The Hedge Fund Law Report

The definitive source of actionable intelligence on hedge fund law and regulation

Articles By Topic

By Topic: Business Continuity and Disaster Recovery

  • From Vol. 11 No.27 (Jul. 5, 2018)

    Key Elements of a Hedge Fund Adviser Business Continuity Plan

    Although performance remains a critical due diligence point for institutional investors, other aspects of the hedge fund advisory business now play a more prominent role in the investment decision-making process of institutional investors; after all, performance can be subverted by inadequate risk management, compliance and controls. In particular, institutional investors (and regulators) are increasingly focused on adviser business continuity plans (BCPs), which identify the range of events and risks that can interrupt business operations and investment activities, and detail the steps that a manager will take if those events or risks come to fruition. Events that may trigger the procedures in a BCP can be natural (e.g., hurricanes, earthquakes and pandemics), man-made (e.g., terrorism, theft and other crimes) or technological (e.g., power outages, disruption of exchanges and computer viruses). The procedures used to address those risks must be tailored to the manager’s strategy, technology, network of service providers and geographic location. Moreover, the BCP has to be a living document – something that is tested, communicated to employees and other constituents and updated as relevant. This article offers a comprehensive analysis of BCPs in the hedge fund context, including defining a BCP; enumerating key elements of a hedge fund manager BCP; and discussing, among other things, the impact of a hedge fund’s strategy on its manager’s BCP, regulatory requirements, institutional investor expectations, disclosure considerations and the frequency with which a BCP should be reviewed and updated. See also “Can Emerging Hedge Fund Managers Use Technology to Satisfy Business Continuity Requirements and Mitigate Third-Party Risk?” (Sep. 3, 2015); and “What Are the Key Elements of a Comprehensive Hedge Fund Adviser Disaster Recovery Plan, and Why Are Such Plans a Business Imperative?” (Feb. 25, 2010).

    Read Full Article …
  • From Vol. 11 No.23 (Jun. 7, 2018)

    Why Fund Managers Must Review Their Positions on Succession Planning and CCO Outsourcing (Part One of Three)

    The SEC proposed – and recently withdrew – a rule that would have required registered investment advisers to adopt and implement detailed business continuity and transition plans. Despite the rule’s withdrawal, however, the SEC has signaled that it will continue to scrutinize the robustness of advisers’ plans. To the extent that advisers’ business continuity and transition plans cover the departure of key personnel, they generally do so only with respect to founders; yet, from a business and regulatory perspective, they should also cover others, including chief compliance officers (CCOs). The proposed rule would have also required advisers to evaluate third-party service providers’ business continuity and transition plans, including those of outsourced CCOs. This article, the first in a three-part series, discusses the SEC’s proposed rule on business continuity and transition plans; the impact, if any, of the rule’s withdrawal; the importance of CCO succession planning; and the risks of using an outsourced CCO. The second article will examine CCO hiring and onboarding; whether managers should separate their compliance departments from their legal departments; and the risks of high CCO turnover. The third article will evaluate the risks of poor succession planning and provide a roadmap for developing a robust succession plan. See “Pro-Business Environment of New Administration Continues to Have Challenges and Pitfalls for Private Funds” (Sep. 14, 2017).

    Read Full Article …
  • From Vol. 11 No.22 (May 31, 2018)

    Preparing for Brexit a Key FCA Priority for 2018/2019

    The U.K. Financial Conduct Authority (FCA) recently published its 2018/19 Business Plan (Plan), its 2018 Sector Views and a consultation paper on 2018/19 fees and levies. A recurring theme of the Plan is the potential impact of the U.K.’s impending withdrawal from the E.U. In a press release, Andrew Bailey, the FCA’s Chief Executive, emphasized that the priorities discussed in the Plan “reflect the high level of resource we need to dedicate to EU Withdrawal, given its impact both on our regulation and on the firms we regulate.” The Plan focuses on the seven “cross-sector priorities” affecting some or all of the business sectors within its purview. It also delineates the FCA’s priorities in each of seven distinct sectors, including investment management. This article summarizes the FCA’s cross-sector priorities, as well as the other portions of the FCA materials most relevant to private fund managers. For coverage of prior FCA business plans, sector views and mission statements, see “FCA Details Three of Its 2017 Priorities: Competition in the Asset Management Market, Liquidity Management and Custodians” (May 4, 2017); and “FCA 2016-2017 Regulatory and Supervisory Priorities Include Focus on AML, Cybersecurity and Governance” (Apr. 14, 2016).

    Read Full Article …
  • From Vol. 11 No.16 (Apr. 19, 2018)

    How Fund Managers Can Identify and Prepare for Ransomware Threats (Part One of Two)

    With easy-to-use ransomware toolkits hitting the cyber crime market and sophisticated hackers using novel attack strategies, fund managers need to firmly grasp the risks of ransomware and the measures they can take to proactively mitigate those risks. They must also create an effective, comprehensive response to potential attacks. In this two-part series, legal and technical experts share their insights on how fund managers can prepare for ransomware threats by employing effective cyber hygiene and planning. This first article covers the current methods of attack and their risks, as well as prevention techniques and how fund managers can prepare for an inevitable attack. The second article will address effective response measures, including if experts should be used to conduct a forensic analysis, whether to pay a ransom and how cryptocurrency is changing the landscape. See “Steps Hedge Fund Managers Should Take to Defend Against the Rising Threat of Ransomware in the Wake of WannaCry” (Jun. 15, 2017).

    Read Full Article …
  • From Vol. 11 No.12 (Mar. 22, 2018)

    How Fund Managers Should Structure Their Cybersecurity Programs: Background and Best Practices (Part One of Three)

    Nation-states, organizations, groups and individuals continue to employ increasingly sophisticated methods to target information systems and computer networks. Governments and regulators – including the SEC and the U.K. Financial Conduct Authority – are also intensifying their scrutiny of organizations’ cybersecurity programs. See our two-part series “Navigating FCA and SEC Cybersecurity Expectations”: Part One (Jan. 7, 2016); and Part Two (Jan. 14, 2016). As a result, it is becoming more expensive to combat and contain cyber-related attacks. Given that cybersecurity is an enterprise-wide risk, fund managers must, at a minimum, ensure that they comply with industry best practices, including adopting one or more cybersecurity frameworks and creating a culture of cybersecurity compliance. This article, the first in a three-part series, discusses the risks and costs associated with cybersecurity attacks; the global focus on cybersecurity; relevant findings observed by the Office of Compliance Inspections and Examinations during the examination of SEC registrants; and cybersecurity best practices. The second article will analyze the need for fund managers to hire a dedicated chief information security officer, review information security governance structures and explore the role of the chief compliance officer as a strategic partner. The third article will evaluate methods for facilitating communication between cybersecurity stakeholders; outsourcing and co-sourcing of cybersecurity functions; and best practices for employing and overseeing third-party cybersecurity vendors. See our two-part series on how fund managers can meet the cybersecurity challenge: “A Snapshot of the Regulatory Landscape” (Dec. 3, 2015); and “A Plan for Building a Cyber-Compliance Program” (Dec. 10, 2015).

    Read Full Article …
  • From Vol. 11 No.11 (Mar. 15, 2018)

    SEC’s Reg Flex Agenda Promotes Transparency While Adding Potential Compliance Burdens

    The SEC recently published its latest semi-annual Regulatory Flexibility Agenda (Agenda) setting forth rulemaking actions that Chair Jay Clayton and his staff intend to pursue over the next several months. Investment advisers and hedge funds will be directly affected by several of the Agenda items, such as the reporting of proxy votes on executive compensation. Likewise, the Agenda’s provisions relating to business continuity and transition plans will affect investment advisers, although those proposed rules may be difficult to apply, given the variance in hedge fund manager sizes, profiles and leadership structures. Despite implementation and other challenges, the Commission’s push to publicize its rulemaking priorities helps fund managers prepare for possible major regulatory developments and marks a step toward greater transparency and accountability. To that extent, the publication of the Agenda aligns with the Trump administration’s stated pro-business stance. To cast light on the above issues, this article analyzes the Agenda’s provisions that are most relevant to private fund managers and provides insights from legal professionals with experience in SEC enforcement matters. For coverage of recent SEC enforcement trends, see “SEC Enforcement Action Highlights Highly Specific Regulatory Focus on Conflicts of Interest” (Jan. 25, 2018); and “SEC Signals Aggressive Stance on Individual Responsibility, Including Potential CCO Liability, in FY 2017 Annual Report” (Dec. 14, 2017).

    Read Full Article …
  • From Vol. 11 No.1 (Jan. 4, 2018)

    HFA Briefing Covers U.S. and Global Regulatory Climate Relating to Liquidity, Enforcement, Examinations and Cybersecurity

    A recent 2017 global regulatory briefing sponsored by Bloomberg and the Hedge Fund Association (HFA) offered insight into the global regulatory climate, including liquidity management, cross-border enforcement, NFA exams abroad and cybersecurity. Greg Babyak, Bloomberg’s head of government and regulatory affairs, delivered opening remarks focused on the Trump administration and the current U.S. regulatory climate. Lisa Roitman, Bloomberg business development and marketing strategist, moderated the subsequent panel discussion, which featured Louis P. Berardocco, Senior Manager of Examinations Compliance at the NFA; Ryan Hill, Supervisory Special Agent at the Department of Homeland Security; Edward Y. Kim, partner at Krieger Kim & Lewin; Jude Scott, Chief Executive Officer of Cayman Finance; and Robert Taylor, Head of Global Asset Management Regulatory Strategy at the U.K. Financial Conduct Authority. This article summarizes the key takeaways from the program. For coverage of another HFA global regulatory briefing, see “Best Ways for Hedge Fund Managers to Approach Regulation” (May 12, 2016); and “Views on Cybersecurity, AML, AIFMD, Advertising and Liquidity Issues Affecting Hedge Fund Managers” (May 19, 2016).

    Read Full Article …
  • From Vol. 10 No.40 (Oct. 12, 2017)

    Steps an Exempt Reporting Adviser Must Take to Transition to SEC Registered Investment Adviser Status: Adopting Compliance Policies and Procedures (Part Two of Three)

    Designing compliance policies and procedures that are appropriately tailored to a private fund adviser’s risks is a critical component of a compliance program for an SEC registered investment adviser (RIA). Exempt reporting advisers (ERAs) transitioning to RIA status that have not already devoted the time and resources to developing these policies and procedures will likely find this to be the most time-consuming aspect of the registration process. To assist ERAs with the creation and implementation of appropriate compliance policies and procedures, this second article in our three-part series outlines key policies and procedures that ERAs should consider when drafting their compliance manuals. The first article discussed the circumstances under which an ERA would be required to switch to SEC registration, along with considerations for ERAs building out their compliance programs. The third article will review the regulatory filings required to be filed by RIAs, amendments that ERAs may need to make to their fund offering documents in anticipation of their change in registration status, as well as guidance as to what newly registered advisers should expect from the SEC examination process. See “Hedge Fund Manager Deerfield Fined $4.7 Million for Failing to Adopt Insider Trading Compliance Policies Tailored to the Firm’s Specific Risks” (Sep. 21, 2017).

    Read Full Article …
  • From Vol. 10 No.36 (Sep. 14, 2017)

    Pro-Business Environment of New Administration Continues to Have Challenges and Pitfalls for Private Funds

    While the election of Donald J. Trump as U.S. president in November 2016 has proved one of the most divisive events in modern political history, many observers shared a consensus that the new administration could adopt a pro-business, anti-regulation stance, to the benefit of the financial industry and investment funds. With the recent appointments of Jay Clayton as SEC Chair and Dalia Blass as Director of the Division of Investment Management, the contours of the new regulatory regime are finally becoming discernable. Chair Clayton provided further clarity by publicly outlining his guiding principles in a recent address. See “SEC Chair Clayton Details Eight Guiding Principles for Enforcement and Agency Strategies for Their Implementation” (Aug. 10, 2017). To help readers understand the current regulatory environment, and the implications of recent and ongoing changes to private fund regulation, The Hedge Fund Law Report has interviewed Seward & Kissel partners Patricia Poglinco and Robert Van Grover about an array of issues, including the SEC’s rulemaking agenda in 2017 and beyond; the fate of the Financial CHOICE Act of 2017; the Commission’s willingness to revisit and reexamine its policies and rules; the reliance on whistleblowers for enforcement purposes; the methodology that regulators will use to root out irregular trading patterns and activities; and the state of cybersecurity defenses and enforcement. These are among the issues that Poglinco, Van Grover and their colleagues will explore in greater depth at the upcoming “Private Funds Forum” co-hosted by Seward & Kissel and Bloomberg BNA to be held on September 27, 2017. For a prior interview with Poglinco and Van Grover, see “How Studying SEC Enforcement Trends Can Help Hedge Fund Managers Prepare for SEC Examinations and Investigations” (Sep. 8, 2016).

    Read Full Article …
  • From Vol. 10 No.29 (Jul. 20, 2017)

    Surveys Show Cyber Risk Remains High for Investment Advisers and Other Financial Services Firms Despite Preventative Measures

    The potential price tag of a cyber breach is immense and continuing to rise in the U.S. See “Investment Adviser Penalized for Weak Cyber Policies; OCIE Issues Investor Alert” (Oct. 1, 2015). This article summarizes three recent surveys conducted by the Ponemon Institute; TD Bank; and ACA Aponix, in conjunction with the National Society of Compliance Professionals, each of which provides insight into the current state of vulnerabilities of investment advisers and other financial firms. See also “How Hedge Fund Managers Can Meet the Cybersecurity Challenge: A Plan for Building a Cyber-Compliance Program (Part Two of Two)” (Dec. 10, 2015); and “RCA Panel Outlines Keys for Hedge Fund Managers to Implement a Comprehensive Cybersecurity Program” (Jun. 18, 2015).

    Read Full Article …
  • From Vol. 10 No.27 (Jul. 6, 2017)

    What Are the Key Elements of a Comprehensive Hedge Fund Adviser Disaster Recovery Plan, and Why Are Such Plans a Business Imperative?

    A key element of any hedge fund manager’s business continuity plan (BCP) is the disaster recovery plan (DRP), which contains procedures for getting back to business as quickly as possible following a business interruption via natural (e.g., hurricanes and pandemics), man-made (e.g., terrorism and theft) or technological (e.g., power outages and computer viruses) events. Institutional investors are focusing with renewed vigor on DRPs (as they are on BCPs) in the course of their due diligence, particularly as a recent spate of cyberattacks have affected various sectors around the globe. See “Steps Hedge Fund Managers Should Take to Defend Against the Rising Threat of Ransomware in the Wake of WannaCry” (Jun. 15, 2017). The SEC also issued a 2013 risk alert directed at deficiencies in fund manager BCPs and DRPs, as well as best practices that should be adopted. See “SEC Risk Alert Describes Deficiencies Found During Reviews of Investment Advisers’ Business Continuity and Disaster Recovery Plans and Recommends Best Practices for Such Plans” (Sep. 26, 2013). The Commission followed that alert up in 2016 by issuing a rule proposal that would require investment advisers to adopt and implement written BCPs and transition plans. To assist fund managers in preparing for this scrutiny, this article outlines key elements of a DRP; analyzes the impact a fund’s strategy has on a manager’s DRP; describes the role DRPs play in institutional investor due diligence; identifies specific technology issues (e.g., cloud-computing and smart phones); and outlines measures managers can undertake to test and maintain their DRPs. For more on BCPs and DRPs, see “Can Emerging Hedge Fund Managers Use Technology to Satisfy Business Continuity Requirements and Mitigate Third-Party Risk?” (Sep. 3, 2015).

    Read Full Article …
  • From Vol. 10 No.23 (Jun. 8, 2017)

    ACA 2017 Fund Manager Compliance Survey Details Variety in Expense Allocation Practices and Business Continuity Measures (Part Two of Two)

    ACA Compliance Group (ACA) recently completed its 2017 Alternative Fund Manager Compliance Survey containing responses from 262 illiquid and hedge fund managers on a broad swath of topics. The survey findings were discussed in a webinar by Danielle Joseph and Tessa Carbone, director and principal consultant, respectively, at ACA. This second article in a two-part series details the similarities and differences in expense allocation practices, business continuity efforts and succession planning at managers of hedge and illiquid funds. The first article addressed trends in the nature and coverage of SEC examination efforts, along with how fund managers use restricted lists and expert networks (among other means) to protect material nonpublic information. For our two-part coverage of ACA’s 2015 compliance survey, see “SEC Exams, MNPI and Restricted Lists” (Oct. 1, 2015); and “Expert Networks, Fund Expenses and Electronic Communications” (Oct. 8, 2015).

    Read Full Article …
  • From Vol. 9 No.40 (Oct. 13, 2016)

    How Developments With California’s Pension Plan Disclosure Law, the SEC’s Rules and FINRA’s CAB License May Impact Hedge Fund Managers and Third-Party Marketers

    Hedge fund managers and many service providers have faced a wave of new regulatory requirements since the 2008 global financial crisis. This is particularly true for third-party marketers engaged by hedge fund managers to solicit clients and fund investors, which may be subject to a barrage of regulations at the federal, state and local level depending on the nature of their business. To explore some of the latest regulatory challenges faced by funds and their marketers, The Hedge Fund Law Report recently interviewed Susan E. Bryant, counsel at Verrill Dana LLP, and Richard M. Morris, partner at Herrick, Feinstein LLP. This article sets forth the participants’ thoughts on a host of issues, including new disclosure requirements for state pension plan investors; recent enforcement trends; and new rules adopted by the SEC, FINRA, Municipal Securities Rulemaking Board (MSRB) and state regulators. On Thursday, October 20, 2016, from 10:30 a.m. to 11:30 a.m. EDT, Morris and Bryant will expand on the topics in this article – as well as other issues that affect hedge fund managers and third-party marketers – during a panel moderated by Kara Bingham, Associate Editor of the HFLR, at the Third Party Marketers Association (3PM) 2016 Annual Conference. For more information on the conference, click here. To take advantage of the HFLR’s $300 discount when registering for the conference, click the link available in the article. For prior coverage of a conference sponsored by 3PM, see “Third Party Marketers Association 2011 Annual Conference Focuses on Hedge Fund Capital Raising Strategies, Manager Due Diligence, Structuring Hedge Fund Marketer Compensation and Marketing Regulation” (Dec. 1, 2011).

    Read Full Article …
  • From Vol. 8 No.34 (Sep. 3, 2015)

    Can Emerging Hedge Fund Managers Use Technology to Satisfy Business Continuity Requirements and Mitigate Third-Party Risk?

    Hedge fund firms are investing in sophisticated and robust infrastructures and information technology (IT) services to stay ahead of competition and drive growth in a changing marketplace.  However, challenges await, particularly for startup firms with budget restrictions, tight timelines and short resumes.  New launches in 2015 and beyond will have to raise their standards to ensure IT systems and technology support structures are in place to give firms an edge where perhaps other operational areas cannot.  In this guest article, Vinod Paul of Eze Castle Integration examines considerations for emerging hedge fund managers in establishing technology infrastructure – including components to ensure resiliency of the manager’s business – and discusses ways an emerging manager can avoid common startup pitfalls.  In a previously published companion article, Marni Pankin of Marcum provided a checklist for emerging managers to follow when launching a hedge fund in order to meet various operational, accounting, compliance and regulatory requirements.  For more on technology considerations for hedge fund managers, see “Aite Group Report Identifies the Building Blocks of Institutional Credibility for Hedge Fund Managers: Operational Efficiency, Robust Risk Management, Integrated Technology and More,” The Hedge Fund Law Report, Vol. 6, No. 36 (Sep. 19, 2013).

    Read Full Article …
  • From Vol. 8 No.6 (Feb. 12, 2015)

    Why Should Hedge Fund Investors Perform On-Site Due Diligence in Addition to Remote Gathering of Information on Managers and Funds? (Part Three of Three)

    On-site visits have become de rigueur in operational due diligence, with many investors putting a high premium on face-to-face meetings with fund managers.  But the difference between a superficial and an effective on-site visit can be profound.  Merely showing up is not sufficient.  In fact, going on site without the right strategy can create the illusion of a “deep dive” without the substance.  Effective on-site due diligence is not just a matter of staying longer, asking more questions and reviewing more documents.  It is a discipline unto itself, with techniques that are proven to work.  Usually, those techniques can only be learned through trial and error.  This article, the third in a three-part series, aims to minimize the “error” part of that learning process by revealing best practices learned by long-time ODD practitioners.  Specifically, this article details: workable and effective on-site diligence procedures, including evaluating cybersecurity programs; red flags to identify; and an investor’s options following the on-site visit.  The first article focused on the rationale for the on-site visit and the mechanics of preparation.  The second article discussed how investors should conduct due diligence visits, and how managers can prepare for them effectively.  See also “Operational Due Diligence from the Hedge Fund Investor Perspective: Deal Breakers, Liquidity, Valuation, Consultants and On-Site Visits,” The Hedge Fund Law Report, Vol. 7, No. 16 (Apr. 25, 2014).

    Read Full Article …
  • From Vol. 6 No.37 (Sep. 26, 2013)

    SEC Risk Alert Describes Deficiencies Found During Reviews of Investment Advisers’ Business Continuity and Disaster Recovery Plans and Recommends Best Practices for Such Plans

    Almost one year ago, Hurricane Sandy caused widespread disruption and damage to businesses, including the two-day closure of equities and options markets.  For weeks, Lower Manhattan – where the New York Stock Exchange and numerous financial firms are based – was without power and had limited public transportation.  Largely in response to those disruptions, the SEC’s Office of Compliance Inspections and Examinations (OCIE) recently reviewed the disaster recovery/business continuity plans (together, BCPs) of 40 registered investment advisers.  Its recent Risk Alert (Alert) provides valuable insight into what the SEC considers best practices for BCPs.  The Alert is a targeted follow-up to the August 2013 Joint Report issued by OCIE, the Commodity Futures Trading Commission’s Division of Swap Dealers and Intermediary Oversight and the Financial Industry Regulatory Authority with regard to the business continuity and disaster recovery planning of financial firms.  This article summarizes OCIE’s findings and recommended best practices, and includes relevant insights from the Joint Report.  For a comprehensive look at BCPs and disaster preparedness, see “What Are the Key Elements of a Comprehensive Hedge Fund Adviser Disaster Recovery Plan, and Why Are Such Plans a Business Imperative?,” The Hedge Fund Law Report, Vol. 3, No. 8 (Feb. 25, 2010); and “Key Elements of a Hedge Fund Adviser Business Continuity Plan,” The Hedge Fund Law Report, Vol. 3, No. 7 (Feb. 17, 2010).

    Read Full Article …
  • From Vol. 6 No.17 (Apr. 25, 2013)

    Roundtable Addresses Trends in Hedge Fund Operational Due Diligence, Fund Expenses, Administrator Shadowing, Business Continuity Planning and Cloud Computing

    At a recent roundtable, hedge fund investor due diligence experts offered their perspectives on evolving hedge fund manager operations and investor due diligence practices.  The panelists addressed various specific topics, including: the impact of regulations on investor due diligence processes; investor responses to increased insider trading risks; scrutiny of fund expenses; administrator shadowing; business continuity planning for hedge fund managers; and the benefits and risks of cloud computing services.  These investor perspectives can provide useful information for hedge fund managers looking to refine their capital raising efforts.  This article highlights the salient points discussed on each of the foregoing topics.

    Read Full Article …
  • From Vol. 6 No.9 (Feb. 28, 2013)

    SEC’s National Examination Program Publishes Official List of Priorities for 2013 Examinations of Hedge Fund Managers and Other Regulated Entities

    On February 21, 2013, the SEC’s National Examination Program (NEP) published its list of priorities for examinations of investment advisers (including hedge fund managers) and other regulated entities for 2013.  The NEP list not only addresses presence examinations of newly registered investment advisers, but also discusses focus areas for examinations of previously-registered advisers.  Also, unlike prior speeches addressing adviser examination priorities for 2013, this announcement reflects an official SEC statement on the matter.  This article offers a deep dive into the SEC’s thinking on each of the specified examination priorities.

    Read Full Article …
  • From Vol. 4 No.35 (Oct. 6, 2011)

    FINforums’ Annual Hedge Fund Summit Focuses on Operations, Marketing and Hedge Fund Strategies in Non-Hedge Fund Structures

    On September 14, 2011, FINforums held its Annual Hedge Fund Summit.  Participants at the summit discussed hedge fund service providers; outsourcing; business continuity and disaster recovery plans; five important points with respect to hedge fund marketing; five specific steps to be taken by hedge fund managers seeking seed capital; and the evolution of hedge fund strategies in non-hedge fund structures, including managed accounts, investable hedge fund indices, hedge fund-like mutual funds and UCITS.  This article summarizes the key points made by presenters at the Summit.

    Read Full Article …
  • From Vol. 3 No.8 (Feb. 25, 2010)

    What Are the Key Elements of a Comprehensive Hedge Fund Adviser Disaster Recovery Plan, and Why Are Such Plans a Business Imperative?

    Last week’s issue of The Hedge Fund Law Report included a comprehensive analysis of business continuity plans (BCPs) in the hedge fund context.  See “Key Elements of a Hedge Fund Adviser Business Continuity Plan,” The Hedge Fund Law Report, Vol. 3, No. 7 (Feb. 17, 2010).  That analysis enumerated the key elements of such plans, identified the rationale for each element and highlighted various practical considerations (including the increased focus of institutional investors on BCPs during due diligence and the related focus of the SEC on such plans during inspections and examinations).  As the article noted, one of the key elements of any hedge fund adviser BCP is the disaster recovery plan (DRP).  Generally, DRPs are – conceptually and literally – subsets of BCPs, which in turn generally are subsets of a hedge fund adviser’s compliance manual.  BCPs, as the name implies, focus on procedures to enable a hedge fund manager to continue its business operations and investments without interruption in the event of a range of identified risks and events.  Such events may be natural (e.g., hurricanes, earthquakes, pandemics), man-made (e.g., terrorism, theft, other crimes) or technological (e.g., power outages, disruption of exchanges, computer viruses).  DRPs, by contrast, focus on procedures to enable a hedge fund manager to get back to business as quickly as possible following a business interruption occasioned by one of the listed categories of risks and events.  BCPs are about avoiding disasters; DRPs are about recovering from them.  Yet despite the conceptual difference, in practice, they are two sides of the same coin, are often mentioned in the same breath, would both be triggered in many similar circumstances and would call for many of the same actions.  Institutional investors are focusing with renewed vigor on DRPs (as they are on BCPs) in the course of their initial and ongoing due diligence.  (By “ongoing due diligence,” we mean that a savvy current investor may ask to see a robust DRP as a condition of remaining invested.)  There are at least five reasons for this.  First, recently uncovered frauds have demonstrated that man-made “disasters” pose serious investment risks.  See “Federal Judge Approves Settlement Agreements Arising out of Marc Dreier’s Criminal Fraud; Hedge Fund Victims ‘Squabble’ Over Proposed Recovery,” The Hedge Fund Law Report, Vol. 3, No. 7 (Feb. 17, 2010).  Second, institutional investors are starting to perceive and prepare for disasters from an insurance perspective, as quintessential “catastrophes” – high magnitude, low probability events against which precautions can be taken.  In this analogy, having a workable DRP is like moving away from beachfront property in a hurricane-prone region.  See “The Hedge Fund Transparency Act and its Unintended Consequences for Cat Bonds,” The Hedge Fund Law Report, Vol. 2, No. 20 (May 20, 2009).  Third, as a practical matter, many institutional investors outsource a portion of their due diligence to consultants (such as pension consultants) or operational risk due diligence providers.  If such service providers perceive the benefits of a DRP at one hedge fund manager on who they perform due diligence, they will look for DRPs at other hedge fund managers.  See “How Can Hedge Fund Investors Hone Their Due Diligence in Light of Alarming Rate of  ‘Verification Problems’ Discovered in Recent Study of Hedge Fund Due Diligence Reports?,” The Hedge Fund Law Report, Vol. 2, No. 44 (Nov. 5, 2009).  Fourth, many hedge fund managers have grown to rely to an increasing degree on technology.  Such managers can be adversely and more severely impacted by technological interruptions, but by the same token, they generally can recover from such interruptions faster.  Finally, there is the issue of fiduciary duty: a hedge fund manager has a fiduciary duty to its clients (which for most purposes in the hedge fund world means its hedge funds or managed accounts), and no provision in the Investment Advisers Act or at common law provides an exception to that duty during disasters.  Put another way, hedge fund managers are required by their fiduciary duties to prepare for foreseeable adverse events.  See “For Hedge Fund Managers, How Would a Statutory Definition of ‘Fiduciary Duty’ Affect the Scope of the Duty and the Standard for Breach?,” The Hedge Fund Law Report, Vol. 2, No. 34 (Aug. 27, 2009).  In recognition of the practical and marketing imperatives to hedge fund managers of having in place robust and best-of-breed DRPs, this article discusses: a more comprehensive definition of a DRP; the key elements of a hedge fund manager DRP (including recovery point objectives, recovery time objectives and the importance to smaller hedge fund managers of coordinating with service providers); the impact of a hedge fund’s strategy on design of its manager’s DRP; the role played by DRPs in institutional investor due diligence; specific technology issues (including the roles of Blackberries, trading, trade capture and accounting systems, and IT personnel); the potentially paradigm-shifting utility of “cloud computing” in disaster recovery planning; and testing and maintenance of DRPs.

    Read Full Article …
  • From Vol. 3 No.7 (Feb. 17, 2010)

    Key Elements of a Hedge Fund Adviser Business Continuity Plan

    The credit crisis changed the nature of institutional investor due diligence of hedge fund managers.  While performance remains a critical diligence point, aspects of the hedge fund advisory business other than performance now play a more prominent role in the investment decision-making process of institutional investors.  See “How Can Start-Up Hedge Fund Managers Use Past Performance Information to Market New Funds?,” The Hedge Fund Law Report, Vol. 2, No. 50 (Dec. 17, 2009).  The idea is that even hedge fund managers with years of competitive fund performance and deep benches of investment talent can be laid low by inadequate risk management, compliance and controls.  Galleon is the paradigmatic example.  See “Best Practices for a Hedge Fund Manager General Counsel or Chief Compliance Officer that Suspects or Discovers Insider Trading by Manager Employees or Principals,” The Hedge Fund Law Report, Vol. 2, No. 48 (Dec. 3, 2009).  One element of hedge fund adviser infrastructure that has received significant attention of late from institutional investors (as well as regulators) is the business continuity plan (BCP).  Broadly, as the name implies, a BCP is a written plan (often included in the compliance manual) in which a hedge fund manager identifies the range of events and risks that can interrupt business operations and investment activities, and details the steps that the manager will take if those events or risks come to fruition.  Events that may trigger the procedures in a BCP can be natural (e.g., hurricanes, earthquakes, pandemics), man-made (e.g., terrorism, theft, other crimes) or technological (e.g., power outages, disruption of exchanges, computer viruses).  And the procedures used to address those risks must be tailored to the manager’s strategy, technology, network of service providers and geographic location.  Moreover, the BCP has to be a living document – something that is tested, communicated to employees and other constituents, and updated as relevant.  It cannot be boilerplate: at this point, institutional investors have seen a healthy number of BCPs, and they will know when they see a BCP that reflects inadequate customization – and that can make the difference between investment and non-investment.  This article offers a comprehensive analysis of BCPs in the hedge fund context, as well as reporting from a recent webinar on the topic hosted by hedge fund technology firm Eze Castle Integration and prime broker Pershing Prime Services.  In particular, this article: defines a BCP more particularly; enumerates key elements of a hedge fund manager BCP (including, among others, development of an impact analysis, communications plans, backup facilities, coordination with third-party service providers and succession planning); and discusses: the impact of a hedge fund’s strategy on its manager’s BCP; regulatory requirements, including what the SEC looks for with respect to BPCs in the course of inspections and examinations; institutional investor expectations; disclosure considerations; communicating a BCP to hedge fund manager employees; and the frequency with which a BCP should be reviewed and updated.  This article is the first in a two-part series.  The second article in the series will deal with disaster recovery plans, which are close cousins of BCPs and are outlined in this article.

    Read Full Article …