Law Firm Memo Explores Key Questions on Data, Risks

A memo by Shearman & Sterling partner Nathan Green focuses on data, regulation and risks and can be a helpful primer for directors as firms increasingly use data and algorithms in their investment programs. Green writes that the core questions for CCOs or attorneys reviewing a proposed data initiative are: Where will we get the data from? How are we going to use the data? Have we thoughtfully assessed related regulatory and contracting risks? Green presents some practice points on vendor due diligence, regulatory requirements, and risks. An “investment manager purchasing data wants to be sure the vendor is alert to the same types of concerns that the manager has, that data lineage can be properly confirmed, and that the vendor has some level of compliance infrastructure,” he writes. Green discusses regulator expectations regarding data vendors and AI and notes that regulators expect that “AI, or any sophisticated software for that matter, has been tested and is reasonably well understood by its users, will continue to be tested and “fit for purpose” over time” and that the software and its core operations and outcomes are understood and explained to a firm’s internal and external governance bodies. With respect to government oversight, the regulatory framework is uncoordinated and complex, with “a worldwide patchwork of often conflicting laws and regulations,” Green writes. The major risks for firms include data corruption, loss or theft and the possibility that data may carry the risk of tainting an investment manager with possession of material nonpublic information and thus breaching insider trading laws.