Dodd-Frank Update: Legal & Technology Requirements for Firms

AgendaDodd-Frank & Investment Adviser Registration

Technology as Part of an Adviser’s Compliance Program

Technology Best Practice Guidelines

Dodd-Frank and Investment Adviser Registration

Investment Advisers - General

• An investment adviser is any person who engages in the business of advising others or providing analyses or reports concerning securities for compensation.

• Includes hedge fund and private equity fund managers• Affirmative duty of utmost good faith, and full and fair

disclosure of all material facts• The Investment Advisers Act of 1940 requires “investment

advisers” to register with the SEC unless a specific exemption is available.

• End of private adviser exemption under Dodd-Frank

Who Must Register

• Advisers solely to Private Funds (e.g., hedge funds and private equity funds) must register with SEC if AUM are $150 million or more.

• Advisers to Private Funds and other accounts must register with the SEC if AUM are $100 million or more.

• Advisers to Private Funds and other accounts must register with state if AUM is between $25 million to $100 million. However, will instead be required to register with the SEC if:

• Adviser is not required to register with the state securities regulator as an investment adviser, or

• Adviser is required to register with the state securities regulator, but the Adviser is not subject to examination as an investment adviser by the state.

• Advisers to RICs and BDCs• Adviser holds itself out to the public in the U.S. as an investment adviser

New Exemptions

• Less than $150 million• Venture capital funds• Registered CTA • Foreign private adviser • Intrastate adviser, no funds • Small business investment companies• New category of “exempt reporting adviser”

State Issues

• Individual state registration requirements• Notice filings • Investment Adviser representatives

Registering with the SEC

• Compliance Infrastructure • Chief Compliance Officer • Policies and Procedures

• Prepare Form ADV • Part 1 • Part 2

• Register • IARD Entitlement and Filing Fees • Filing Form ADV • Going Effective

Selected Compliance Issues• SEC Examinations• Compliance Policies and Procedures• Emphasis on procedures and training• Committees

(risk, valuation, brokerage, compliance)• Trading practices

(trade allocation, trade errors, best execution, soft dollars)

• Insider Trading • Pay-to-Play• Books and Records • Code of Ethics

Code of EthicsRequired:• Annual holdings report• Quarterly transaction reports• Pre-approval for IPOs and limited offerings• Insider trading policies

Best Practices (not required)• Pre-approval of most securities transactions• Provision of duplicate brokerage statements• Restrictions on gifts and entertainment• Restrictions on outside activities and boards• Access Person v. Supervised Person

Boston

Frankfurt

Hartford

Hong Kong

London

Los Angeles

New York

Orange County

San Francisco

Santa Monica

Silicon Valley

Tokyo

Washington

bingham.com

© 2010 Bingham McCutchen LLP One Federal Street, Boston, MA 02110-1726 ATTORNEY ADVERTISING

To communicate with us regarding protection of your personal information or to subscribe or unsubscribe to some or all of Bingham McCutchen LLP’s electronic and mail communications, notify our privacy administrator at

privacyUS@bingham.com or privacyUK@bingham.com (privacy policy available at www.bingham.com/privacy.aspx). We can be reached by mail (ATT: Privacy Administrator) in the US at One Federal Street, Boston, MA

02110-1726 or at 41 Lothbury, London EC2R 7HF, UK, or at 866.749.3064 (US) or +08 (08) 234.4626 (international).

Bingham McCutchen (London) LLP, a Massachusetts limited liability partnership regulated by the Solicitors Regulation Authority (registered number: 00328388), is the legal entity which operates in the UK as Bingham. A

list of the names of its partners and their qualifications is open for inspection at the address above. All partners of Bingham McCutchen (London) LLP are either solicitors or registered foreign lawyers.

Bingham McCutchen LLP, a Massachusetts limited liability partnership, is the legal entity which operates in Hong Kong as Bingham McCutchen LLP. A list of the names of its partners practicing in the Hong Kong office and

their qualifications is open for inspection at the address above. Bingham McCutchen LLP is registered with the Hong Kong Law Society as a Foreign Law Firm and does not practice Hong Kong law. Bingham McCutchen

LLP operates in Hong Kong in formal association with Roome Puhar, a Hong Kong partnership which does advise on Hong Kong law.

This communication is being circulated to Bingham McCutchen LLP’s clients and friends. It is not intended to provide legal advice addressed to a particular situation. Prior results do not guarantee a similar outcome.

Circular 230 Disclosure: Internal Revenue Service regulations provide that, for the purpose of avoiding certain penalties under the Internal Revenue Code, taxpayers may rely only on opinions of counsel that meet

specific requirements set forth in the regulations, including a requirement that such opinions contain extensive factual and legal discussion and analysis. Any tax advice that may be contained herein does not constitute

an opinion that meets the requirements of the regulations. Any such tax advice therefore cannot be used, and was not intended or written to be used, for the purpose of avoiding any federal tax penalties that the Internal

Revenue Service may attempt to impose.

Technology in an Investment Adviser’s and Broker/Dealer’s Compliance Program

1.Two High Level Constituents in Compliance Management

2.Elements in Compliance Program Operations

3.Technology Components in a Compliance Program

4.Benefits of Automated Systems

Agenda

Constituent 2: “Control”: Doing What Firm Said it was Going to Do

Constituent 1: “Advisory” Deciding What Firm Needs To Do (Many Inputs!)

Two Major Constituents in Compliance Programs

Firm’s Culture

Regulator’s Rules

Manual processes or technology tools to ensure policies and procedures are followed

Legislation Expected Practices

External Advisory (legal or compliance

consultants)

Firm’s Products

Regulators’ Reporting

Requirements

Regulators’ “Show Me”

Expectations

Risk Assessments

Firm’s Compliance Program (Policies and Procedures)

Defines

Elements in Compliance Program Operations

New Client Qualification (including AML)

Personal Trade Monitoring

Other Code of Ethics and Conflict of Interest Management

Calendar and Activity Management

Document Management

Case Management

Email/Social Media Retention and Surveillance

Trade and Fund Surveillance

Books and Records

Business Continuity Planning

Key Underlying Technology Components

Key Activities in Compliance ProgramDocument

Management incl. Policies & Procedures

Conflicts of Interest Disclosures & Review Gifts, Outside Activities,

Political Contributions, etc.

ComplianceCalendar

Procedures, Filings, Reviews, Controls, Tests, Due Diligence, Attestations,

Certifications

Compliance Program

Management

Technology Components in a Compliance Program

Personal Trading Pre-Clearance, Rules,

Employee Trades

New ClientQualification

Document & Report Review Marketing, Trade

Reports, etc.

Custom Forms, Questionnaires

& Checklists

Case/Issue TrackingClient Complaints, Trade Errors, etc.

Surveillance Trading, Positions, Email,

Social Media

Business Continuity Planning

Trading and Accounting

Data Storage & Retention

Books & Records

CRM

Compliance Program Before…

Organize So You Can Analyze

After…

Benefits of Automated Systems

Benefits:1) Reduces Costs2) Reduces Risk3) Saves Management Time4) Attracts Assets

Provides

Technology in an Investment Adviser’s and Broker/Dealer’s Compliance Program

Technology Best Practice Guidelines

Dodd-Frank Technology Implications

Specific technology system safeguards not defined

Other portions of Act are more specific– Imply best practices

Investor requirements dictating expectations

Dodd-Frank Guidelines for OthersSystem Safeguards

“Establish and maintain a program of risk analysis and oversight to identify and minimize sources of operational risk, through the development of appropriate controls and procedures, and automated systems, that— (i) are reliable and secure; and (ii) have adequate scalable capacity;

Establish and maintain emergency procedures, backup facilities, and a plan for disaster recovery that allow for—(i) the timely recovery and resumption of operations; and(ii) the fulfillment of the responsibilities and obligations of the facility.

Periodically conduct tests to verify that the backup resources of the facility are sufficient to ensure continued—(i) order processing and trade matching;(ii) price reporting;(iii) market surveillance; and(iv) maintenance of a comprehensive and accurate audit trail.

Record Keeping

Each organization shall maintain records of all activities related to the business of the facility, including a complete audit trail —(i) in a form and manner that is acceptable to the Commission; and(ii) for a period of not less than 5 years.

Technology Focus Areas

BusinessContinuityPlanning

Data Retentio

n

Disaster Recovery

Disaster Recovery vs. Business Continuity

Five Steps to Business Continuity Planning

Risk Assessment

Business Impact

Analysis

Plan CreationPlan & Implement

Plan Test & Maintain BCP

Life Cycle

Disaster Recovery BlueprintRecovery Point Objective (RPO)– The point in time to

which you must recover data as defined by your organization

Recovery Time Objective (RTO)– The duration of time

within which a business process must be restored after a disaster

• Nightly Backups

RPO = 24 hrs

• Snapshots

RPO < 4 hrs

• Continuous Replication

RPO = 0

• Restore from Backups

RTO > 24 hrs

• Hot Standby

RTO < 4 hrs

• High Availability

RTO = 1 hr

Other Disaster Recovery Considerations

In-house vs. outsourced

Traditional vs. managed service

Redundancy of DR infrastructure

Data Center security

Managed by Business Continuity Professionals

24x7x365 support and monitoring

Frequency of testing

Data Retention & Archiving Blueprint

SEC advises advisers to retain all internal and external email and IM business communications

Tape backup is not adequate!

Sound practices for Archiving include:– Retaining email and IMs for prescribed amount of time by

law– Storing data in WORM format– Searchable indexing of files – Keeping archived data on your own server and make sure it

is easily available

Considerations for Archiving

Questions to Ask

Will you have a dedicated server or shared server?

Does the provider utilize Natural Language Processing?

Bloomberg, Thomson Reuters compliant?

Use WORM storage to maintain message integrity?

Allow for single-search of all information?

Can end users see and search their own electronic records without seeing those of other users?

Eze Castle Integration OverviewFounded 1995

Mission To be the leading provider of IT services and technology solutions to the investment community worldwide

Headquarters

Additional Offices

Boston

New York City, Chicago, Dallas, Geneva, Minneapolis, Los Angeles, San Francisco, Singapore, Stamford and London.

Phone 1.800.752.1382

Website & Blog www.eci.comwww.eci.com/blog

Core Services • Strategic IT Consulting

• Outsourced IT & Help Desk

• Professional Services

• Managed Services

• Startup & Relocation

• Communications Solutions

• Network Design & Management

• Business Continuity Planning

• Disaster Recovery

• Compliance Solutions

• Storage Solutions

• Cloud & Colocation Services

• Internet Service

• E-Mail & IM Archiving

260 Franklin Street, 12th floor Boston, MA 02110 617-217-3000 www.eci.com