Managers in the mid-market and beyond are increasingly turning to outsourcing, say Sanne Group’s Marie Measures and Stacey Relton, leading to more scrutiny on tech and cybersecurity capabilities.
As published in Private Equity International's September 2021 edition.
According to Marie Measures, chief technology officer at Sanne Group, and Stacey Relton, head of North America, fund administration firms are fielding a growing number of questions from LPs that want more information about the service providers fund managers are working with. Here, they explain how the rise in outsourcing, demand for more sophisticated technologies, and the inability to meet in person during the pandemic are driving this trend.
Marie Measures: The biggest shift we have seen is a move towards wanting access to data and analytics online. Previously the focus had been on more traditional methods, including using PDFs, Excel and email. There has been a real shift to portals, and the data we can provide through those portals, to exchange information. With that comes security requirements – it is not just about providing the facility, but also making sure it is safe to use.
For fund managers and their investors, there has also been more video collaboration and tooling. Face-to-face meetings have been replaced with an online experience, where before only teleconferencing may have been used, and firms are trying to make that experience a lot more personal. There is also higher demand for information, whether that is regulatory updates or news, and a demand to access that information online. We have also seen an uptake of technical solutions, such as moving to digital signatures and bringing in new technologies to enable that.
Stacey Relton: We did not see a shift in investment strategy while people were working from home during the pandemic, but we did see a huge shift overnight in fundraising. Without the ability to travel and sit down face-toface with managers, a larger emphasis was placed on who managers’ service providers were.
If an established company, such as Sanne, was providing fund administration, investor, compliance and corporate services, it gave the LP added confidence when they may not have been able to meet the manager in person. Because of the inability to sit across the table and build that human-to-human interaction, we saw LPs start to focus on the make-up of the manager’s team internally, who its partners were, if they were names they could trust, and if more functions were being outsourced than done in house. We would take calls from LPs inquiring, “we are looking to invest in a fund, and we would like to ask questions on your security, investor portal and cash controls”.
SR: We have seen increasingly more outsourcing across the board, especially in the last three years, and I believe we will see that trend continuing. Hedge funds have been outsourcing for a number of years, but private equity has only really turned to outsourcing in the last three to five years. We are now seeing a wide range of private equity firms outsource, including emerging managers that have spun out. These managers choose to outsource because it can provide them with a brand name that might help them raise their first fund.
We also see more outsourcing in the mid-market and among larger funds. Sometimes firms have a solution in house, but when they are on fund number three or six, they will start outsourcing. By doing so, they do not have to worry about internal turnover, and they can leverage the outsourcer’s experience and technology. Often the outsourcing relationship begins with those later funds, and within the next 6-12 months we end up working on a firm’s legacy funds as well.
SR: Regulatory requirements are not slowing down and there is only so much an internal team can economically do to keep up with these. We are seeing an increasing number of disclosure requirements and proposals in a range of areas, such as ESG.
With the increase in technology, regulators are seeing that more and more information is available, and they want to look at the significance of what is in that data. With that comes a responsibility on the part of fund managers to be knowledgeable about the data and to be able to act upon it. It is this concept that knowledge is power, and with great power comes great responsibility – we are seeing more of that on the regulatory side.
MM: This is also something we are working into our tech solutions, particularly where the amount of audit and due diligence work is increasing. If we can automate that and provide data through our strategic data platform then we can offer a service where auditors can have direct access to information, and conduct audits in a more efficient way.
MM: There is only one way to tackle this and that is holistically. There are so many types of threats, both internal and external, and it is a case of looking at where those threats are coming from.
During the pandemic, we have seen a massive increase in phishing emails in particular. Putting in tooling can help mitigate that type of cyber threat. For example, at Sanne we use Tessian, which is a tool that uses machine learning to help identify potential phishing attacks. However, phishing emails can look the same as genuine business emails, so you need to educate your staff to be aware of them. We provide regular training on that, as well as tooling that alerts staff if something appears suspicious. We run an education programme to ensure all our staff understand the dangers of downloading software and email attachments. We also put end-point protection in place, which helps to prevent unauthorised downloads and deals with anything that gets through.
Data leak protection is also important. There are obviously people on the outside who would love to get hold of data, and people on the inside who could accidentally leak data. In fact, across the market the majority of leaks are due to internal mistakes rather than malicious acts. Other than educating staff and having policies and controls in place, it is important to make sure internet facing systems are capable of being locked down so that data cannot accidentally or maliciously leave the business.