Published by — Makayla Chin
Date — 26.01.22
What is SFTP? What is it used for?
SFTP stands for Secured File Transfer Protocol or SSH File Transfer Protocol. It is a network protocol that provides a secure connection for file access, file transfer, and file management on both local and remote systems by leveraging SSH (Secure Shell) data stream. It is considered by many to be the optimal method for secure file transfer. This is because it uses encryption algorithms to securely move data and keep files unreadable during the process, and authentication prevents unauthorised file access during the operation.
For hedge funds and asset managers, it is a common method for transfer of trade files, billing statements and various reports.
The difference between SFTP, FTP and FTPS, and why we chose SFTP?
SFTP vs FTP
FTP is an old and popular file transfer method that has been in existence longer than the internet. Back then it was designed without malicious online activity, therefore it was not designed to deal with cybersecurity threats. With FTP, both channels are unencrypted, leaving any data sent over these channels vulnerable to being intercepted and read. SFTP is a more secure version of FTP, it offers strong protection through authentication options that FTP can’t provide.
SFTP vs FTPS
FTPS is FTP with TLS (previously known as SSL) protocol applied to protect communications over a network. While FTPS adds a layer to the FTP protocol, SFTP is an entirely different protocol based on the network protocol SSH.
One major difference between them is the use of ports. SFTP needs only a single port number for all SFTP communications, making it easy to secure.
FTPS uses multiple port numbers, the one for the command channel that is used for authentication and passing commands. But every time a file transfer request or directory listing request is made, another port number needs to be opened for the data channel. You and your trading partners will therefore have to open a range of ports in your firewalls to allow for FTPS connections, which can be a security risk for your network.
Why we chose SFTP?
As hedge funds and asset managers are dealing with high-value information, security is key. We recommend using SFTP as it is more secure than FTP, while also being more usable with firewalls compared to FTPS. It is also the standard protocol in the industry.
How does SFTP-based file management help hedge funds and asset managers?
1. Saves time
Hedge funds and asset managers are often dealing with a large volume of trade files, billing statements and reports from counterparties. Traditional fund operations may start the day by downloading these files from each counterparty’s portal, and organising these into folders. The time taken may seem trivial at first, but as the volume of data grows, this task alone can take hours, not to mention the interruption on the operations person’s work as they check for file arrival throughout the day.
With SFTP-based file management, the entire file acquisition process is automated from download to organisation. Files will automatically arrive in the right spot as they are ready, and good systems will even notify you when a file has arrived or that it hasn’t by a set time. Operations teams can save time and increase productivity. These are things a local network drive cannot do.
2. Improves accuracy of decisions
Hedge funds and asset managers make the majority of their investment decisions racing against the clock. The more up to date their insights are, the more accurate their decisions are. For example, current exposure will affect decisions on future trades, and accurate exposure is calculated from reconciled positions. Timing intervals at which reconciliation is performed is therefore critical. Many funds push reconciliation to the month end to avoid the daily chore of collecting and organising files, outdated information can cloud PM’s judgments. By investing in SFTP, file collection and organisation can be simplified, reconciliation can be easily automated, allowing reconciliation to become a daily process, hence, significantly improve accuracy of decisions.
3. Clearer oversight – reduce key person risk
Typically only one junior operations person is in charge of the file collection and organisation process, and only they know best when the files typically come in. If that person is sick, other members of the team tasked with other responsibilities may have to jump in. We’ve even witnessed COOs spending their mornings downloading files. The likelihood is that the substitute may take some time to find the logins, the folders, and will have no idea if certain files are late compared to usual.
With SFTP-based file management, the whole team will have full transparency of what files have arrived without relying on just one person. More advanced systems might offer a front end showing file arrival times, volume and status of the files (see Messer’s data warehouse for example). This means the COO will know when to expect reports to be finished and compare counterparties’ delivery.
4. Foundation for efficient automation
While SFTP-based file management is a financial automation itself, given the majority of the automations for hedge funds and asset managers utilises trade files, SFTP is often the foundation that other automation modules sit upon. As a manager adds new funds, processes more files or adds more automation, the benefits from SFTP are exponential.
5. Data Storage
Apart from collecting data, the storage of which post-collection can also be an issue. Many SFTP-based file management providers will store the data for you and/or provide a front-end from which you can manage or see insights about your files. For example, Messer’s SFTP file management comes with storage of files in their data warehouse for up to 7 years, and the option to add a front-end which also shows files number, arrival time, status, etc. Talk to your providers to find out more. Local network drive is a common intermediate solution, but it runs out of storage much faster.
6. Remote Access
During the pandemic, secure remote access is becoming increasingly important. As remote working becomes more prevalent, it is worth long term investment into. Funds with increasing number of counterparties and files typically set up local network drives as an intermediate solution, but this will no longer be sufficient. SFTP can be accessed safely through the browser anywhere, whereas network drives requires access in office or through remote desktop only.
Which funds should invest in SFTP-based file management?
The simple answer is all of them. Any fund that is currently exporting and organising data manually will benefit from SFTP, by reducing manual efforts, errors, key person risk and improving frequency of reporting, etc.
However, the real question funds are probably interested in is, “When does SFTP file management provide a positive return on investment?”. Therefore, while we strongly recommend all funds to implement SFTP at some point, we came up with some rough guidelines for when SFTP is likely to provide a positive return on investment:
1. Number of files
While depending on the number of portals and different types of files, the time taken to download and organise can change drastically, we found that on average when there are 10 or more files per day to collect, funds really start to see SFTP’s value when implemented.
Operations specialists can take up to 2-3 days in collecting and organising data for month-end reports. SFTP can automate this process, and act as the stepping stone for automatic report generation altogether. If 45 minutes or more per day or 2 days or more per month is spent on file management, SFTP is likely to provide positive returns straightaway.
Funds with 3 counterparties or more to collect data from, tend to find SFTP most cost-effective.
Strategy itself should not affect the usefulness of SFTP directly, but rather it serves as an indicator as to how many files the fund is likely to collect. Long/short, macro, multi-strategy, quantitative funds tend to have the most data and files, while event-driven funds tend to have the fewest.
These guidelines are based on our interactions with different clients and prospects. They are meant for guidance only but are by no means conclusive. We advise funds to do their own analysis before investing in SFTP. But we do believe that an efficient firm should have SFTP in its implementation roadmap as soon as possible.