Dodd-Frank IT Implications for Hedge Funds: Disaster Recovery, Archiving

At 800+ pages, the Dodd-Frank Wall Street Reform and Consumer Protection Act is far reaching and requires a serious time-commitment to comb through. Our hedge fund and private equity clients regularly ask us about the technology requirements outlined in the regulation and the implications on an investment firm's IT practices.  This article aims to answer those questions.

Below is an excerpt from the Dodd-Frank Act on the System Safeguards and Record keeping requirements for organizations including derivatives clearing, swap execution and board of trade.  What you’ll see is that best practice guidance is that registered hedge funds and private equity firms will need disaster recovery, data protection, security and archiving systems in place.

SYSTEM SAFEGUARDS: “Establish and maintain a program of risk analysis and oversight to identify and minimize sources of operational risk, through the development of appropriate controls and procedures, and automated systems, that—

• (i) are reliable and secure; and

• (ii) have adequate scalable capacity;

Establish and maintain emergency procedures, backup facilities, and a plan for disaster recovery that allow for—

• (i) the timely recovery and resumption of operations; and

• (ii) the fulfillment of the responsibilities and obligations of the facility.

Periodically conduct tests to verify that the backup resources of the facility are sufficient to ensure continued—

• (i) order processing and trade matching;

• (ii) price reporting;

• (iii) market surveillance; and

• (iv) maintenance of a comprehensive and accurate audit trail.

RECORD KEEPING: Each organization shall maintain records of all activities related to the business of the facility, including a complete audit trail —

• (i) in a form and manner that is acceptable to the Commission; and

• (ii) for a period of not less than 5 years.

Snapshot of Technologies to Fulfill Regulations
 

Requirement	Solution	More Information
Data Retention & Archiving Dodd-Frank requires archiving of documents for no less than 5 years SEC advises registered firms to retain all internal and external electronic communications Required by NASD Rule 3500 Series & NYSE Rule 4370	Eze Archiving Archives messages in SEC-compliant format Features easy searching and recovery for rapid response to discovery inquiries Learn More
Disaster Recovery Dodd-Frank requires a disaster recovery plan President's Working Group Report advises firms to establish a disaster recovery and business continuity plan to mitigate risks and meet industry best practices	Eze Disaster Recovery Fulfills regulatory and investors' requirements for data protection and continuous availability Proven and cost-effective DR solution used by industry's largest hedge funds Learn More
Business Continuity Planning Dodd-Frank requires establishment of emergency procedures Recommended operational component by SEC and investors to mitigate continuity risks and protect business	Eze BCP Beyond IT operations, BCP focuses on critical operations and processes Includes Risk Assessment, Business Impact Analysis, Plan/Strategy Development and Testing/Training Learn More
MA Privacy Compliance Law (201 CMR 17.00) Requires any company that owns, licenses, stores or maintains personal information about MA residents to develop a WISP and deploy security safeguards	Eze WISP Services Fulfills compliance Includes creation of a Written Information Security Policy (WISP) Implementation of necessary administrative and technology safeguards Learn More

 

Recent Posts / All Posts