Don't Forget to Share this Post

Dodd-Frank IT Implications for Hedge Funds: Disaster Recovery, Archiving

By Mary Beth Hamilton | Thursday, March 3rd, 2011

At 800+ pages, the Dodd-Frank Wall Street Reform and Consumer Protection Act is far reaching and requires a serious time-commitment to comb through. Our hedge fund and private equity clients regularly ask us about the technology requirements outlined in the regulation and the implications on an investment firm's IT practices.  This article aims to answer those questions.

Below is an excerpt from the Dodd-Frank Act on the System Safeguards and Record keeping requirements for organizations including derivatives clearing, swap execution and board of trade.  What you’ll see is that best practice guidance is that registered hedge funds and private equity firms will need disaster recovery, data protection, security and archiving systems in place.

SYSTEM SAFEGUARDS: “Establish and maintain a program of risk analysis and oversight to identify and minimize sources of operational risk, through the development of appropriate controls and procedures, and automated systems, that—

  • (i) are reliable and secure; and

  • (ii) have adequate scalable capacity;

Establish and maintain emergency procedures, backup facilities, and a plan for disaster recovery that allow for—

  • (i) the timely recovery and resumption of operations; and

  • (ii) the fulfillment of the responsibilities and obligations of the facility.

Periodically conduct tests to verify that the backup resources of the facility are sufficient to ensure continued—

  • (i) order processing and trade matching;

  • (ii) price reporting;

  • (iii) market surveillance; and

  • (iv) maintenance of a comprehensive and accurate audit trail.

RECORD KEEPING: Each organization shall maintain records of all activities related to the business of the facility, including a complete audit trail —

  • (i) in a form and manner that is acceptable to the Commission; and

  • (ii) for a period of not less than 5 years.

Snapshot of Technologies to Fulfill Regulations



More Information

Data Retention & Archiving

  • Dodd-Frank requires archiving of documents for no less than 5 years

  • SEC advises registered firms to retain all internal and external electronic communications

  • Required by NASD Rule 3500 Series & NYSE Rule 4370

Eze Archiving

  • Archives messages in SEC-compliant format

  • Features easy searching and recovery for rapid response to discovery inquiries

  • Learn More

Eze Archiving Overview

 Disaster Recovery

  • Dodd-Frank requires a disaster recovery plan

  • President's Working Group Report advises firms to establish a disaster recovery and business continuity plan to mitigate risks and meet industry best practices

Eze Disaster Recovery

  • Fulfills regulatory and investors' requirements for data protection and continuous availability

  • Proven and cost-effective DR solution used by industry's largest hedge funds

  • Learn More

disaster recovery overview

Business Continuity Planning

  • Dodd-Frank requires establishment of emergency procedures

  • Recommended operational component by SEC and investors to mitigate continuity risks and protect business


  • Beyond IT operations, BCP focuses on critical operations and processes

  • Includes Risk Assessment, Business Impact Analysis, Plan/Strategy Development and Testing/Training

  • Learn More

eze business continuity planning overview

MA Privacy Compliance Law (201 CMR 17.00)

  • Requires any company that owns, licenses, stores or maintains personal information about MA residents to develop a WISP and deploy security safeguards

Eze WISP Services

  • Fulfills compliance

  • Includes creation of a Written Information Security Policy (WISP)

  • Implementation of necessary administrative and technology safeguards

  • Learn More


 contact eze castle

Don't Forget to Share this Post

Related Posts

How Can Eze Castle Integration help you?Contact us today!