What Happens When the Cloud Comes to a Highly Regulated Industry? - Priori

What Happens When the Cloud Comes to a Highly Regulated Industry?

________________
By Mirra Levitt
| In-House Voices

Blake Nielsen

Blake Nielsen is the General Counsel and Vice President of Operations at Enfusion, a technology consulting business for asset management companies and the provider of cloud-based, multi-tenant investment management system Integráta. In this interview, Blake discusses what to expect and the legal challenges of a company that is filling a technological gap in a highly regulated indutry. 

 

Tell us about Enfusion.

Enfusion was founded in 1997 as a technology consulting business for asset management companies, primarily hedge funds. While building the business, Enfusion’s founders recognized a gap in the market, where global macro/ multi-strat hedge funds didn’t have an available commercial software solution. Recognizing a need, they built a software solution for asset managers, known as Integráta, which is a cloud-based, multi-tenant investment management system that follows the lifecycle of a trade: from order & execution management, to portfolio management, to accounting, to risk management, with compliance mixed throughout. We also offer ancillary middle- and back-office services used by investment managers to streamline operations and minimize overhead expenses. Our clients vary significantly in both strategy and size – everything from small family offices to larger institutional investors. We’re headquartered in Chicago with offices in New York, London, Hong Kong and Dublin. People-wise though, we’re still relatively small.

What has the growth trajectory been like since the company’s founding?

I started a little less than three years ago when we had approximately 30 employees. Now we’re slightly over 100, but it’s been a controlled growth; we’ve been very smart about it. We recognize that some companies will grow too big too fast and are subsequently unable to handle that growth, which ultimately detracts from product and performance that was initially the catalyst for growth.

What are the elements of your role now, and how has it evolved during the three years that you’ve been there?

As general counsel and VP of operations, I wear many hats. I handle all of the legal matters for our U.S. entity as well as our international operations (though I rely on outside counsel both in the U.S. and internationally). In addition to the legal function, I also work with the HR, cyber-security, and client due diligence teams.

In terms of challenges of the role, the most difficult part of my job is just how quickly applicable rules, regulations, and laws change across different jurisdictions. The more nuanced and detailed rules and regulations concern me most – which is why most days I arrive at work quite early and spend a few hours reading regulatory material and updates from around the country and world before the rest of the company arrives.   

Tell us a little about your legal department.

Right now, it’s just a department of one. I could probably convince the company to hire more legal support, but for now my strategy is to cross-train non-legal personnel to spot issues and bring them to my attention – which has worked well so far. Outside the company, I rely on great outside counsel. I also have a great network of peers. Still, as we continue to grow, I imagine it will be necessary to expand and add some additional support, whether that be additional attorneys or legal ops personnel.

When you came into this role, did you have a cybersecurity background? If not, how did you get up to speed?

I had no background in cybersecurity. Almost immediately after I started, our clients began to focus on cybersecurity issues and started sending us detailed questionnaires about our practices and procedures. As a result, our CEO pulled me into a meeting and basically asked if I was willing to take on the challenge of learning the material and filling the role – of course I said yes. Certainly the learning curve has been steep, but because Enfusion is a technology company, there have been many people at the company to learn from. I also did significant background reading and spoke with a range of specialists. Fast forward three years, and I’m much more comfortable. Stepping back, I think cybersecurity is a great area for lawyers to master because there’s a huge advantage in being comfortable reading and synthesizing the applicable acts, statutes, regulations, and modern trends when trying to figure out how to best position the company.

Another key element of your role is managing client diligence and legal onboarding. What does that entail?

We have two components to diligence – onboarding new clients and ongoing requirements. For the ongoing diligence, I generally receive due diligence questionnaires which address through our cyber security setup and our policies and procedures and all the different tools we have in place to protect client information. In addition to answering those questions, I may have to coordinate answers to requests for a business continuity plan, stock reports or anything that indicates how Enfusion would handle a disaster or cyber event and what we do to prevent such occurrences. Often onboarding due diligence is quite similar – but with the added challenge of getting required confidentiality agreements in place and making sure the client has enough information to feel confident in the protection you provide without leaving your company exposed.

As far as the contracting stage is concerned, I’m not an attorney that likes to stick with legalese. I prefer to write in plain English because I want to facilitate communication. If we’re communicating openly, it’s much easier to get ahead of problems in the negotiation process. I take the approach of telling clients as simply as possible what we can offer and then try to find a solution on the forefront of the relationship if there is an issue or disagreement, rather than allowing it to arise after the contract is inked.

Enfusion is a fully-hosted cloud based service. Can you talk a bit about the industry trend of moving to fully-hosted, cloud-based services from locally-hosted systems?

Not long ago, “fully-hosted” was almost verboten in the hedge fund industry. There was the idea that everyone needed to be in their locked box – which meant locally-hosted systems. That attitude made it difficult for Enfusion at first because once potential customers understood our system, they were often extremely skeptical about security – not because of our practices, but because of the overall industry concern about cloud-based services. 

Now the hedge fund industry is warming up to the cloud. Such cloud-based service has benefits for both customers and companies like Enfusion. Most importantly, when locally-hosted services release software upgrades, teams must then go and work with each client in the client’s location to make product updates. Cloud-based products like Enfusion’s can be updated much more inexpensively because we can implement all upgrades from our home base. The overall effect is to allow cloud-based services like Enfusion to service many more customers with lower overhead costs than locally-hosted products – which results in cost-savings for the client. As an added benefit, it also allows Enfusion to release code more frequently, making Enfusion nimble and much more responsive to client needs. 

Enfusion provides a front-to-back solution. Why is now the time front-to-back solutions are starting to take over the portfolio management industry?

Some of it, certainly, results from the industry becoming more comfortable with technology. Another important driver is cost pressure. Regulatory costs have increased significantly, it is more difficult for managers to raise funds, and at the same time clients want to pay reduced management fees, which together mean that portfolio management companies are looking for cost savings. For these reasons, a front-to-back solution can be quite compelling to a new launch or even a conversion that is fed up with the cost of maintaining multiple systems. Similarly, by running on one data set, the experience and overall functionality is greatly improved. Thus, our clients are more efficient, which ultimately allows them to focus on raising capital and creating value for their investors.

You mentioned regulatory costs increasing for your clients. What regulatory requirements come into play for Enfusion as a company?

Obviously, we have to comply with federal, state, and local rules and regulations, as all companies do. But because we are a software provider and not a broker-dealer or investment advisor (as our clients are), we’re not directly regulated by the SEC, FINRA, or any of their counterparts across the globe. That said, because SEC regulations impact all of our clients, we must carefully structure our business and products so that we don’t run afoul of – or cause our clients to run afoul of – those regulations. Likewise, where we are positioned next to our clients, we are frequently affecting them, such as guidance on third-party critical vendors, which causes our clients to conduct much of the cyber diligence we discussed earlier. 

So while we’re talking about regulations, can you talk a little bit about MiFiD II? How has Enfusion modified operations and procedures in Europe in response?

MiFID II stands for the Markets in Financial Instruments Directive and will take effect in January 2018. It’s a big piece of legislation that is on the tip of the tongue of every asset manager situated in or trading in Europe right now. The way it affects our clients, from our perspective, is twofold. First, it unbundles research costs commonly paid for through commission dollars. This will make it more difficult for our clients to deploy research services and will likely have an effect on how certain services are priced across the market.

MiFID’s enhanced reporting requirements will be difficult for many service providers. Luckily, as mentioned previously, we run on one data set, thus much of the needed information is already at our finger tips. Adding additional complexity here is that GDPR – which also comes into effect next year – imposes additional protections on personally identifiable information and how that data is transferred, especially transferred outside of the European Economic Area. MiFID requires some collecting and processing of personal information, whereas GDPR places great restrictions on such activity – so the pair can get complicated to work through. We have a team working on both and are confident we will be in a good position once the regulations take effect. 

If there is one piece of advice you have for someone who is considering a job at a cloud-based service company –  in terms of the kind of laws they should know, what to expect, or how to operate well within a technology company – what would it be?

I’d recommended maintaining an open mind and working hard to see yourself as more than an attorney. Don’t put yourself in a box; think of your legal knowledge and expertise as a differentiating rather than a defining skill. I see myself as a business partner and am constantly trying to learn about both the finance and technology industries. Although certainly I interact with a lot of other lawyers in my role, I also deal with many C-level executives. This mindset means that I can speak the same language as them, which makes all of our work go more smoothly.

You may also be interested in...
Like what you’re reading?
Sign up to get updates.