Loose Lips Sink Ships: Information Security Best Practices for Fund Managers

In this age of increased transparency, investment strategy and position level information needs to be communicated and shared among many parties.

6 March 2014


In this age of increased transparency, investment strategy and position level information needs to be communicated and shared among many parties, including prospects and clients.  

A few weeks ago, a number of press outlets reported that David Einhorn, of Greenlight Capital, was not very happy with a posting on the popular Seeking Alpha research and blogging website.   It seems a blogger named “Valuable Insights” had learned that Greenlight was building a position in Micron Technology and decided to share it in a blog post.  This was before Greenlight disclosed its position to the SEC and before Greenlight had asked the SEC for confidential treatment as it was still building its Micron position.  Obviously, the blog drove up the share price of Micron, raising the cost basis while Greenlight was still accumulating the stock.  Einhorn contends that the only people who knew about the Micron position were those that had a contractual or fiduciary duty to maintain the confidentiality of the position.  Unfortunately, this is a large group including employees, prime brokers and administrators.

While we’d like to think that the recipients of such sensitive information always have the best intentions regarding confidentiality, this is not always the case. It’s also worth pointing out that this conundrum doesn’t just apply to hedge fund managers, but also for private equity, venture capital and real estate managers.  One can imagine a VC that needs to update investors on the status of its early stage portfolio companies, but the leakage of said information can have negative consequences regarding a company’s competitive position.  As the saying goes, “loose lips sink ships.”

So what’s a fund manager to do?  How can sensitive investment information be shared securely with outside parties without compromising the need for investor transparency? There are in fact a number of best practices that can be leveraged to satisfy all parties involved:

  • Utilize a file sharing and communications platform that can restrict a recipient’s use of any information sent out -  Restrictions on printing, viewing and forwarding can be effective deterrents in information leakage.  “Containment” is the operative concept here so that, at the very minimum, disseminated information is not so easily shared beyond its intended targets.
  • “Tier” your information - This means affording different levels of transparency to various groups of end users.  The trust level you have with a client of five years might be very different than with a new potential investor.  The same can be said when sharing information with various service providers.  Ask yourself: What do they need? Why do they need it? What are they going to use it for?
  • Look to a platform that provides some degree of user access intelligence - Monitor groups, users and documents to confirm the who, what, where and how information is being accessed and utilized.

Clearly no system, platform or process can be 100% foolproof when sharing sensitive information, but the inherent risks of utilizing non-secure communication methods such as email are too obvious to ignore.

There are much better ways managers can protect their investment strategy information while still providing outside parties with the information they need. They just need to look.