Welcome to AQRM. This page is your operational guide — covering our systems, tools, access policies, security practices, and everything you need to operate confidently from day one.
Aquarium Investments IPS (AQRM) is an investment management and advisory firm licensed by Latvijas Banka, with a strong focus on emerging markets, FX, and precious metals. We manage client portfolios individually, produce detailed reporting, and maintain rigorous internal controls to ensure compliance, transparency, and performance across all managed assets.
Teams operate around core functions: portfolio management, client reporting, compliance, and IT. Each employee is granted access permissions aligned with their role — you only see what your position requires. Cross-functional collaboration happens through Microsoft 365, with Aleph serving as our primary client-facing reporting and portfolio platform.
Primary channel for all internal and external communication. Automated internal controls reports are sent weekly to all relevant stakeholders. Check it every day. Use only your @aqrm.com address for company business — never personal email.
All company documents are stored in OneDrive. Access is role-based — you will only see the folders and files your position requires. Always save to OneDrive, never to your local desktop. Insufficient access? Contact IT.
Our proprietary asset management and client reporting system. Clients view their portfolios here. Admin access is IP-restricted — office Wi-Fi or VPN required. Never share admin credentials or admin URLs with clients.
How to access →Used for client risk profiling and international sanctions screening (AML/KYC compliance). Access is restricted to authorised compliance staff only. Data retrieved from Accuity is strictly confidential.
Our accounting system for all bookkeeping, financial data administration, and records. Access is limited to finance and management roles. All 1C data is classified as Confidential.
Mandatory when working remotely and accessing any IP-restricted resource. Activate VPN before opening Aleph or any internal system from outside the office. Always use VPN on public Wi-Fi — treat your home network with equal caution.
Specialist software for submitting trade orders to exchanges or counterparties. Access is limited to authorised portfolio managers only. Never share trading credentials and report any unexpected access or behaviour immediately.
Our public-facing website for clients and prospects. Not an internal tool — do not reference it for internal processes or share internal information through it.
Visit aqrm.com →Aleph is our asset management and client reporting platform. The admin panel is restricted to the office IP address. Whether in the office or working remotely, follow the steps below to gain access.
Connect to the designated office Wi-Fi. You are automatically assigned the correct IP and can access the Aleph admin panel directly from your browser.
Connect to the company VPN before opening Aleph. VPN routes your traffic through the office IP, enabling full admin access from any location.
If you receive an authorisation error or cannot load the admin panel, contact IT at informationtechnology@aqrm.com immediately. Do not attempt workarounds.
Clients access their own Aleph portal independently. Never share admin credentials or admin URLs with clients under any circumstance.
Internal controls run automatically and are distributed every week via Outlook to all relevant employees. These cover portfolio positions, compliance thresholds, and operational metrics. Review your weekly report and escalate any anomaly immediately to your manager.
Every employee is assigned an access level corresponding to the documents, tools, and data they need — no more. OneDrive, SharePoint, and all internal systems enforce these levels. If you believe your access is insufficient for a task, raise a formal IT request rather than attempting workarounds.
Every piece of information we handle has a sensitivity level. You are responsible for treating data according to its classification. When in doubt, apply the highest level of protection and ask your manager before sharing.
Client data, investment accounts, transaction records, personal data (GDPR), passwords, encryption keys, financial reports in draft, trading data. Unauthorised sharing can cause serious legal and reputational harm.
Share only with explicitly authorised people, via approved channels, encrypted for external transfer.
Internal policies and procedures, operational performance data, internal reports, intellectual property, contract details. Do not share externally without explicit approval.
Do not email to personal accounts or share through unapproved messaging apps.
Information already published or explicitly approved for external sharing — company website content, published regulatory filings, approved marketing materials.
If you're not sure whether something is Public — it isn't. Treat it as Confidential until confirmed.
Contact IT immediately — without delay — for any of the following: missing or insufficient Microsoft Office or OneDrive access; inability to connect to VPN or Aleph; any unusual activity including phishing attempts, suspicious logins, unexpected permission changes, lost or stolen devices, or anything that seems out of the ordinary.
Do not attempt to resolve security incidents yourself. Report first, then follow guidance from IT.
Characters required. Mix uppercase, lowercase, and at least one number.
Account locks after repeated failed attempts. Remains locked for 30 minutes minimum.
Sessions lock automatically after 15 minutes of inactivity. Win+L to lock manually.
Multi-factor authentication is mandatory for all remote access. Never share MFA codes with anyone.
Your login credentials for any AQRM system are personal and non-transferable. Do not share passwords with anyone — including colleagues or IT staff. IT will never ask for your password.
Any time you leave your workstation unattended — even briefly — lock your screen. Win + L on Windows, Ctrl + Cmd + Q on macOS. This applies in the office and especially in public spaces.
Be sceptical of emails requesting urgent action, unusual downloads, or credential entry — even from internal-looking addresses. Check the actual sender address, hover over links before clicking, and verify with the sender through a separate channel if in doubt.
All company documents must be saved to the appropriate OneDrive folder — never to your local desktop or personal drives. This ensures version control, access continuity, and compliance with data retention policies.
Client portfolio information is strictly confidential. Do not share, forward, print, or discuss client data outside approved channels. Any accidental disclosure must be reported to your manager and IT immediately.
When working remotely, connect to the company VPN before accessing any internal system. Avoid public Wi-Fi without VPN active. Never process client data on personal or unapproved devices.
The automated weekly controls report distributed to your Outlook is not optional. Review it every week and escalate anything unexpected. Ignoring anomalies is a compliance risk for you and for the firm.
All business communication — client-related or internal — must go through approved company channels (Outlook, Teams). Do not use personal email, WhatsApp, or external platforms for company business.
If you encounter a system error, unexpected permission, or any security concern — report it to IT before attempting to resolve it yourself. Undocumented changes to access or systems create compliance gaps.
Only install software approved by IT on your work device. Unauthorised applications may carry malware or create security gaps. If you need a tool, request it through IT — do not download it independently.
Do not let family members or anyone else use your company device. It processes client data and sensitive company information. If your device is lost or stolen, report it to IT immediately — day or night.
Do not leave sensitive documents, printed reports, or access credentials visible on your desk. In shared or open spaces, be aware of who can see your screen. Use a privacy screen when working in public.
You don't need to be certain that something is wrong to report it. A gut feeling is enough. There is no penalty for a false alarm — but there can be serious consequences for staying silent.
Don't click, close, or try to fix it. Leave the screen as it is if possible. Do not tell colleagues before reporting to IT — this protects evidence.
Call or message IT directly. If you think email is compromised, use Teams or phone. Describe exactly what you saw, when, and on which system.
IT will tell you what to do next — this may include disconnecting from the network or leaving the device switched on. Do exactly what is asked.
Do not attempt to delete files, run scans yourself, or look for the cause independently. This can overwrite evidence and make investigation harder.
For any security concern, access problem, or incident — contact IT without delay. There is only one IT person covering our team, so be specific when you reach out: describe the system, what happened, and when.
Please read the policy terms below carefully, then complete the form to confirm that you have read, understood, and agree to comply with AQRM's systems, access policies, and good practice guidelines outlined on this page. Your response is logged automatically with a timestamp.
1. Confidentiality. All client data, portfolio information, internal reports, and company processes are strictly confidential. You must not disclose any such information to unauthorised parties, inside or outside the organisation.
2. System Access. You will only access systems, files, and data your role requires. You will not attempt to bypass, escalate, or circumvent access controls. Any access issues must be reported to IT.
3. Security Obligations. You will use strong, unique passwords of at least 8 characters (uppercase, lowercase, number), lock your screen when unattended, connect via VPN when off-site, enable MFA where required, and report any suspected phishing, breach, or unusual activity to IT immediately.
4. Data Storage & Classification. All company documents must be saved to OneDrive in the appropriate folder. Local storage of company data is not permitted. You will handle information according to its classification level (Confidential, Restricted, Public). When in doubt, treat data as Confidential.
5. Communication. All business-related communication must occur through approved company channels (Outlook, Teams). Personal platforms may not be used for company business.
6. Compliance. You will read and act on your weekly automated controls report. Anomalies must be escalated to your manager without delay.
7. Incident Reporting. You agree to report — not resolve independently — any IT, security, or compliance incident you encounter. You will follow the four-step reporting process: Stop, Contact IT, Follow instructions, Do not self-investigate.
8. Device Usage. Company devices are for authorised employees only. You will not install unauthorised software, connect unapproved USB storage, or allow third parties to use company equipment. Lost or stolen devices must be reported to IT immediately.
If the form does not load below, click the button to open it in a new tab.
Open Acknowledgement Form ↗Your response is recorded in Microsoft Forms and logged automatically to the AQRM Onboarding Acknowledgements register. A confirmation will be sent to your work email once the Power Automate flow is active. If you experience any issues submitting this form contact informationtechnology@aqrm.com.