data safety and adhere to various regulations, such as the Sarbanes-Oxley Act, the Gramm-Leach Bliley Act, SEC NASD Act and so on.

To summarize, technology can provide significant time and money savings to hedge funds when it comes to meeting regulatory requirements and improving investors’ experiences. Knowing the risks involved and ways to avoid those risks, as well as partnering with the right technology vendor are critical to ensuring successful implementation of any software solution.

As many newly launched hedge funds establish their infrastructures, they are increasingly considering cloud computing as an opportunity to gain fast access to best-of-breed software applications at a fraction of the cost.

According to a study conducted by Applied Research-West, more than 80% of respondents are either in trial, implementation, or usage stages of public or private cloud computing deployments. Further, as many as 71% expect cloud computing budgets to grow over the next two years, as new services and platforms move to the cloud.

Despite its growing popularity and cost effectiveness, cloud computing is still seen by many financial service firms as a risky undertaking. While most understand the advantages of cloud computing, such as low infrastructure investment, accelerated deployment with lower risk, scalability, efficiency, and higher ROI at a lower TCO, hedge fund professionals are also overwhelmingly concerned with data security, reliability, and performance. While these are certainly valid concerns, there are currently ways to alleviate the risks while enjoying the benefits of the cloud.

It is important to understand that unlike traditional, in-house run applications, which put the maintenance and the security on the customer, the cloud computing model places the responsibility to deliver reliable and secure services on the vendor. The vendor knows that in order to succeed they must invest in state-of-the-art service and delivery technologies as well as certification programs. Such programs require cloud vendors to implement rigorous and well-documented security practices that govern their data facilities and personnel.

For example, ISO/IEC 27001 and ISO/IEC 27002 provide foundations for independent audits of cloud service providers and implement standards that govern security of information and network systems.

Another important factor to consider is that security and reliability are relevant terms and cannot be easily measured. A study of Fortune 1000 companies by Infonetics Research found that on average there are over 500 hours of network downtime per year, which works out to 94% uptime rate. This is 5% less uptime than guaranteed by most hosting companies. Similarly, internal data theft and loss are far more common in an environment where data servers are hosted internally, because when a user logs off from a cloud-based application, data is no longer accessible from their computer.

With this in mind, the customer, of course, must carefully assess a potential service provider. Gartner, a leading IT research and advisory firm, recommends paying close attention to the following areas: privileged user access, regulatory compliance, data location, data segregation and encryption, recovery practices, investigative support, and long-term viability. In addition, cloud service providers often work with a number of third party firms, so it is highly recommended to inquire about all third parties that may have access to sensitive data.

Cloud computing will continue to grow and gain widespread acceptance due to its benefits and the changing competitive forces. As the technology matures, cloud vendors will continue to address the remaining security and privacy issues, while users continue to adopt this new paradigm.

Microsoft Excel is by far the most common application used in a financial environment. There are funds that run their entire operation using Excel spreadsheets; from trade blotters to complex financial modeling and real-time P&L reporting, Excel can be programmed to support the front, the middle, and the back office. Further, many finance professionals are experts in Excel programming and can manipulate their spreadsheets without any support from IT personnel. This makes Excel a great low-cost option when it comes to data storage, processing and data analytics.

Unfortunately, there are a number of issues that a fund must consider when making the decision to rely completely on Excel. For example, Excel cannot be modified simultaneously by more than one user. This may be fine for a fund with two employees, but may pose a significant efficiency issue for a larger operation.

As a bigger concern, Excel macros, which are heavily used by hedge funds, are prone to viruses. Macro viruses use Excel’s own programming language to distribute themselves. These viruses have the potential to corrupt data within the infected document as well as within documents that are linked to it. Some viruses are just annoying, while others can be very destructive. Just opening an infected spreadsheet will infect the user’s system and may even spread to other computers within the user’s network.

Earlier this year, Microsoft released a public notice about a known Excel vulnerability that could allow remote code execution. On another occasion, Microsoft introduced a calculation bug while trying to patch yet another security issue.

So, while Excel is a low-cost, powerful and convenient tool, it has some significant flaws that must be examined carefully when choosing technology platform to run your fund.

In the face of the Hedge Fund Transparency Act, and the increasing demands from investors and prospects to disclose more detailed and frequent information, many hedge funds find themselves spending a great amount of their resources gathering, organizing and sharing information.

This is not an easy task, as critical data is commonly stored and processed in many systems and databases that often do not communicate with each other. Further complicating this process has been the adoption of a multi-prime broker strategy by many hedge funds.

One option that may help funds solve the data consolidation issue is building a proprietary data warehouse. Simply put, a data warehouse is a central repository that pulls select data elements from disparate sources and can be used for advanced analytics and reporting purposes. Data warehouses can also be used as a data source for front-office applications, such as customized Investor Websites, which provide secure and hassle-free platforms for sharing performance data with investors, while meeting transparency requirements.

Specialist software development firms are able to build highly secure web-based platforms that offer investors around-the-clock access to their account information including balances, transactions, account performance returns, general fund performance, and communication letters. Furthermore, data can also be easily broken down by fund, asset class, strategy, and other criteria as required by the manager or the investor. Historical performance records can be viewed through an easy-to-use interface, and certain data elements can be downloaded in PDF or Excel formats.

Many fund managers take a further step and use Investor Websites to facilitate a more effective communication with their investors. They use the technology to distribute investor letters, make announcements, solicit feedback, share educational materials, SEC filings and other data to improve the investor relations and follow the industry best practices.