Dodd-Frank IT Implications for Hedge Funds: Disaster Recovery, Archiving

By Mary Beth Hamilton | Thursday, March 3rd, 2011

At 800+ pages, the Dodd-Frank Wall Street Reform and Consumer Protection Act is far reaching and requires a serious time-commitment to comb through. Our hedge fund and private equity clients regularly ask us about the technology requirements outlined in the regulation and the implications on an investment firm's IT practices. This article aims to answer those questions.

Below is an excerpt from the Dodd-Frank Act on the System Safeguards and Record keeping requirements for organizations including derivatives clearing, swap execution and board of trade. What you’ll see is that best practice guidance is that registered hedge funds and private equity firms will need disaster recovery, data protection, security and archiving systems in place.

SYSTEM SAFEGUARDS: “Establish and maintain a program of risk analysis and oversight to identify and minimize sources of operational risk, through the development of appropriate controls and procedures, and automated systems, that—

(i) are reliable and secure; and
(ii) have adequate scalable capacity;

Establish and maintain emergency procedures, backup facilities, and a plan for disaster recovery that allow for—

(i) the timely recovery and resumption of operations; and
(ii) the fulfillment of the responsibilities and obligations of the facility.

Periodically conduct tests to verify that the backup resources of the facility are sufficient to ensure continued—

(i) order processing and trade matching;
(ii) price reporting;
(iii) market surveillance; and
(iv) maintenance of a comprehensive and accurate audit trail.

RECORD KEEPING: Each organization shall maintain records of all activities related to the business of the facility, including a complete audit trail —

(i) in a form and manner that is acceptable to the Commission; and
(ii) for a period of not less than 5 years.

Snapshot of Technologies to Fulfill Regulations

Requirement

Solution

More Information

Data Retention & Archiving

Dodd-Frank requires archiving of documents for no less than 5 years
SEC advises registered firms to retain all internal and external electronic communications
Required by NASD Rule 3500 Series & NYSE Rule 4370

Eze Archiving

Archives messages in SEC-compliant format
Features easy searching and recovery for rapid response to discovery inquiries
Learn More

Disaster Recovery

Dodd-Frank requires a disaster recovery plan
President's Working Group Report advises firms to establish a disaster recovery and business continuity plan to mitigate risks and meet industry best practices

Eze Disaster Recovery

Fulfills regulatory and investors' requirements for data protection and continuous availability
Proven and cost-effective DR solution used by industry's largest hedge funds
Learn More

Business Continuity Planning

Dodd-Frank requires establishment of emergency procedures
Recommended operational component by SEC and investors to mitigate continuity risks and protect business

Eze BCP

Beyond IT operations, BCP focuses on critical operations and processes
Includes Risk Assessment, Business Impact Analysis, Plan/Strategy Development and Testing/Training
Learn More

MA Privacy Compliance Law (201 CMR 17.00)

Requires any company that owns, licenses, stores or maintains personal information about MA residents to develop a WISP and deploy security safeguards

Eze WISP Services