Hedge IT Blog

On June 22, 2011, the SEC adopted final rules implementing amendments to the Investment Advisers Act of 1940 ("Advisers Act") that require advisers to hedge funds and other private funds to register with the SEC. The SEC also announced that it has officially extended the compliance deadline for "private adviser" registration until March 30, 2012. 

Under the Advisers Act, registered advisers are required to have a Business Continuity Plan in place, so in this article we’ll look at the five steps of business continuity planning.

BCP versus DR

It is important to understand the difference between a Business Continuity Plan (BCP) and Disaster Recovery (DR), as they deliver complementary yet unique capabilities to a hedge fund. DR encompasses the steps taken to implement and support the infrastructure (hardware, software and sites) necessary to make recovery of mission-critical services and applications possible for a hedge fund. The steps to access up-to-date information and applications are established with DR.

A business continuity plan makes use of the infrastructure addressed in the DR plan, but focuses on business operations and understanding such items as:

• What are the mission-critical processes?
• Who are the key personnel?
• How are they going to be notified of an emergency?
• Where/how will they continue to operate?

Five Steps to Business Continuity Planning

To create an effective business continuity plan, a hedge fund should take these five steps:

Step 1: Risk Assessment. This phase includes:

• Evaluating physical on-site security and conducting walkthroughs
• Reviewing physical and network single points of failure
• Evaluating the impact of various business disruption scenarios
• Defining the probability of a risk occurring based on a rating system
• Prioritizing findings
• Developing a roadmap

Step 2: Business Impact Analysis (BIA). During this phase we collect information on:

• Recovery assumptions, including Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO)
• Critical business processes and workflows as well as the supporting production applications
• Interdependencies, both internal and external
• Critical staff including backups, skill sets, primary and secondary contacts
• Future endeavors that may impact recovery
• Special circumstances

Step 3: Plan Development. This phase includes:

• Obtaining executive sign-off of Business Impact Analysis
• Synthesizing the Risk Assessment and BIA findings to create an actionable and thorough plan
• Developing department, division and site level plans
• Reviewing plan with key stakeholders to finalize and distribute

Step 4: Plan Implementation. This phase centers on:

• Distributing the plan to all key stakeholders
• Conducting training sessions to help ensure employees are comfortable with the steps outlined in the plan

Step 5: Plan Testing & Maintenance. The final critical element of a BCP is ensuring that it is tested and maintained on a regular basis. This includes:

• Conducting periodic table top and simulation exercises to ensure key stakeholders are comfortable with the plan steps
• Executing bi-annual plan reviews
• Performing annual Business Impact Assessments

The BCP Guidebook

For more on BCP at Hedge Funds, checkout our “Establishing Business Continuity and Disaster Recovery Plans—A Hedge Fund Manager's Guide.”

Or contact Eze Castle Integration to speak with one of our certified business continuity planners about best practices or to learn about our Eze Business Continuity Planning Services. 
 

Recent Posts / All Posts

Connect with Us

• Contact Us