Last week, in Part I of our Dodd-Frank webinar recap, we reviewed the legal requirements for hedge funds and private equity firms under the new legislation. The other key ingredient to understand for compliance with Dodd-Frank is technology. Below is a short summary of the information presented by Brian Fahey of MyComplianceOffice and Mary Beth Hamilton of Eze Castle Integration, respectively.
Technology & Compliance for Investment Advisers
The first step in creating a comprehensive compliance program is to identify the various factors that prompt the need for compliance. Examples of these factors include legislation (Dodd-Frank), risk assessments, external advisory from legal or compliance consultants, expected practices, and a firm’s culture or products. These contributing factors will help define your firm’s compliance policies and procedures and may also help shed light on the technology required to meet these expectations.
Within an investment firm’s compliance program, a variety of elements should be evaluated. By determining what your firm’s specific needs are, you’ll be able to better understand which elements you require. Examples include:
- Personal Trade Monitoring
- Calendar and Activity Management
- Document Management
- Case Management
- Trade and Fund Surveillance
- Business Continuity Planning
Ultimately, the use of Word and Excel documents is no longer an acceptable formula for compliance. Hedge funds and investment firms need to increase their investment in comprehensive compliance programs in order to meet the growing demands of regulators and the industry as a whole.
Hedge Fund Technology Best Practice Guidelines
While the Dodd-Frank Act states that registered investment advisers will need to employ specific technology safeguards, unfortunately it does not explicitly define what those safeguards are. Regardless, industry best practices and investor expectations continue to dictate hedge fund technology requirements, including disaster recovery systems, business continuity plans, and email archiving practices.
For more insight into the specific wording within the Dodd-Frank Act about technology, read our previous blog post on the topic.
Disaster recovery planning has quickly gained popularity in the wake of the economic crisis, and investors will oftentimes choose not to allocate to certain funds who cannot demonstrate that they have DR systems and processes in place.
As a starting point, hedge funds should identify these two critical factors:
- Recovery Point Objective (RPO): The point in time to which you must recover data as defined by your organization (e.g. If your RPO equals 0, you’ll need to employ continuous replication to ensure no data is lost).
- Recovery Time Objective (RTO): The duration of time within which a business process must be restored after a disaster. (e.g. If your RTO is 1 hour, you will require higher availability than a fund with an RTO of 24 hours, who can restore data from backups).
Business Continuity Planning
Using the five basic steps of business continuity planning, firms should prepare to:
- Perform a Risk Assessment.
- Perform a Business Impact Analysis.
- Create a BCP Plan.
- Implement said BCP plan.
- Test and maintain the BCP plan.
Data Retention & Archiving
As you probably know, the SEC currently requires registered advisers to retain all internal and external email and instant messages pertinent to business communications, some for up to five years. Firms must also take precautions to ensure electronic records are secure from unauthorized access and theft or unintended destruction.
Take the following questions into consideration when evaluating an archiving vendor:
- Will you have a dedicated server or shared server?
- Does the provider utilize Natural Language Processing?
- Is the service compliant with Bloomberg, Thomson Reuters and Blackberry messaging outlets?
- Does the vendor use WORM storage to maintain message integrity?
- Does the service allow for single-search of all information?
- Can end users see and search their own electronic records without seeing those of other users?
- Expert Tips for Launching a Hedge Fund in a New Environment
- Answering the FCA's Dear CEO Letter on Outsourcing with Some Practical Steps
- Reflecting on What We're Thankful For This Thanksgiving
- Finding Your One-Stop Shop: The Benefits of Choosing an All-Inclusive IT Provider
- Three Ways Your Cloud Provider Can De-Stress Your Life
- business continuity planning
- cloud computing
- data loss prevention
- disaster recovery
- eze castle milestones
- hedge fund due diligence
- hedge fund marketing
- hedge fund operations
- hedge fund regulation
- help desk
- high frequency trading
- launching a hedge fund
- privacy compliance
- project management
- real estate
- startup & relocation
- trends we're seeing
- videos and infographics