I had the pleasure of joining my colleague, Vinod Paul (managing director here at Eze Castle Integration), on a panel yesterday about disaster recovery at HFBOA’s Optimizing Hedge Fund Business Operations Conference in New York.
Titled ‘Disaster Recovery: An ounce of prevention is worth a pound of cure,’ we covered a range of topics with the overarching theme being that there is no excuse for a hedge fund not to have disaster recovery in place. To quote one panelist, “Nobody Gets a Pass” – including service providers.
The difference between DR and BCP?
- BCP focuses on the people, processes and operations while DR looks at the IT systems necessary to maintain business as usual should an incident occur.
How has the DR and BCP landscape changed over the last five years?
- From a regulatory perspective, more is expected from hedge funds, and regulators are more knowledgeable about what IT systems and safeguards should be in place.
- Beyond regulators, investors not only expect hedge funds (regardless of AUM) to have DR and BCP in place, but they want proof the systems accurately reflect the business processes and risk landscape. A simple ‘check the box’ approach to DR is no longer enough to satisfy investors.
- The IT landscape for DR has changed as well. The prevalence of cloud-based DR services has driven down the cost of DR substantially making it economical for funds of all sizes. Additionally, the cloud has lifted the technology management burden off many hedge fund managers.
360-degree due diligence emerging as the new norm
- Investors are scrutinizing hedge funds and, in turn, hedge funds must scrutinize their service providers. To quote one panelist, “Trust but verify. No one gets a free pass in this day and age.”
- Conducting due diligence on your service providers is essential to drive out unknown risks and protect your firm. A DR system becomes valueless if your IT provider is unable to fulfill their role of activating the system. Ask your provider how they would handle a multi-client activation scenario – do they have the staff to activate 30 clients simultaneously? What is the provider’s plan if their primary office becomes unavailable?
Are DR hot seats necessary anymore?
- The resounding answer from the panel was “no,” with the caveat that it is a personal choice that really comes down to a team’s dynamics and how they work together. If a portfolio manager is most comfortable having his team together should an incident occur than securing hot seats is the ‘right’ choice. However, today’s technology makes it unnecessary for hot seats to continue operations.
Electricity and Internet connectivity are the oxygen for any DR system. What happens if these items aren’t available?
- This is where planning comes into play. As part of the BCP and DR planning process firms must run through a thorough Risk Assessment and Business Impact Analysis to understand the most likely threats/risks and associated business impact.
- One panelist (a West Point grad) referenced the concept of P-A-C-E followed in the US military, which he uses to guide his hedge fund’s business continuity planning. P-A-C-E (Primary, Alternate, Contingency, and Emergency) is used by operational planners to ensure that they have a minimum of four different ways to accomplish a critical task.
Planning is great, but how do you ensure accountability?
- The importance of DR testing and preparation must be set at the top of the organization. At Eze Castle Integration we advise clients to test their DR systems quarterly to help ensure users are comfortable logging in and that the DR environment matches the primary location files and applications. Read our article HERE on what is included within a DR test.
For more information download our 18-page Guidebook on Business Continuity Planning and Disaster Recovery for Hedge Funds or contact us.
- New Considerations for Launching a Hedge Fund: Insights from the experts
- Corporate Essentials for Successful Hedge Fund Startups
- Recapping a Busy Week in Cyber Security Across the Globe
- What Do Hedge Fund Investors Ask About IT? A Technology DDQ cheat sheet
- Webinar Recap: What Investment Firms Need to Know about Social Media Compliance
- business continuity planning
- cloud computing
- data loss prevention
- disaster recovery
- eze castle milestones
- hedge fund due diligence
- hedge fund marketing
- hedge fund operations
- hedge fund regulation
- help desk
- high frequency trading
- launching a hedge fund
- privacy compliance
- project management
- real estate
- startup & relocation
- trends we're seeing
- videos and infographics