Tag Archives: hedge fund IT compliance

Hedge Fund Regulation IT Solutions

Technology Solutions for Registered Hedge Fund Managers

http://www.hedgefundlawblog.com

It is the final quarter of this year’s political season and it has become clear that the earlier clamor for hedge fund registration has been overshadowed by larger political issues – namely health care legislation and the cap and trade bill.  Recent events, however, have shown that the registration issue is not dead and the venture capital industry has been able to potentially secure an exemption from the registration provisions. Even though we don’t know where regulation will take us in the next 6 to 18 months, it is likely that many hedge fund managers will need to institute compliance and IT programs as a result of forthcoming laws and regulations.

The article below, submitted by Meyer Ben-Reuven, CEO of Chelsea Technologies, details some issues which managers will need to be ready to handle once legislation and regulations go into effect.  State registered investment advisors should take note as they may already be required (under state law) to maintain such compliance programs.

****

How is President Obama’s New Hedge Fund Regulation Plan affecting you?
By Meyer Ben-Reuven, CEO Chelsea Technologies

The challenging question Hedge Fund Managers should ask themselves is what should they be doing to be compliant with President Obama’s Hedge Fund Regulation Plan?  There are many questions and many tasks to accomplish, but most important is to understand the main points of the plan, what needs to be done and what are the costs associated.  In this paper I present you with a summary of the President’s plan and what a Chief Compliance Officer needs to face in conjunction with the IT department to be compliant with regulations.  Costs are important, but I will keep them away from this paper.

Obama’s New Hedge Fund Regulation Plan

In June 2009, President Obama presented a proposal for new regulations that affect Hedge Funds and fund managers.  The most important part of this new regulation will be to require Hedge Fund, Private Equity, and VC Fund Managers to register with the SEC as investment advisors.

Although it is a proposal, all fund managers will have to start thinking about the re-registration and the process to keep the fund compliant.

The plan’s 5 main goals are:

  1. Promote robust supervision and regulation of financial firms.
  2. Establish comprehensive supervision and regulation of financial markets.
  3. Propose comprehensive regulation of all OTC derivatives.
  4. Protect customers and investors from financial abuse.
  5. Raise international regulatory standards and improve international cooperation.

The idea is to require advisers to report financial information on their fund and its management and thus have the ability to assess whether the fund poses a threat to the stability of the financial system and at the same time strengthen investor protection.

The specific goals regarding hedge funds are as follows:

  • Data collection
  • SEC should conduct regular, periodic examinations of hedge funds
  • Reporting AUM and other fund metrics to the SEC
  • SEC would have ability to assess whether the fund or fund family is so large, highly leveraged, or interconnected that it poses a threat to financial stability

How will IT Departments have to help keep the funds within regulation rules?

As of February 2006, Hedge Fund Advisors were obliged to comply with SEC Rule 203(b)(3)-2 requiring registration under the Investment Advisor Act.   Under these rules, the Hedge Funds were advised to retain all internal and external email and IM business communications.  In June 2006, the Goldstein ruling against the SEC pushed several funds to de-register.  With the failure of the financial system since the end of 2007, the new administration has been poised to regulate the industry more than ever.

What needs to be done?

  1. Take a look at all the ways communications are conducted in the fund
  2. What are the devices used to communicate
  3. Always be on the lookout for new technologies

Afterwards, insure you have control over the different communication methods.  As stated, all electronic communication in and out of the fund has to be retained for future review.  This means that if it cannot be controlled and retained, it must be prohibited.

All internal rules have to be specified in IT policies and procedures, otherwise no one can be held accountable.

The following is how data needs to be archived for SEC purpose audits:

  1. Incoming/Outgoing Data must be kept in its original form
  2. Data has to be easily retrievable and searchable
  3. Data has to have a date and time stamp
  4. Data has to be retained in the main office for first 2 years
  5. Data has to be retained for 5 years
  6. Data has to be put into tamper proof media (meaning non-rewritable and non-erasable)
  7. Data has to be stored in a secondary backup location (preferably away from the same grid)
  8. Be able to produce data promptly (within hours)
  9. Be able to provide data in its original format in either view or print form
  10. Implement annual review of the system

It is highly recommended that data be tested for integrity including testing retrieval and searching, as well as accuracy.  The test should be conducted on a yearly basis, but better if on a more frequent basis.
Although the IT department is in charge of conducting the process, it is ultimately the Chief Compliance Officer who is responsible for this area.  The Chief Compliance Officer needs to dictate the test frequency as well as to advise everyone in the firm about the policies and make sure everyone understands the consequences of failure to comply.

All these internal policies have to be in writing and any violations have to be documented and fixed.  The regular testing and reviews have to be documented and be ready for presentation in case of an audit.

NOTE: TAPE BACKUP IS NOT A SUBSTITUTE FOR MESSAGE ARCHIVING

What are the different communication venues that exist and can be controlled and thus archived?

  1. Email and IM from Exchange
  2. Email and IM from Bloomberg and Reuters
  3. Blackberry archiving of Pin-to-Pin , SMS, Call Detail logs
  4. E-Faxes
  5. Blogs
  6. Chat Rooms
  7. Message Boards
  8. Twitter
  9. Facebook
  10. LinkedIn

Since all of the above require certain technologies and software for archiving and retaining, you have to make an effort to comply with the regulations or otherwise prohibit the usage of such technologies in the work place.

How do you implement compliance?

There are two schools of thought to achieve compliance:

  1. Build an in-house system
  2. Use a third party system

The in-house system is more complex and often requires a larger upfront investment to build and maintain.  Keep in mind you will have to have the following:

  1. Servers, storage, and software
  2. Backup Servers, storage, and software in a location out of the main location grid
  3. Replication system
  4. Maintain both the main and backup location

The responsibility and costs can escalate, but depending on the size of the firm, it might be the most cost efficient.

The third party systems, which have built an infrastructure that is scalable, keep on growing as more clients join their list.  The time to implement is a fraction of building an in-house system.  Depending on the third party provider, there are several ways of getting the data:

  1. Have the data arrive to the email server and from there delivered to the third party provider
  2. Have the data arrive to the third party provider and then to the email server

Both methods of delivery have issues of their own.  The first method requires you to be diligent about monitoring the email flow and ensure data is routed to the archiving provider – the responsibility is shifted completely to you.  The second method, where the provider requires the email to be routed through their system before it arrives to your server, usually poses a different challenge where emails might get delayed at the provider.

If you decide on any of the above systems, you should try to utilize an external anti-spam solution to keep your storage usage to a minimum as well as to make sure that non-account emails do not reach your email server.  These measures will keep all spam from being part of your retention data.

References and information used from the following sources: Global Relay, Zantaz, LiveOffice, NextPage, Hedge Fund Law Blog

****

Bart Mallon, Esq. of Cole-Frieman & Mallon LLP runs Hedge Fund Law Blog.  Mr. Mallon’s legal practice is devoted to helping emerging and start up hedge fund managers successfully launch a hedge fund.  If you are a hedge fund manager who is looking to start a hedge fund or if you are a current hedge fund manager with questions about ERISA, please contact us or call Mr. Mallon directly at 415-868-5345.  Other related hedge fund law articles include: