Why Asset Managers Land in the Dog House

Investment firms that get hacked, hike fees, or switch portfolio managers can expect to land in the hot seat with their institutional clients. 

More than half (54 percent to 57 percent) of institutional investors surveyed by financial services specialist CoreData Research said they would launch a special review of any manager given one of those circumstances. While emphasizing concerns such as key-investor turnover, allocators at least professed tolerance of maladies like underperformance and bad press. 

About two thirds of respondents wouldn’t put a manager on notice if they trailed competitors for three consecutive quarters or drew nasty headlines. “Although investors may say performance is king, in reality, soft factors play a large role in the way investors review and monitor their asset managers,” CoreData said in its report.

The most striking finding, according to the researchers, was a top-cited red flag: hacks. 

“The most telling takeaway from these findings is that institutional investors class a cyber security or data breach to be more significant than a fund manager change,” the data and research firm wrote in its report. “It is not surprising that a change in the captain of the strategy ship would trigger a review, however it is remarkable that investors categorize cyber security as more important than this event.” 

Investors rightly had their hackles up about cyber security at the time of the survey late last fall. 

A targeted attack against institutions and their financial service providers was underway, with hackers breaking into at least one endowment, one foundation, and a hedge fund at that time. 

[II Deep Dive: Cyber Attack Hits Prominent Hedge Fund, Endowment, and Foundation]

Hackers breached the official email accounts of investment executives at the Kansas University endowment and Community Foundation of Texas in late September. A month later, attackers hit hedge fund Arena Investors, sending a malicious phishing email from its chief operating officer’s address.

“These organizations have access to millions of dollars in liquid accounts,” Robert Capps of NuData Security told Institutional Investor at the time. “Institutional folks managing capital are used to getting wire transfers and moving money. By targeting high-level executives in the financial industry, attackers are then able to send out wire transfer requests to someone in accounts payable, and then money is wired out to third parties. Make one mistake, and it could cost millions of dollars.”

And the attack isn’t over. A public relations firm specializing in asset management fell victim less than a month ago. Hackers took control of a Hewes Communications account, and distributed a message asking recipients to open and sign a partnership proposal. 

When asked if it was a legitimate email, the hackers responded from the compromised account. 

“Thanks for checking in, the document was sent securely by me to you and it’s safe to open,” they wrote back. “Let me know what you think.” And signed off, “Thanks, Steve.”

If asset managers have the same standards as institutional allocators, they may have had plenty of clients under emergency review.