06 Oct 2020

Cash Handling & Cyber Security

Cash movements in hedge funds are vulnerable to cyber-attacks. Historical controls have focused more on internal fraud but in this memo we provide practical guidance for a framework for cash controls to help mitigate the risk of cyber fraud.

Asset managers routinely engage in the transfer of large sums of money in their daily business activities and as such are attractive targets for a spectrum of cyber-frauds. The regularity of these transfers (either within a fund structure or to external vendors) can result in decreased awareness of the risks surrounding these transfers increasing the vulnerability to cyber-attacks.

Historically, controls asset managers have put in place for these transfers have focused on preventing internal fraud, but many of these controls do not provide adequate protection from cyber-attacks and external frauds.

This memo covers the following topics:

  • An overview of the threat environment including the spectrum of incidents in asset management,
  • Common types of cyber-fraud including fraudulent invoice requests, fraudulent payment requests, and change of payee details,
  • Common cyber-fraud techniques including business email compromise and email spoofing or impersonation, and
  • Controls to mitigate the risk including both technological and process controls