Investing To Protect The Oceans

Through the explosive rise of environmental, social, and governance (ESG) investing in recent years, the “E” in ESG has been almost entirely defined by efforts to address climate and terrestrial problems. Investors wanting to leverage their capital to improve the health of the world’s oceans haven’t had an abundance of options.

But that is finally beginning to change. Some public investments such as new so-called blue bonds—the blue referring to oceans and waterways—and stocks of companies with innovative ocean-protective policies are liquid entry points for investors. Meanwhile, direct private investment options have been opening up for wealthy folks who can tolerate investment lockup periods and high minimum investments.

“ESG and impact investments directly addressing oceans are taking time to develop,” says Justina Lai, chief impact officer at Wetherby Asset Management, a San Francisco wealth management firm specializing in ESG. “But it’s an area that has garnered more interest in the past two or three years as awareness grows.”

Blue Bonds

Among the newest options are blue bonds, whose proceeds are used to fund ocean-related projects aimed at preserving and protecting the environment.

The first issuance was in 2018 by the Republic of the Seychelles to fund sustainable fisheries. More recently, Morgan Stanley underwrote the World Bank’s $10 million issuance of 30-year blue bonds.

“Our goal is to connect capital with solutions, to drive impact around issues of plastic waste,” says Matthew Slovik, head of global sustainable finance for Morgan Stanley, which in 2019 resolved to reduce and prevent 50 million metric tons of plastic waste by 2030.

Critical to the acceleration of change is making impact and ESG investments accessible to average investors. Morgan Stanley is doing its part by offering low minimum investment—$10,000—ESG portfolios that include ocean-supportive investments, Slovik says.

Private Investments

Opportunities are broadest in the private investing arena, where pioneering venture, private equity, and debt funds are channelling capital into companies with innovative ideas for addressing marine challenges.

Among them is Closed Loop Partners, a New York investment firm committed to helping build a circular economy in which products are reused and waste is eliminated before it can reach the oceans. For example, its Closed Loop Venture Fund invests in a Chilean start-up called Algramo, which creates refill stations for household products such as detergent, condiments, rice, and other staples.

Circulate Capital, a Singapore-based private investment company, similarly focuses on plastic reduction in nations including India, the Philippines, Thailand, Vietnam, and Indonesia. Coca-Cola, PepsiCo, and Unilever are among investors in the Circulate Capital Ocean Fund, among whose underlying investments are Ricron Panels, a Gujarat, India-based recycler of plastic waste into materials for furniture and building construction, and Tridi Oasis, an Indonesian converter of PET (polyethylene terephthalate) bottles into flakes used in packaging.

There’s great potential for growth for innovators in the blue economy, says Mark Huang, co-founder and managing director of SeaAhead, which provides a start-up platform for blue innovators and last year launched the Blue Angel Investment Group to connect investors with promising start-ups. The Paris- based Organisation for Economic Cooperation and Development estimates the blue economy will double to $3 trillion by 2030.

Blue Angel’s debut was met with the challenging circumstances created by Covid-19, but by February this year had already doubled its entire 2020 capital. Among its investments: Beta Hatch, a young Seattle firm that creates feed for poultry out of mealworms, replacing the typical feed made from ground fish—a product leading to overfishing in the oceans, Huang says.

As tech leaders race to bring Windows systems back online after Friday’s software update by cybersecurity company CrowdStrike crashed around 8.5 million machines worldwide, experts share with CIO Journal their takeaways for preparing for the next major information technology outage.

Be familiar with how vendors develop, test and release their software

IT leaders should hold vendors deeply integrated within IT systems, such as CrowdStrike , to a “very high standard” of development, release quality and assurance, said Neil MacDonald , a Gartner vice president.

“Any security vendor has a responsibility to do extensive regression testing on all versions of Windows before an update is rolled out,” he said.

That involves asking existing vendors to explain how they write software, what testing they do and whether customers may choose how quickly to roll out an update.

“Incidents like this remind all of us in the CIO community of the importance of ensuring availability, reliability and security by prioritizing guardrails such as deployment and testing procedures and practices,” said Amy Farrow, chief information officer of IT automation and security company Infoblox.

Re-evaluate how your firm accepts software updates from ‘trusted’ vendors

While automatically accepting software updates has become the norm—and a recommended security practice—the CrowdStrike outage is a reminder to take a pause, some CIOs said.

“We still should be doing the full testing of packages and upgrades and new features,” said Paul Davis, a field chief information security officer at software development platform maker JFrog . undefined undefined Though it’s not feasible to test every update, especially for as many as hundreds of software vendors, Davis said he makes it a priority to test software patches according to their potential severity and size.

Automation, and maybe even artificial intelligence-based IT tools, can help.

“Humans are not very good at catching errors in thousands of lines of code,” said Jack Hidary, chief executive of AI and quantum company SandboxAQ. “We need AI trained to look for the interdependence of new software updates with the existing stack of software.”

Develop a disaster recovery plan

An incident rendering Windows computers unusable is similar to a natural disaster with systems knocked offline, said Gartner’s MacDonald. That’s why businesses should consider natural disaster recovery plans for maintaining the resiliency of their operations.

One way to do that is to set up a “clean room,” or an environment isolated from other systems, to use to bring critical systems back online, according to Chirag Mehta, a cybersecurity analyst at Constellation Research.

Businesses should also hold tabletop exercises to simulate risk scenarios, including IT outages and potential cyber threats, Mehta said.

Companies that back up data regularly were likely less impacted by the CrowdStrike outage, according to Victor Zyamzin, chief business officer of security company Qrator Labs. “Another suggestion for companies, and we’ve been saying that again and again for decades, is that you should have some backup procedure applied, running and regularly tested,” he said.

Review vendor and insurance contracts

For any vendor with a significant impact on company operations , MacDonald said companies can review their contracts and look for clauses indicating the vendors must provide reliable and stable software.

“That’s where you may have an advantage to say, if an update causes an outage, is there a clause in the contract that would cover that?” he said.

If it doesn’t, tech leaders can aim to negotiate a discount serving as a form of compensation at renewal time, MacDonald added.

The outage also highlights the importance of insurance in providing companies with bottom-line protection against cyber risks, said Peter Halprin, a partner with law firm Haynes Boone focused on cyber insurance.

This coverage can include protection against business income losses, such as those associated with an outage, whether caused by the insured company or a service provider, Halprin said.

Weigh the advantages and disadvantages of the various platforms

The CrowdStrike update affected only devices running Microsoft Windows-based systems , prompting fresh questions over whether enterprises should rely on Windows computers.

CrowdStrike runs on Windows devices through access to the kernel, the part of an operating system containing a computer’s core functions. That’s not the same for Apple ’s Mac operating system and Linux, which don’t allow the same level of access, said Mehta.

Some businesses have converted to Chromebooks , simple laptops developed by Alphabet -owned Google that run on the Chrome operating system . “Not all of them require deeper access to things,” Mehta said. “What are you doing on your laptop that actually requires Windows?”