The challenging question Hedge Fund Managers should ask themselves is what should they be doing to be compliant with President Obama’s Hedge Fund Regulation Plan? There are many questions and many tasks to accomplish, but most important is to understand the main points of the plan, what needs to be done and what are the costs associated. In this paper I present you with a summary of the President’s plan and what a Chief Compliance Officer needs to face in conjunction with the IT department to be compliant with regulations. Costs are important, but I will keep them away from this paper.
The Triple Threat | Article on Global Resession | Harsh Kumar
How Is President Obama's New Hedge Fund Regulation Plan Affecting You?
1. September 10th, 2009
How is President Obama’s New Hedge Fund Regulation Plan affecting you?
By Meyer Ben-Reuven, CEO Chelsea Technologies
The challenging question Hedge Fund Managers should ask themselves is what should they be doing to
be compliant with President Obama’s Hedge Fund Regulation Plan? There are many questions and many
tasks to accomplish, but most important is to understand the main points of the plan, what needs to be
done and what are the costs associated. In this paper I present you with a summary of the President’s
plan and what a Chief Compliance Officer needs to face in conjunction with the IT department to be
compliant with regulations. Costs are important, but I will keep them away from this paper.
Obama’s New Hedge Fund Regulation Plan
In June 2009, President Obama presented a proposal for new regulations that affect Hedge Funds and
fund managers. The most important part of this new regulation will be to require Hedge Fund, Private
Equity, and VC Fund Managers to register with the SEC as investment advisors.
Although it is a proposal, all fund managers will have to start thinking about the re-registration and the
process to keep the fund compliant.
The plan’s 5 main goals are:
1. Promote robust supervision and regulation of financial firms.
2. Establish comprehensive supervision and regulation of financial markets.
3. Propose comprehensive regulation of all OTC derivatives.
4. Protect customers and investors from financial abuse.
5. Raise international regulatory standards and improve international cooperation.
The idea is to require advisers to report financial information on their fund and its management and thus
have the ability to assess whether the fund poses a threat to the stability of the financial system and at
the same time strengthen investor protection.
The specific goals regarding hedge funds are as follows:
Data collection
SEC should conduct regular, periodic examinations of hedge funds
Reporting AUM and other fund metrics to the SEC
SEC would have ability to assess whether the fund or fund family is so large, highly leveraged, or
interconnected that it poses a threat to financial stability
How will IT Departments have to help keep the funds within regulation rules?
As of February 2006, Hedge Fund Advisors were obliged to comply with SEC Rule 203(b)(3)-2 requiring
registration under the Investment Advisor Act. Under these rules, the Hedge Funds were advised to
retain all internal and external email and IM business communications. In June 2006, the Goldstein
ruling against the SEC pushed several funds to de-register. With the failure of the financial system since
the end of 2007, the new administration has been poised to regulate the industry more than ever.
22 Cortlandt Street 14FL Page 1 of 3
New York NY 10007
T 212.966.3355 F 917.237.1622
www.chelsea-tech.com
2. What needs to be done?
1. Take a look at all the ways communications are conducted in the fund
2. What are the devices used to communicate
3. Always be on the lookout for new technologies
Afterwards, insure you have control over the different communication methods. As stated, all electronic
communication in and out of the fund has to be retained for future review. This means that if it cannot
be controlled and retained, it must be prohibited.
All internal rules have to be specified in IT policies and procedures, otherwise no one can be held
accountable. Furthermore, the policies should be structured to the fund and not use a boiler plate one.
One of the rules should have employees attest annually they are using approved communication venues.
The following is how data needs to be archived for SEC purpose audits:
1. Incoming/Outgoing Data must be kept in its original form
2. Data has to be easily retrievable and searchable
3. Data has to have a date and time stamp
4. Data has to be retained in the main office for first 2 years
5. Data has to be retained for 5 years
6. Data has to be put into tamper proof media (meaning non-rewritable and non-erasable)
7. Data has to be stored in a secondary backup location (preferably away from the same grid)
8. Be able to produce data promptly (within hours)
9. Be able to provide data in its original format in either view or print form
10. Implement annual review of the system
It is highly recommended that data be tested for integrity including testing retrieval and searching, as
well as accuracy. The test should be conducted on a yearly basis, but better if on a more frequent basis.
Although the IT department is in charge of conducting the process, it is ultimately the Chief Compliance
Officer who is responsible for this area. The Chief Compliance Officer needs to dictate the test frequency
as well as to advise everyone in the firm about the policies and make sure everyone understands the
consequences of failure to comply.
All these internal policies have to be in writing and any violations have to be documented and fixed. The
regular testing and reviews have to be documented and be ready for presentation in case of an audit.
NOTE: TAPE BACKUP IS NOT A SUBSTITUTE FOR MESSAGE ARCHIVING
What are the different communication venues that exist and can be controlled and thus
archived?
1. Email and IM from Exchange
2. Email and IM from Bloomberg and Reuters
3. Blackberry archiving of Pin-to-Pin , SMS, Call Detail logs
4. E-Faxes
5. Blogs
6. Chat Rooms
22 Cortlandt Street 14FL Page 2 of 3
New York NY 10007
T 212.966.3355 F 917.237.1622
www.chelsea-tech.com
3. 7. Message Boards
8. Twitter
9. Facebook
10. LinkedIn
Since all of the above require certain technologies and software for archiving and retaining, you have to
make an effort to comply with the regulations or otherwise prohibit the usage of such technologies in the
work place.
The compliance procedures should require the Chief Compliance Officer or his designee randomly review
all electronic communications from the various sources which should also include an audit trail of all
messages reviewed.
How do you implement compliance?
There are two schools of thought to achieve compliance:
1. Build an in-house system
2. Use a third party system
The in-house system is more complex and often requires a larger upfront investment to build and
maintain. Keep in mind you will have to have the following:
1. Servers, storage, and software
2. Backup Servers, storage, and software in a location out of the main location grid
3. Replication system
4. Maintain both the main and backup location
The responsibility and costs can escalate, but depending on the size of the firm, it might be the most cost
efficient.
The third party systems, which have built an infrastructure that is scalable, keep on growing as more
clients join their list. The time to implement is a fraction of building an in-house system. Depending on
the third party provider, there are several ways of getting the data:
1. Have the data arrive to the email server and from there delivered to the third party provider
2. Have the data arrive to the third party provider and then to the email server
Both methods of delivery have issues of their own. The first method requires you to be diligent about
monitoring the email flow and ensure data is routed to the archiving provider – the responsibility is
shifted completely to you. The second method, where the provider requires the email to be routed
through their system before it arrives to your server, usually poses a different challenge where emails
might get delayed at the provider.
If you decide on any of the above systems, you should try to utilize an external anti-spam solution to
keep your storage usage to a minimum as well as to make sure that non-account emails do not reach
your email server. These measures will keep all spam from being part of your retention data.
References and information from the following sources:
Joe Kirincich (Water Asset Management), Global Relay, Zantaz, LiveOffice, NextPage, Hedge Fund Law Blog
22 Cortlandt Street 14FL Page 3 of 3
New York NY 10007
T 212.966.3355 F 917.237.1622
www.chelsea-tech.com