Hedge Funds and Business Continuity
Business-continuity planning, disaster recovery, and impact analysis are serious business for hedge funds and other market participants.
“The financial sector must outperform in the face of emergencies because it can affect national security by virtue of its economic impact,” said Brian Tishuk, executive director of ChicagoFirst, a public private partnership that includes Ariel Investments, Northern Trust, Bank of America Merrill Lynch, and Goldman Sachs, as well as exchanges and financial regulators.
Tishuk presented last month in Boston at the National Strategy Forum Review on the national-security implications of business continuity.
On Monday, bombs exploded at the Boston Marathon, killing at least three and injuring about 150. The act of terror served as a tragic reminder of the importance of business continuity and disaster recovery.
“We’re not just talking Weather Channel events,” said Taylor Busby, vice president of marketing for Agility Recovery Systems, formerly a unit of GE.
One of the most important components of recovery is communication with stakeholders, especially if internet and/or phone connectivity is lost, Busby said on Monday. An ‘old-school’ call list is an option, and system control must be well-tested for reaching first responders and then stakeholders, possibly via text or e-mail.
Hedge funds’ and other financial institutions compliance is enforced via audits, which require details about plans, testing frequency and reporting. Busby learned of the news from the Boston Marathon while speaking with Markets Media and had to go to check on Agility Recovery’s financial-services clients in the area.
Firms must consider vendor risk carefully. It is estimated that financial institutions and asset managers spend more than 10% of their technology budget on security.
Information sharing in the event of a disaster occurs at the federal level within the Financial Services Information Sharing and Analysis Center, a little-known organization that launched in 1999 to enable the public and private sectors to share information about physical and cyber security threats and vulnerabilities.
Commodity Futures Trading Commission rules provide that a clearing exchange must be able to clear two hours after a disruption, and the Securities and Exchange Commission mandates that advisers to hedge funds and other private funds must be registered and compliant with business-continuity regulations.
According to a hedge-fund industry marketing group, there are five steps needed for a hedge fund to create an effective business continuity plan: risk assessment, impact analysis, plan development, plan implementation, and finally testing and maintenance.