Selecting the Right IT Managed Service Provider the FinServ Way

Are you happy with your IT MSP? Many funds are not. Selecting the right IT MSP is not something you should keep putting off. Learn how FinServ helps its clients find the right IT provider for their unique needs.

Managing your IT infrastructure touches every team member and can create significant issues if not handled effectively. From extensive downtime to user frustration having an IT team that does not act as a business partner can hurt your whole fund.
FinServ completed an IT MSP Vendor Selection for one of our Private Equity Fund clients experiencing these exact issues. When the head of the fund could not access his systems during the pandemic, and their service provider had let the problem sit for over 24 hours, the fund decided a change had to be made.
The client was already aware of FinServ’s Vendor Selection methodology, as a few months earlier, we helped them select a new Third-Party Fund Administrator.

FinServ’s Vendor Selection methodology ensures that our clients select the right service provider for their unique requirements. Our comprehensive approach includes three stages of selection.


Phase 1 – Initiate

FinServ works with our client to inventory/collect all essential documentation and support for the new vendor culminating in a detailed set of user requirements. FinServ leverages our functions of an IT MSP to reconcile all possible functions to ensure all possible services are covered. Getting from a long list of vendors to a shortlist based on a detailed Request for Information (“RFI”).

Phase 2 – Assess

At the core of our selection approach, we use a 35-Page RFP including over 320 detailed questions. This level of detail ensures that the vendor provides the services and support in a way that meets each client’s requirements. Every client has their own way of doing business, and this approach ensures that the vendor that best fits that model is selected. The key to this stage is FinServ’s team with unparalleled attention to detail combs through the provider’s documentation and answers. It creates a qualitative and quantitative scoring that investors and auditors call world-class.


Phase 3 – Recommend

In the final stage of our selection process, we use scripted demos, which force each vendor to show, not just tell us, how they address the client’s most complex challenges. It is in this step that the right vendor rises to the top. Most salespeople hate this step because they know that often they want to stretch the truth about their systems. The right vendor can show how it is done to seal the win. In our final step, we conduct comprehensive reference checks that often uncover issues that may not disqualify a vendor but help the client with crucial advice as they move forward with the winner. The final step is a recommendation deck that summarizes all the detailed work, including the cost analysis across the finalist vendors supporting the client’s final selection. Many clients have used this document to show potential investors the quality of diligence in selecting a key service provider.


Beyond the Methodology

The process is key to making the right choice, but more important is ensuring that you focus on the essential areas these service providers offer. Technology is constantly evolving, be sure there is a focus on what is needed today and in the near term to meet your firm goals and requirements.

FinServ makes it our business to always stay on top of the latest requirements from regulatory agencies like the SEC and the latest technologies that the best providers are using.

Your IT Managed Service Provider (“MSP”) typically handles 2 to 3 of the most critical aspects of your business:

1) Cyber-Security & Risk Management

2) Monitoring & Management of IT Infrastructure

And for funds that have chosen not to keep IT resources in-house.

3) Service Desk / Desktop Support for Users / Company


1) Cyber-Security & Risk Management

With the war in Ukraine and the increased likelihood of focused cyber-attacks, there has never been a more critical time for a financial institution to ensure that they have the best possible risk management and cyber security coverage possible.
The offerings from the best IT MSPs have changed drastically over the past few years as the technology for cyber security and risk management has been forced to evolve as quickly as the sophistication of attacks.

The Not So Obvious Requirements Matter Most
One of the nuanced aspects of these services is less about your direct protection and more about how communications about potential IT security issues are raised. Our clients desire to limit the noise created by non-critical communications, so only the most critical issues are escalated for review. Some vendors have more advanced issue monitoring and alert systems that use rules and triggers to raise only the most important messages to clients, limiting “boy who cried wolf” scenarios.
The best vendors also proactively provide webinars and training for your employees to stay on top of the latest attack approaches. A knowledgeable team is your best defense against constantly evolving and changing cyber threats.


2) Monitoring & Management of IT Infrastructure

Has your network ever gone down, leaving you unable to work? Have any of your remote employees ever lost access to your network? Has a crucial executive of your firm ever been frustrated by not getting the IT support they need?
If the answer to those questions was yes, you probably don’t have the right service provider with the proper setup and response management systems. The best IT MSPs have formulated approaches that ensure redundancy and backup of essential systems, so you never have downtime during regular business hours. Similarly, they have all created world-class service systems that support intelligent routing of critical issues with complete status transparency. Essential issues are solved in minutes, not hours or days. When they take longer, your support staff can see real-time updates on 1) who is working on the issue, 2) when it will be resolved, and 3) all the latest activity and communications to the key executive.


3) Service Desk / Desktop Support for Users / Company

If a key executive’s camera is suddenly not working and they have a full day of Zoom or Teams calls ahead, not having someone come to their desk immediately to fix the issue can be a significant problem.
Alternative asset management firms often choose not to hire a CTO or desktop support staff. With predominantly SaaS-based applications, the need for in-house physical support has been dramatically reduced. Many smaller funds prefer to rely on an outsourced IT support person along with a part-time Virtual CTOs (“vCTOs”) to focus on complex technology strategy. Separately, while remote desktop support can work for many issues, in-person physical support is still something many funds require. While many IT MSP Vendors have moved away from offering this service, it is still an essential requirement for many funds.

If you are one of these funds, FinServ has you covered. We know which IT MSPs truly champion this type of support and which vendors only give it lip service. Additionally, If you are unhappy with any existing onsite IT support you are receiving today, we can help you move to a vendor that will cover all of your needs.



The IT MSP Vendor space is filled with many sub-par providers that cannot cover the mission-critical services that alternative asset managers require. In a world where one mistake could cost your firm its reputation or paralyze your operations, it seems crazy to leave this essential operational risk under-serviced and exposed.
There is no one-size-fits-all vendor. Many of the best IT MSPs have focused their services in certain areas, so choosing the right partner that fits your firm’s unique requirements is essential. FinServ’s knowledge of the marketplace and our rigorous selection methodology ensure you get the provider and services your fund requires.

To learn more about FinServ Consulting’s services: or (646) 603-3799.

About FinServ Consulting

FinServ Consulting is an independent, experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks, and industry service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle, and back-office. FinServ provides managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience working with the world’s largest and most complex asset management firms and global banks.

What Every HR Department Must Do in Workday to Ensure a Smooth Start to the New Year

There are five main activities that need to be done in Workday at year end  / beginning of the year to ensure the smooth running of a business. These simple tasks are often overlooked – particularly by those new to Workday – but can have a negative impact if not done.

There are five critical tasks that Workday companies should undertake around the year-end / new year time frame. Individually, these are simple tasks but can significantly impact your HR operations if not completed in time.

Year-end activities come thick and fast, and it is easy in the last month of the year to forget to undertake some essential tasks. FinServ Consulting has identified five essential tasks that every HR department must complete to guarantee a smooth kick-off to the new year. Lack of action on these tasks could create unnecessary errors or preventable breaks in your operations, causing a lot of unneeded January headaches.

These five areas are:

  1. Scheduled Processes – (integration, reports, alerts) and Period Schedules (payroll, time off, time tracking) must be reviewed and set up / extended manually. Scheduled processes can be set up in advance up to five instances in a new year. Period schedules can be set up for up to two years in advance.
  2. Delegation Review – A review of delegation assignments ensures that they are correct and that expiration dates are extended. This will avoid the Workday inboxes of executives filling up with tasks that generally would be delegated.
  3. Compliance Activities – Review what compliance requirements are pending for the new year, including mandated data purging and verifying employee compliance with company policies.
  4. Corporate Document Updates – A review of employee documents like the corporate handbook, benefit plan documents, and company policies will ensure that they are updated and properly linked to in Workday.
  5. Time Off Calendar and Balances – Update the upcoming holiday calendar to ensure that employees can successfully request time off. In addition, review time-off balances that are carrying over to ensure accuracy.


#1 – Scheduled Processes and Period Schedules

Scheduled processes allow you to automate processes on a schedule (i.e. daily, weekly, monthly), such as an integration with your medical benefits provider or payroll processor. These schedules are typically set up in advance but must be maintained annually. They cannot be scheduled indefinitely and can usually be set for up to five scheduled instances in the following year.

Suppose your payroll file is not sent to your payroll provider because it is no longer automatically scheduled in Workday. In that case, the HR team risks a highly visible and potentially catastrophic mistake.

Period Schedules standardize the sequential periods you use to track absence or payroll. These period schedules also need to be entered and maintained manually and can be entered up to two years in advance.

Not setting your future period schedules can prevent employees from requesting time off or prevent you from processing the next pay run. Like the Scheduled Processes, not maintaining Period Schedules is an easily preventable error.


#2 – Delegation Review

Tasks are often delegated in Workday, usually to assistants of senior executives. Senior executives are generally crucial control points to granting approvals for time off requests from their subordinates or approving high-value expenses and invoices. Executives usually do not have the time or inclination to go into Workday consistently and approve these requests.

Delegating these tasks to assistants allow the tasks to be completed in a timely and consistent manner. These delegations do have expiration dates and need to be reviewed annually. Letting delegation settings expire can result in a senior executive’s Workday inbox being flooded rather than the tasks going to the correct delegated employee for processing. If the executive is not looking at their Workday inbox, critical invoice payments may not be approved, leading to unnecessary late payment penalties. For example, Market Data vendors’ unpaid invoices may lead to unnecessary late fees or, even worse, denial of critical data that the business requires.

As administrative permissions have time limits, it is easy to set them and forget them until something goes horribly wrong.


#3 – Compliance Activities

Data purging and employee compliance are two of the essential resets needed at year-end / beginning of the year. This means verifying that everyone has signed the required employee and corporate policy documents such as the employee handbook, Covid / return to work attestations, restricted trading policy attestations, and other necessary documents.

As these documents are disseminated throughout the year, it is easy to lose track of whether they have been reviewed and signed off on by all employees.

The time surrounding the new year is a natural time to conduct a holistic overview of the status of the firm’s overall policy attestations. For example, employees may be required to attest to understanding the code of ethics or conflicts of interest policies. Ensuring that these policies are enforced and that enforcement is tangible is key to assuaging any concerns of regulators or potential investors.

This time is also an excellent time to review how well the firm is in compliance with data retention and purging regulations. For example, the European Union’s General Data Protection Regulation (GDPR) stipulates that personal data is collected for legitimate reasons and is only kept if needed. Because of these regulations, companies will need to place greater scrutiny on terminated employees and their personal data. The HR or compliance departments must be vigilant in reviewing this data and determining if there is a legitimate reason to continue storing it in Workday.


#4 – Corporate Document Updates

Corporate documents such as employee handbooks, benefit plan documents, and policies can get out of date quickly as policies evolve, such as Diversity and Inclusion and Remote Work policies. In addition, the companies’ benefit providers often change, or the company changes the plan offerings themselves. The document file itself can change from content updates to file name changes or file location changes. Once this happens, the reference link in Workday may no longer work and inevitably lead to errors during any attestation process or during an employee onboarding.

Checking that the latest document versions are set up in the system should be part of any end of year to new year process. Multiple or outdated versions of documents can cause problems; ensuring that only one version – the latest – exists is essential.

Performance review templates are another area to double-check along with offer letters and other templates used throughout the year. These templates can change. Since they impact all employees and prospective hires, it is critical to be consistent and accurate in what is shown. If these templates link to external documents or are set to send information to vendors, it is vital to make sure that the links still work.


#5 – Time Off Calendar and Balances

A simple task that can cause many headaches is ensuring that next year’s calendar includes the correct dates for holidays. Different localities and regions may have special holidays, and observed holidays change from year to year. These are not automatically loaded into Workday; they need to be set up every year manually. This is particularly important for companies with international offices where the holiday dates may differ.

The time around year-end is also a good time to get ahead of nuances in the calendar for the upcoming year to give you more time to be prepared to address any employee concerns. For example, most financial services firms follow the stock market’s holiday schedule. At the end of 2021, the stock market is not observing New Year’s Day 2022 as a holiday since it falls on a Saturday. Usually, the holiday would be observed on the preceding Friday. But, because Friday is a key accounting period (year-end / quarter-end / month-end), the stock market will be open. Try explaining that on New Year’s Eve when this calendar quirk dawns on your employees.

Another critical activity for year-end is to check your employee’s time off balances due to carry over. Carry-over balances should be checked for accuracy; this will ensure that your time off eligibility and carry-over rules are correct and that an unexpected employee type / setup is not breaking the time-off rules.  Unused time off that can be paid out will need to be appropriately reviewed and loaded into payroll.



Overall, it is best never to assume that these essential tasks have been completed. Much of what needs to be done annually is common sense, but HR and Operations teams often overlook these additional inputs / actions in the crunch of a busy fourth quarter.

FinServ Consulting has found that many clients outsource support for these activities after they have experienced one of these painful events.

Whether you choose to seek our support or not, we hope these top tips help you avoid any adverse effects on your company’s operations. Getting to grips with these tasks early and on an annual basis will save a lot of time, energy and headaches in the coming year.

To learn more about FinServ Consulting’s services: or (646) 603-3799.

About FinServ Consulting

FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.

Vendor Management Systems Take Center Stage

If the pandemic has taught businesses anything, it is that they need to plan for the unexpected and ensure they have a robust, effective and comprehensive vendor management system. Such a system is not a “nice to have” but the best way to keep track of the myriad of service providers and the detailed work that needs to go into this effort.

No matter the fund or company size, vendor management systems are an integral part of the smooth running of a firm. Recently, FinServ Consulting implemented a vendor management system (VMS) for an alternative asset manager, helping it to customize the system. Based on this experience, FinServ identified six key elements of a top vendor management system.

#6 – Tickler System 

Top of the list of “must-haves” is the ability to trigger events automatically. This is at the heart of any VMS and should handle all the rules and actions around contract renewals. Part of this will be automatically sending out vendor risk questionnaires internally to determine if a vendor is performing well and externally to the vendor to ensure its own internal processes, risk assessments, and business continuity plans are robust enough to support the fund. A good VMS will handle all these notices automatically and allow the firm to customize what it needs to do and when.

The best systems provide the functionality to support nested logic, workflow-based action step processes, multiple forms of notification, and automated updates to the data in the system.

Whatever the system, it should ensure the various components can be set up by the end-user with little or no technical expertise through user-friendly user interfaces. The system must also have a dynamic messaging capability, so emails or texts sent to the user and/or vendor provide contextual information needed to understand the details of the alert and be able to act on it in a timely fashion.

#5 – Business Continuity Plans

The primary focus of a VMS is on the vendors. It should be able to produce a business continuity plan and scrutinize its response to events it can foresee as well as the unknown unknowns. For example, if it is impossible to be physically in the office, the plan should outline the steps needed to ensure the smooth functioning of the fund, including naming key members of the team and what to do it they are incapacitated physically or because of technical problems.


The best vendor management systems have all the key pieces of a rigorous business continuity plan. This means a firm’s plan can be created on the fly each time a new vendor is added, updated, or changed when something significant happens within the business.

It should also provide a detailed system and organization controls (SOC) II level questionnaires and links to detailed analysis of all aspects of a vendor’s risk assessments and pull in details of the vendor’s responses to automated surveys. This allows the operations team and/or the chief information security officer (CISO) if a fund has one to document their own findings and risk mitigation strategies for anything flagged during the risk vetting process.

Capturing incidents in the vendor’s history that may require legal or other actions by operations or compliance teams is another essential related element.

#4 – Managing Costs

A vendor management system is only as good as the quality of the data put into it. If the system uses planned and actual spending from an enterprise resource planning and/or general ledger system, it will give a powerful view of spending by vendor.

One of FinServ’s clients took this a step further by tracking spending by employee for certain subscriptions. This gave a fuller picture of overall spending at the individual employee/trader level. With this data, the financial and operational teams could make decisions quickly on spending allocations in key areas and where spending on vendors was redundant or unnecessary.

A good vendor management system will offer application programming interfaces that make it easier for technology teams to interact with other systems such as the general ledger, customer relationship management, or document management systems. When all these systems talk to each other and automatically pass data back and forth, there is no need to have manual entry. This means a firm can ensure all its data are in sync, avoiding discrepancies.

#3 – Contract Management

Most legal departments are overwhelmed with managing negotiations and deal-related matters. The contract management component of a good VMS allows a legal team to coordinate with other key areas such as the business owner for the vendor, as well as the compliance and finance teams.

Contracts can then pass through risk management and legal processes in a timely and efficient manner. With key inquiries sent to vendors – requests for documents or other information – the vendor management system ensures the contract process goes smoothly. Prior to the end of a contract, the tickler feature automates the notification for vendors and the internal team responsible.

The vendor management system should be able to link to the firm’s enterprise-level document management system to make sure a “golden copy” of each contract is kept in one place only. By linking to the document management system, the firm centralizes the security of these documents, ensuring permissions only for the people who should have rights to see or update these documents. This is where a good vendor management system covers various aspects of the due diligence and overall compliance processes.

#2 – Compliance

Ensuring vendors are compliant with key items such as certificates of insurance, non-disclosure agreements (NDAs) and SOC II is critical for investors, auditors and regulators. The vendor management system should simplify and automate the process of collecting and managing these documents as well as provide integration with other key systems. The system should track not only the receipt of any documents but also expiration dates that require a new document.

One of the more sophisticated and user-friendly features of a system FinServ Consulting implemented for one of its clients was the ability to reveal certain parts of the system only when necessary. For example, only when a vendor required a certificate of insurance would it show the section of the document tab for loading the COI. This made it much clearer and easier for the client’s administrative team to manage the documents it needed to collect from each vendor.

#1 – Onboarding Challenges

How a vendor is onboarded is another area where a vendor management system is essential. It can help streamline processes, identifying who is able to add vendors and what controls, assurances, and guarantees are needed for each type of vendor.

For example, during the vendor onboarding process, the operations due diligence team answered certain key questions through a wizard. The responses determined which document sections would show for the administrators who needed to collect the documents. When all the required documents were collected, it notified the vendor sponsor that its vendor was up to date and ready to go live. The system also notified legal that it should engage the vendor to finalize the contracts while letting all interested parties know that a new vendor was now live in the system without the need for any manual emails or intervention.


Vendor management systems have become an essential system for all alternative asset managers. An effective system must be able to provide a place to store essential data and offer user-friendly support to investor relations, operations, legal, and compliance teams so they enjoy working with the system. When all these pieces are in place, it makes working on due diligence questionnaires and regulatory reviews much easier and enables the firm to avoid last minute panics when trying to meet deadlines.

FinServ Consulting has the systems integration expertise, experience, and depth of knowledge to create vendor management capabilities with nearly any platform including VMS specific systems like Onspring to broader platforms like Salesforce and many others. It understands alternative firms and how a well-designed vendor management system can help limit exposure risks and ensure a firm is prepared for whatever the future may bring.

To learn more about how FinServ Consulting can help your firm build and integrate a new vendor management system, or customize one you already have, contact us at or (646) 603-3799.

About FinServ Consulting

FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.

The Great Debate: Agile or Waterfall Project Management

Effective Project Management

Effectively managing a project and team(s) is a difficult task that faces increased challenges in a remote environment. Obstacles are exacerbated by the lack of in-person collaboration and the inability to stop by a colleagues desk for a quick and informal update. However, selecting the correct project management methodology can help alleviate numerous issues and ensure that your project is completed successfully.


Agile & Waterfall Methodology Overview

No project management technique is best suited for all situations. The most common methodologies are Waterfall and Agile. Although both approaches are popular and have been around for an extended period of time, specific projects are better suited by one or the other.

The Waterfall methodology is the traditional and sequential approach that is best for projects with a well-known scope likely to experience minimal change. Client input takes place at milestones as the project transitions throughout the various phases. In a Waterfall project management strategy, each phase must be completed prior to transitioning to the following phase. These phases are clearly outlined and define clear objectives that must be accomplished before progressing.

As indicated by the name, an Agile methodology is designed to accommodate change. Its iterative nature focuses on completing certain objectives by the end of a specified time period known as a sprint. Agile methodologies are well suited for projects with unclear initial requirements. The methodology prioritizes the most important aspects of a project and relies on continuous client input throughout the engagement. Deliverables are reviewed by the client and other applicable teams after their corresponding sprint. 


Advantages of Each Method

The Waterfall approach’s numerous advantages derive from its structured nature. The first of which, is that it clearly defines all aspects of the project and ultimately increases planning accuracy and detail. Consequently, this approach aligns well with fixed price contracts and government entities. Furthermore, progress can be measured through the completion of each phase as opposed to a product backlog that hasn’t been addressed.

It is less reliant on client input because it is predominantly collected at milestones. This allows the client to take a hands off approach and focus on the day-to-day operations of their business. Finally, successful completion of projects managed with a traditional methodology ensures that all items are addressed and eliminates ambiguity.

One of the greatest advantages to the Agile approach is its flexibility. An Agile approach is particularly useful when the project’s timeline is strained because it prioritizes the most important features. The sprint structure aligns with Time & Materials contracts because sprints are predetermined timeframes that specify workload.

Additionally, constant client interaction augments quality via increased feedback, additional testing, and dynamic user requirements that account for evolving needs. The constant nature of client feedback allows for frequent modification of the product backlog. This is particularly useful for a technical client that wants to get a deeper understanding of the solution. They can work through their use cases and determine if their needs will be better served by an alternative route. 


Disadvantages of Each Method

Although each method is effective in its own right, they are not without disadvantages. The Waterfall methodology requires a thorough understanding of business requirements prior to beginning. The Project Manager must have a clear sense of all client needs and initially account for them throughout the various phases. Scenarios where the client is unable to provide a comprehensive overview of the requirements may force the PM to “fill in the gaps” – which is far from ideal.

Another disadvantage associated with the Waterfall approach is the risk of a final deliverable that is not in line with client expectations. Given that the client is less involved in the process, they may be surprised by the end result. However, the traditional approach hedges against this with comprehensive requirements and periodic updates.

Agile method drawbacks tend to be associated with one of its strengths, frequent client input. It requires a significant amount of coordination and cooperation across multiple internal and external teams. While this is great in theory, it may be difficult in practice. Clients may not have the resources, interest, or expertise required for the Agile approach’s mandated involvement. This is especially relevant when the client outsources the work as they hired another firm to step away.

The adaptability of the approach leads to many changes in the project’s scope. These changes affect the project’s cost and timeline. Unfortunately, this is not feasible for certain clients and situations. Moreover, low priority items may not get completed within the original time frame due to a focus on high priority items.



In conclusion, both the Waterfall and Agile Project Management methodologies include pros and cons. In an ideal scenario, the project would be completed successfully regardless of the utilized approach. However, certain client types, engagements, and solutions are better suited by one of the two methods. It is critical that you discuss both options with the client and pick the one that they are most comfortable with. Many professionals blend the two techniques to benefit from each’s strengths while minimizing the drawbacks. Recent trends have increased popularity for Agile management, but it is beneficial to gather all available requirements as early as possible.


About FinServ Consulting

FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.

How to Securely Share and Work with Files in Salesforce

FinServ has partnered with a firm out of Germany to provide a seamless integration of SharePoint Online right in Salesforce. If you would like to see a demo, please feel free to contact us at or by completing our Salesforce inquiry form


The Nightmare Scenario you have to Avoid

Sweat is dripping down your brow and you have a queasy feeling in your stomach, it’s 2 o’clock in the morning and you are desperately trying to reach the person who your Investor Relations team accidentally emailed an investor (NAV) statement with the investor’s social security number in it. If you have shared a sensitive document with the wrong person, you know the sheer terror these moments can bring. We see the most sophisticated financial services companies in the world taken down by these types of mistakes all the time. Even if the email is retrieved the public relations fallout will likely cost you investors or in some extreme instances the shut down of your fund.

Given this risk, it is hard to believe that the majority of funds and other financial services firms are still not integrating their CRM systems with enterprise-level document management systems like SharePoint Online. At FinServ Consulting we work with 40 of the top 100 hedge and private equity funds in the world and very few of these firms currently use enterprise-level document management systems to protect their investor data.


The Quick and Easy way to Use SharePoint Online in Salesforce

Most Salesforce clients abandoned Salesforce Files a long time ago. Due to its lack of user-friendliness and severe limitations, Salesforce Files became one of the least-used features in Salesforce. At the same time, many companies have been moving to cloud-based office suites like Office 365 from Microsoft. With most Office 365 licenses, you get SharePoint Online for free. SharePoint Online is an extremely secure, cloud-based and feature-rich enterprise-level Document Management system.

Has anyone in your firm ever accidentally sent a sensitive document to the wrong client?

SharePoint Online has the ability to stop the recipient from opening that document even if they have already downloaded it onto their computer.


Inserting a Cloud-based Link to a SharePoint Online Document in Email



Removing Access Quickly

If you realize you made a mistake, you can stop the person from accessing the document you shared with just a couple of clicks. Even if they downloaded the document onto their hard drive, they will not be able to open the document thanks to Microsoft’s use of dual-key encryption. This means once you take away your side of the key, they can never open the document again.


2 clicks and access to the document is removed



Has anyone in your company ever accidentally or purposely emailed a file to an external recipient with Social Security numbers in it?

SharePoint Online with Outlook / Email integration means that you can stop any email or attachment from being shared if it contains sensitive info with PII (Personally Identifiable Information).


Particularly for highly regulated industries, like Financial Services and Healthcare, the built-in dual-key encryption and information rights management (“IRM”) features that SharePoint Online offers out of the box are “have to have’s”. 


Microsoft PII Warning when Sensitive Data is Detected in a Document



Seamless Integration with our Salesforce App

The application we helped build provides a seamless interface to all of your SharePoint Document Libraries and Files inside the Salesforce Lightning User Interface. The benefits of this application mean that your users will save hundreds of hours they used to spend searching through inconsistent folder structures and names or wading through multiple versions of a file to try to figure out which is the latest version of the file. By automatically linking the Files and Folders to your Salesforce records, you get your data and your files in one combined place to provide optimal efficiency for your team.

Through the application interface you get:

  • 1-click to Open just about any kind of file so your team never wastes time with multiple clicks or waiting for a file to download before you can open it
  • For Microsoft Office files where you have editor access, it will open up in the Office app in Editor mode
  • You can upload files into the document library with 1-click as well
  • You can also delete files if you have the correct access with 1-click
  • Embedded search available right within the Lightning Component


Investor Relations Use Case

For our Alternative Asset Management clients, we offer the case study of the Investor Relations associate who often spends their day working with investors on questions. The ability to view the investor’s contact record while also looking at the investor’s latest NAV statement or recently updated subscription documents provides a level of efficiency that makes their day-to-day work much easier.

example of Investor Contact record with right sidebar of SharePoint Online Files



How the App Works

Putting the automated component into place is as simple as adding any Lightning Web Component; the interface offers quick and easy checkboxes to turn off and on key features in the application. Once added to any Object Type in Salesforce (standard objects or custom objects are all supported), the interface makes it simple and user-friendly to access your files and folders in seconds.

The quick and easy way to open SharePoint files right in Salesforce!



The application leverages advanced Microsoft technology to provide:

  • Automatic creation of preset Folder and Subfolders that are automatically linked to the Salesforce record you just created or updated
  • You can use the data in Salesforce to automatically name the Folder; this ensures a consistent naming scheme which will make it easy to find files
  • For historical records, we offer automated scripts to create the Folder and Subfolders for all of your existing Salesforce records

Automatically Create a new set of SharePoint Online Folders and Link to your Salesforce Record with no Clicks when you create a New Salesforce Opportunity!


Using an Enterprise-Level Document Management system is a must-have for any company working in a regulated industry like Financial Services or Healthcare. SharePoint Online from Microsoft provides the most cost-effective and robust system in the marketplace. When you combine that with the Salesforce CRM system, you provide your users with a seamless and secure platform to work with customers while ensuring your company’s and your clients documents and data, including PII, remain secure.

The application FinServ has created with our partner provides the level of automation and seamless integration that your users demand and will also ensure they embrace the use of a Document Management system like SharePoint Online.

If you are interested in a demo or would like to purchase the application, please contact us here or by email at and we would be happy to help.

About FinServ Consulting

FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.

The Most Impactful Feature of Salesforce’s Summer 20 Release

In FinServ’s opinion, the new Kanban Split View is the most exciting feature of the Salesforce Summer ’20 Release. In this article, we will highlight how Funds and Financial Services companies can take advantage of this new feature to realize maximum benefit and ROI. If you would like more insight into these updates and how to implement them, please feel free to contact us at or by completing our Salesforce inquiry form


Expedited Prospect Data Updates with the Kanban Split View

Sales and Marketing teams are constantly working through the list of their top prospects each day. They realize that updating Salesforce with the latest key info is critical to moving the pipeline forward.

The Kanban view was a huge step forward in previous Salesforce releases. By providing a visual pipeline with the ability to drag and drop items to the next stage, it made pipeline stage updates much more efficient.

Up to this point however, the process of editing these records was a tedious, click-heavy effort of having to go into each record, edit the record, save the record, refresh the screen, and move onto the next record to edit.

With the Salesforce Summer ’20 release, users now have the Split View for Standard Navigation feature. This exciting new feature allows the user to highlight the record they want to edit, right in the Kanban view, and edit the key fields all from the same screen!

Sales and Marketing teams will save hours of time with a level of efficiency previously unattainable in any CRM. By making it easier to update the record, it also promises to improve the quality of the data for the Executive and Investor Relations teams as well.

Split View for Standard Navigation in Kanban View


Key Considerations:

  1. You must have a Sales Path setup for the Object you want to use this for
  2. The Sales Path will ask you to select the Key Fields you want to be able to Inline Edit
    a. The Key Fields can and should be different for each stage to ensure you are providing your team the quick edit access they require
    b. The Key Fields are limited to just 5 per stage, so pick carefully
  3. Provide Guidance in each Stage to ensure your team fully understands what is expected to be filled in and you gain maximum value from the quality data

Salesforce Video on this Exciting New Feature



The Summer ’20 Release is schedule to arrive on July 18th. FinServ Consulting, a top Salesforce Partner with a focus on the Asset Management sector, ensures our clients take advantage of the most important features of each release and maximize their investment in Salesforce.

Over the next few weeks, we will continue to highlight the new features we see as most valuable to our clients, with a unique focus on our industry. Upcoming posts will include exciting new developments to Lightning Flow, which is fast becoming the most useful tool in the Salesforce arsenal for process automation.

If you are interested in any of these features and want help implementing them or just have a question about them, please contact us here or by email at and we would be happy to help.

About FinServ Consulting

FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.

What You Need To Consider When Choosing A New OMS

Undergoing technological change or implementing a new system is not something to be taken lightly in ordinary market environments, much less during a time of extreme or abnormal market volatility. If your fund or organization is planning to implement a new OMS or replace a legacy OMS, there are several things you should consider.

From a business and investment standpoint, there are the usual key considerations, including: the need for integrated OMS/EMS functionality, whether ease of use important, ability to customize workflows and if there is a desire for extensive client/marketplace connectivity. From an operational perspective, one must also consider other non-functional items like data migration (and how easy it is to implement), the software support model, modularity and future expandability.

​The aforementioned list only touches the surface; the overarching themes involve automation, workflows, analytics and decision-support tools. In fact, in a recent Refinitiv/Greenwich Associates paper, traders ranked an EMS as the most impactful technology in the short-term.




In general, hedge funds treat the Portfolio Manager (PM) and Trader workflows as a single unit, whereas traditional asset managers may have additional bifurcation between roles and responsibilities. At a hedge fund where the PM sends orders via email/chat/voice to a trader to execute, they may want a single, integrated OEMS. On the other hand, an asset manager often has multiple PMs who route orders to a centralized trading desk. In this case, the institution may want a solution with specific standalone OMS and EMS functionality, in order to access best-of-breed functionality.

The trend in the marketplace for a while has been OMS vendors integrating additional trading functionality by buying or building EMS solutions. This results in the ability to capture and allocate client orders while also capturing execution details to help the firms comply with regulatory requirements. Additionally, this allows them to market themselves as an all-in-one solution and would insulate the client from having to integrate yet another vendor into their technology stack.


Source: Charles River Development


Ease of Use

Being able to get your operations, back office and front office users onboarded and using the software as quickly as possible can be a heady concern for most clients. In theory, this sounds simple, but many legacy OMS were designed with a single asset class in mind. If your client is now multi-asset, multi-strategy and trading a variety of instruments in volume, it’s even more imperative that a system be easy to use and operate as one cohesive platform.

A modern interface with intuitive workflows can be a competitive advantage especially if the fund’s current OMS platform is antiquated and requires, in a worst case scenario, dual entry or swivel-chairing in order to execute and fill an order. (Swivel chairing involves a PM creating orders/allocations in an OMS and then sending them over to trader for execution in an EMS).


Ease of Customization

A vendor’s product team always has to find the right balance of customization and the notion of a standard offering for the client. However, in this day and age where customizability is king, most vendors are client-driven and willing to bend over backwards for their clients. Enfusion Systems, whose product features weekly upgrades, has marketed their product as being easily customized. In a recent implementation with an asset manager, Enfusion agreed on development of specific functionalities within their platform that would position them well for the changing OEMS marketplace. The client agreed on an OMS implementation, while also using Enfusion’s Services team for reconciliations (the client still kept some functionality in-house, like collateral management).


Client/Marketplace Connectivity

Most multi-strategy funds that trade a wide breadth of products across different asset classes and venues will always be excited at the prospect of having a vendor whose product comes pre-packaged with existing API connectivity to brokers, venues and marketplaces. Many clients have a baseline expectation of connectivity with a full suite of partners across the spectrum of asset classes. If this is not currently in the vendor’s repertoire, the expectation is that connecting to new trading venues and brokers would be trivial.


Data Migration

One of the most underestimated Issues that can be the source of delays for most implementations is data migration. What seems like a simple exercise to port accounting/trading data from the client’s old system to the new system can lay bare a client’s unreconciled data and inconsistencies between trading data and official books and records. Having clean, reconciled source data from the client that can be matched to the client’s custodian or fund administrator sounds simple. In practice, many things can go wrong and be a source of delays. Finding a vendor who has experience successfully migrating trade data, for funds that are similar to their current structure, in a timely manner is the holy grail.


Our Implementation Project with Enfusion and an Asset Manager

FinServ is currently engaged with an institutional asset manager on the implementation of Enfusion’s comprehensive front-to-back trading software product. The asset manager is looking to implement a new front-to-back office system for one of their businesses. Because their current portfolio management system is a legacy product, the product features were outdated and users found the workflows to be inefficient. By implementing a new portfolio and order management system, they would be able to control service levels and more importantly, they would be able to custom develop functionality that match their growing business needs.

After an extensive vendor selection process, the asset manager chose Enfusion Systems. Enfusion was able to make their choice easy due to their cloud-based solution, which provides integrated order and execution management as well as middle office and IBOR services. Although not the focus of this article, the asset manager was also looking to outsource part of their back office to Enfusion’s Services team. Using one vendor for both OMS and back office was one of the key drivers behind their decision. In addition, having a single data model also provided a golden copy for data for all users across all functions. Since the asset manager’s business model involved trading a diverse set of product types and made use of heavy derivatives, Enfusion’s ability to handle multiple asset classes also made sense.


Because implementing a new OMS was such a large effort, the timelines for launching and migrating an initial account and eventually the entire business spanned much longer than a year. A decision was made to have a phased approach, where specific sets of strategies and funds would be moved to the new platform in stages.

In order to alleviate some concern that the execution tools, order management workflows and trade compliance functionality would not be replicated completely (due to extensive in-house custom enhancements over the years), Enfusion worked closely with the client to address these items.

From the client’s standpoint, adding a new system would also add additional complexity – additional integration points, extra feeds into and out of their books and records system, the necessity to have Trading operate out of multiple platforms simultaneously, a bifurcation of the client’s Operations team to handle both sets of systems and lastly, having PMs manage portfolios and strategies across multiple systems during the phased implementation.

“Enfusion and FinServ worked side-by-side during this project – we ran implementations, gathered clients’ requirements and dived deep into the use cases. Both parties were truly collaborative and this enabled accountability with the client. FinServ has tremendous project management experience and it was great partnering with them.”

– Brad Flax, VP of Business Development at Enfusion


If you are interested in learning more about our current and past Enfusion implementations, please reach out to FinServ. Throughout our 15 years of existence, we have proven that our deep industry knowledge combined with our project management and overall best practice methodologies can be an asset to your organization. To further continue the conversation or to discuss more of FinServ’s capabilities, please contact FinServ at or give us a call at (646) 603-3799.

About FinServ Consulting

FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.

HCM for Asset Managers: Find the Right Solution for Your Firm

An HCM solution is an integrated system that automates HR functions combined with finance, planning, and analytics and allows for employee self-service capabilities, thereby reducing labor costs, optimizing business processes, and increasing efficiency. Companies that transition from manual processes and disparate legacy systems to modern, cohesive digital workforce management technologies can realize up to 15-25% cost savings related to HR and IT spend.

Most current HCM solutions are offered as a cloud-based, SaaS delivery model and include modules for payroll, HR, time and labor management, and recruitment. This type of solution does not require an expensive hardware investment and constantly updates software to the latest version while maintaining secure backups. These systems are monitored at all times and provide the utmost reliability. An added plus for asset managers is that the solutions can be customized to suit the size of any company and grow as the organization grows.

At FinServ Consulting, we have experience working with firms of various sizes in the alternative asset management industry to select, implement, and/or upgrade their HCM systems. While there are numerous benefits of having one comprehensive, integrated HCM, there are other options available on the market such as lite solutions that meet basic needs without all the added features that may not be necessary for some firms, as well as point solutions that cater to the industry’s unique needs, like complicated compensation structures. FinServ can help assess your company’s specific requirements to identify what to be aware of in terms of missing features, implementation issues, and cost-benefit analysis of different HCM options.


Benefits of a Consolidated HCM

Attract and Grow Talent

Recruiting top talent and keeping them engaged is no longer just HR’s responsibility—talent objectives can have a significant financial impact on growing a financial services business. Implementing a new HCM system can help enhance performance management processes to eliminate bureaucracy and encourage meaningful conversations between managers and employees focused on performance improvement. In addition, better compensation data and visibility of top talent allow managers to make more well-informed decisions regarding performance and rewards.

Some clients in the alternative asset management space that FinServ has previously worked with used manual spreadsheets to manage staff performance, as well as recruiting and other functions in some cases. However, by opting for a consolidated HCM system, these organizations were able to use more sophisticated workflows to provide employees with more meaningful feedback. Also, they could track and monitor operational outcomes and staff development across the company to ensure a payback from their HCM investment.

Make Better Informed Decisions

Asset management firms in the current environment face increasing regulatory scrutiny, such as GDPR, AIFMD, and Form PF, and constantly evolving standards. In order to meet the new generation of demands, these companies need to make well-informed investment decisions with visibility into all business lines. However, this is a difficult task when the data required to deliver these insights is housed in disparate legacy systems with varying formats and level of detail. This is where having consolidated HCM comes in—a single system for finance, HR, planning, and analytics can offer the necessary foundation to gain better insights, save time on data aggregation, and proactively solve business problems. A digital solution of this type can help improve business margins, provide competitive differentiation, attract and retain customers, and identify lucrative areas for growth.

Harness the Power of Modern Data

Today’s financial companies have an unprecedented amount of valuable data across their organization. However, many are still not able to access this data due to isolated, unorganized, and inaccurate legacy systems. The data warehouses that are typically accessed by business intelligence tools to create reports or perform financial analyses hold data that was accurate at the time it was loaded and refreshed from legacy systems, resulting in a high likelihood that it is out-of-date and unreliable. As a result, financial services firms often turn to add-on custom software solutions to try and achieve real-time data extraction, but these products often produce further challenges because they require continuous maintenance to keep up with the changing needs of the business.

Implementing a contemporary, consolidated HCM system allows firms nimble access to the real-time data that is necessary for constantly changing business needs. These solutions include technologies, such as cloud computing, open APIs, artificial intelligence, and machine learning, that make insights transparent and accessible across lines of business.

Build Organizational Agility

Being agile is key to an asset manager’s long-term success and there are several factors at play in building organizational agility:

  • Adaptable: A flexible technology foundation is essential to be able to change organizational structures and processes in response to regularly shifting business needs.
  • Skilled: Financial services firms, among others, face a widening skill gap and must find ways to upskill their workforce.
  • Empowered: In order to perform at the highest potential to meet evolving consumer expectations and drive success, employees need full access to data to make business decisions.
  • In Control: The need for measurement and control goes hand in hand with agility and speed. Asset managers must measure more relevant KPIs to learn from what works and what doesn’t when it comes to new digital revenue streams.

There are common obstacles that firms must overcome to meet the guidelines above, including inflexible legacy technologies, bureaucratic organizational culture, and a lack of relevant employee skills. By using a comprehensive HCM solution to add intelligence to business tasks, financial firms can move past these challenges and employ integrated, real-time planning in order to build organizational agility and realize their digital growth aspirations.


Choose the Right Solution

As mentioned previously, there are many HCM offerings available on the market and it is important to select the right one to meet your firm’s unique needs. There are several factors to consider, such as the needs and priorities of the business, size of the firm, and desired metrics and reporting abilities. FinServ Consulting has experience working with asset management firms to identify and implement a suitable HCM solution. We can help you make the right decision and take full advantage of the capabilities and rewards that the new solution will provide.



If you are interested in establishing or improving your firm’s HCM platform, FinServ Consulting is the right partner to help you reach your firm’s strategic objectives.  Throughout our 15 years of existence, we have proven that our deep industry knowledge combined with our project management and overall best practice methodologies can be an asset to your organization. To further continue the conversation or to discuss more of FinServ’s capabilities, please contact us at or give us a call at (646) 603-3799.

About FinServ Consulting

FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.

Sowing a Field to Cultivate: Driving Sales via Contact-Based Leads in Salesforce

One of the recurring challenges new Salesforce clients encounter during their implementations is grappling with how standard Salesforce objects/functions align with their actual business processes. It is one side of the knowledge sharing gap on any new vendor software implementation. The other side of the gap is that technology teams need to get up-to-speed on a client’s business as quickly as possible. This includes a macro understanding of the client’s industry, the specific business processes related to the project, and how any legacy systems work to support  client activities today. The faster these gaps close, the better the final solution will be in the end.

The goal of this article is to address the client-side knowledge gap by educating potential Salesforce clients about one of the critical design discussions in any Salesforce implementation: When Should Contacts be Created in Salesforce? To answer that question, the article will provide a quick overview of some core Salesforce basics, along with FinServ’s rationale supporting Contact-Based Leads for Financial Services clients:

  • What is the Difference Between a Lead and an Opportunity in Salesforce?
  • What are Salesforce Contacts? When are Contacts Created in the Default Salesforce Workflow?
  • What is a Contact-Based Lead Approach? Why is it a Better Choice?

Leads Convert into Opportunities

What is the Difference Between a Lead and an Opportunity in Salesforce?

In Salesforce, Leads represent potential deals that have not been fully vetted or “qualified”; they could also be referred to as “unqualified opportunities”. In this case, qualified refers to confirmed interest from a prospect to buy a specific product/service/offering. Leads can come from a variety of sources, such as real-life interactions like meeting someone at an event or when someone fills out a form on a website requesting more information on a specific product/service.

What separates Leads and Opportunities is how realistic the deal is based on confirmed client interest. Opportunities are real, active deals with confirmed, measurable interest from a prospect.  When that hurdle is met, Leads are considered qualified and they are “converted” into Salesforce Opportunities. Opportunities are the sales and pending deals that need to be tracked. By creating Opportunities, a “pipeline” of deals is formed, which may be tied to sales forecasting and advanced pipeline reports.

What are Salesforce Contacts? When are Contacts Created in the Default Salesforce Workflow?

Contacts are the golden source of all data related to a person/individual. The set of Contacts in Salesforce is simply a modern-day rolodex. Out-of-the-box Salesforce includes basic datapoints for Contacts one would expect like phone numbers, email addresses, and mailing addresses. When you convert a Lead in Salesforce, the system guides you through the creation of new Accounts, Contacts, and Opportunities, while connecting that data with the information already on the platform.

This default Lead-to-Contact process flow makes sense for a lot of Salesforce clients that are dealing with a high volume of low-quality Leads. An example of this would be a web-based retail store; lots of potential customers might show up through various channel source that need to be filtered and cultivated. Keeping your Leads and Contacts separate help to reduce tracking bad person/individual data from Leads in Salesforce Contacts. The problem with this approach is that Leads are never associated with a Contact until the Lead is qualified and the actual Lead conversion process occurs, which means you lose prospect history. This affects a couple key areas for most of FinServ’s financial services clients:

  • Cross-Selling New Products/Services to Existing Clients: Valuable historical information from past interactions on a Contact are never associated with new Leads for the same person/individual. That includes the basics like simple contact information to important details like preferred market strategies and potential commitment amounts for a hedge fund client.
  • Re-engaging Old Leads: Even if Leads don’t convert in an isolated sales cycle, most FinServ clients are not dealing with high volume, low-quality. The Leads available are usually curated through existing relationships or through industry service like capital introduction. It is important to curate all this information whenever new Leads are created to avoid face losing valuable details.

What is a Contact-Based Lead Approach? Why is it a Better Choice?

The simple solution to all these issues with vanilla Salesforce is simply to adopt a Contact-Based Lead Approach. This means that users may create Leads from existing Contacts and relate Lead records to Contacts before the Lead conversion process occurs. It’s that easy and it facilitates the ability to handle the above limitations with standard Salesforce, while also supporting common business activities like the ability to track multiple Leads for the same Contact.

The Bottom Line

Adopting Contact-Based Leads is quick solution to solve some of the major limitations of vanilla Salesforce to align the platform with financial services businesses; however, it is a major design decision that is easier to enforce for new implementations. It is always better to measure twice and cut once. FinServ Consulting’s industry expertise and unparalleled track record for financial services clients makes us the right partner to help you make the best decisions to support your business.

To learn more about FinServ Consulting’s services, please contact us at or (646) 603-3799.

About FinServ Consulting

FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.

Cybersecurity Protection with Salesforce Shield


Salesforce recently introduced a cybersecurity focused offering that builds on the already formidable security capabilities of the world’s leading customer relationship management platform. With Salesforce Shield, organizations can institute better internal cybersecurity practices by developing clearer oversight of employee’s daily activities and stronger protection of their valuable data. Salesforce Shield expands on the class leading security infrastructure of Salesforce across the three key service areas of:

  • Platform Encryption
  • Event Monitoring
  • Field Auditing

Salesforce Shields’s focus on these three services allows for a more nuanced utilization of privacy functionalities and clearer oversight into the firm’s cyber activities. Of course, administrators of standard Salesforce environments could always customize their firm wide security settings through a variety of restrictions, permissions, and requirements across the platform. However, with Salesforce Shield, administrators have exponentially deeper control and granularity when establishing and maintaining their firm’s online security. This article will provide an overview of each Salesforce Shield’s services, as well as the key factors management should consider when implementing the technology.



Platform Encryption

A standard Salesforce subscription only allows for the encryption of custom fields that are less than 175 characters, which is likely insufficient for many firms that maintain large amounts of customer data. For the first time, Salesforce Shield brings encryption to a wider range of custom and standard fields, including sensitive information such as Account Names, Addresses, Phone Numbers, and Emails. Platform Encryption with Shield allows users to natively encrypt their most sensitive data such as personally identifiable information (PII), confidential, or proprietary data, while meeting internal and external compliance regulations. Salesforce Shield also allows users to adopt the latest encryption innovations, such as Bring Your Own Keys (BYOK), which allow users to provide their own tenant secret, generate their own Hardware Security Module (HSM), and ultimately increase their control over the encryption processes.



Implementation Considerations:

1) Identify Encryption Needs

    • Firms need to first identify their unique encryption needs. Encrypting every piece of data that a firm has online would slowdown workflows, leading to inefficiencies that provide little returned value. Firms should identify and evaluate the potential channels and methods of attack they face, while also classify the data types that they would like to protect. At the same time, firms can specify which fields are the truly “must encrypt” elements and evaluate the business functionality changes that may come with encrypting this information.

2) Apply Field Level Encryption

    • Because encryption can be assigned at the field level across different users, firms need to decide which fields would be accessible by different users. Shield allows firms to grant permissions to certain fields only for authorized users, while also applying encryption to these fields for an added level of security. Once these capabilities have been properly vetted, users can begin testing how their business processes would work with this newly encrypted data.

3) Define Key Management Strategy

    • Shield enables firms to take on greater ownership over their encryption key management strategy. For an effective implementation of Salesforce Shield, firms should identify who can manage the encryption keys and define the protocols for backing up, rotating, and archiving keys.

4) Maintain Organization’s Encryption Policy

    • Platform encryption requires strong policy and procedure documentation to guarantee its effectiveness. Establishing the lifecycle of keys and periodic data backups ensures that the data your firm has today is securely maintained in the future as well. Meanwhile, periodic reviews of encryption protocols ensure that these established policies remain effective as data grows and new fields are added. Regular reviews of data encryption protocols are a critical aspect of continued data security and data effectiveness with Salesforce Shield. 



Event Monitoring

Salesforce Shield allows firms to have even clearer oversight of critical business performance and user behavior data. Firms using Salesforce Shield have a deeper understanding of the underlying performance, security, and individual usage of data stored in their Salesforce ecosystem. With Event Monitoring, managers can drill deeper into their event log files in order to visualize time relevant performance and security metrics. This allows managers to understand employee behavior within Salesforce, ensuring that they are securely utilizing the platform to its fullest potential, and overseeing the storage of their sensitive data. Managers would find these capabilities especially valuable during audits, when regulators can easily drill down to see what changes were made within Salesforce, by which users, at what time. Shield allows for this Event Monitoring capability on over 40 different event types across different user activities, all of which can be displayed across 16 pre-built dashboards.



Implementation Considerations:

1) Capture Read-Only Event Log Files

    • With more than 40 event types able to be captured using Salesforce Shield, firms should first review the current list to see which would bring value to their organization. Event logs can store the granular details of how specific users are utilizing the firm’s data, as well as the corresponding timing and location of these action. Therefore, understanding what data to be capturing as well as the means of capturing this data is critical part of a successful Salesforce Shield implementation.

2) Visualize the Data to Identify Critical Insights

    • The ability to directly transfer Salesforce insights into any business intelligence or data visualization tool, such as PowerBI (click here for an earlier FinServ post on Power BI), allows managers to quickly visualize trends and develop actionable strategies. Users can also build Data Loss Prevention or Adoption & Performance dashboards with Einstein Analytics or bring this data into any of the 16 prebuilt dashboards with the Einstein Event Monitoring Analytics tool included with Shield. Additional visualizations capabilities can also be found in pre-built apps via Salesforce’s AppExchange and data can still be exported to CSV files for additional analysis and visualization methods.

3) Take Action

    • Identifying gaps in security policies and procedures, modifying governance policies, and setting up access controls as well as transaction security measure are all early management considerations for an effective implementation of the Event Monitoring service. This will support firms in driving initiatives to increase user adoption, automating workflows, and improving the overall performance of their Salesforce environment.


Field Audit Trail

As companies continue to generate and track massive quantities of data, having an effective IT governance strategy in place becomes more and more critical. Salesforce Shield Audit Trail allows users to track the history of various data fields in their Salesforce ecosystem in a far more robust manner. While the field history feature included with a standard Salesforce subscription allows users to track 20 fields for 18 months, Salesforce Shield Audit Trail allows users to track 60 fields per object for 10 years. This is a significant asset for firms operating in highly regulated industries such as financial services. Shield allows firms to extend the utilization of their audit trails while remaining compliant with data retention and audit granularity requirements.


Implementation Considerations:

1) Consult Business Units to Understand Retention and Audit Period / Depth

    • Firms should first identify their data retention and audit period on a per object basis to understand exactly where and how Audit Trails may benefit their business processes. While the maximum possibility is for 10 years and 60 objects, firms should find the ideal balance between complete oversight and operational efficiency. Additionally, firms should consider the unique regulatory guidelines they must adhere to while customizing the service to fit their needs.

2) Set Retention Policies

    • Firms should determine which fields and objects should be retained for audit purposes. Additionally, identifying when and how long this information should be archived is a crucial step in a successful implementation of Field Audit Trail.

3) Identify Practices for Retrieving and Auditing Data

    • Finally, firms should develop best practices for obtaining, maintaining, and auditing this data. Steps such as setting up audit dashboards, defining standardized queries, and providing access to auditors in the permissions settings should be taken to ensure consistent and accurate reporting of Field Audit Trails in the future as well.


Security Benefits Over Standard Salesforce

The Platform Encryption, Event Monitoring and Field Audit benefits that Salesforce Shield brings to users, beyond the basic platform capabilities, offer an effective means of protection against a wide range of cybersecurity threats. Firms can now encrypt large amounts of information in standard objects, track and visuzalize a variety of events in pre-built dashboards, and maintain an audit history of dozens of objects for a decade. Salesforce has recognized that as the cybersecurity landscape continues to evolve, robust and innovative solutions are needed to keep their customers ahead of criminal attacks.


FinServ’s Capabilities

When securing your firm’s sensitive data from increasingly sophisticated attacks, it is crucial to partner with industry experts that understand the most effective solutions available. While Salesforce Shield brings a deeper level of sophistication over classic Salesforce security capabilities, sophisticated technology is only part of the complex cybersecurity equation. FinServ can gather the development requirements and implement the detailed policies and procedures to protect your firm for years to come. An effectively led implementation of Salesforce Shield is the best way to ensure that there is lasting security for your organization as cybercrimes grow more sophisticated and prevalent.

About FinServ Consulting

FinServ Consulting is an independent experienced provider of business consulting, systems development, and integration services to alternative asset managers, global banks and their service providers. Founded in 2005, FinServ delivers customized world-class business and IT consulting services for the front, middle and back office, providing managers with optimal and first-class operating environments to support all investment styles and future asset growth. The FinServ team brings a wealth of experience from working with the largest and most complex asset management firms and global banks in the world.