Dodd-Frank IT Implications for Hedge Funds: Disaster Recovery, Archiving
At 800+ pages, the Dodd-Frank Wall Street Reform and Consumer Protection Act is far reaching and requires a serious time-commitment to comb through. Our hedge fund and private equity clients regularly ask us about the technology requirements outlined in the regulation and the implications on an investment firm's IT practices. This article aims to answer those questions.
Below is an excerpt from the Dodd-Frank Act on the System Safeguards and Record keeping requirements for organizations including derivatives clearing, swap execution and board of trade. What you’ll see is that best practice guidance is that registered hedge funds and private equity firms will need disaster recovery, data protection, security and archiving systems in place.
SYSTEM SAFEGUARDS: “Establish and maintain a program of risk analysis and oversight to identify and minimize sources of operational risk, through the development of appropriate controls and procedures, and automated systems, that—
-
(i) are reliable and secure; and
-
(ii) have adequate scalable capacity;
Establish and maintain emergency procedures, backup facilities, and a plan for disaster recovery that allow for—
-
(i) the timely recovery and resumption of operations; and
-
(ii) the fulfillment of the responsibilities and obligations of the facility.
Periodically conduct tests to verify that the backup resources of the facility are sufficient to ensure continued—
-
(i) order processing and trade matching;
-
(ii) price reporting;
-
(iii) market surveillance; and
-
(iv) maintenance of a comprehensive and accurate audit trail.
RECORD KEEPING: Each organization shall maintain records of all activities related to the business of the facility, including a complete audit trail —
-
(i) in a form and manner that is acceptable to the Commission; and
-
(ii) for a period of not less than 5 years.
Snapshot of Technologies to Fulfill Regulations
Requirement |
Solution |
More Information |
Data Retention & Archiving
|
Eze Archiving
|
|
Disaster Recovery
|
Eze Disaster Recovery
|
|
Business Continuity Planning
|
Eze BCP
|
|
MA Privacy Compliance Law (201 CMR 17.00)
|
Eze WISP Services
|
|