Home » Posts » Hedge Fund Compliance Chapter 5: How Technology Helps With Compliance

Hedge Fund Compliance Chapter 5: How Technology Helps With Compliance

Technology runs everything these days. Hedge funds are no different. Chapter 5 of Scharfman’s book looks at how hedge funds use technology specifically for compliance. Not for trading. Not for making money. For following the rules and keeping records.

Let me walk you through the main ideas.

The IT Department at a Hedge Fund

Before we talk about compliance tech, you need to understand how hedge fund IT works. Scharfman breaks it into three pieces:

Hardware covers all the physical stuff. Servers, routers, cables, generators, printers, phones. Somebody has to keep the lights on.

Software covers everything that runs on top of that hardware. Email, word processing, databases, server management tools, internet access. Some funds even build their own custom software for trading. That falls under this group too.

Help desk is what you think it is. Something breaks, you call these people. Sometimes they are the same folks who handle hardware and software. Sometimes it is a dedicated team. Sometimes it is outsourced.

The person running the whole IT show is called the Chief Technology Officer (CTO). The structure looks a lot like how compliance teams are organized, actually. You can have dedicated in-house people, shared staff, or outsourced consultants. Same patterns, different job.

Where Compliance and IT Meet

In the early days of hedge funds, IT and compliance did not really talk to each other. Today, they are basically joined at the hip. Scharfman identifies two main ways compliance uses technology:

First, compliance teams use tech tools to do their actual work. Think monitoring software, archiving systems, surveillance tools.

Second, compliance uses IT infrastructure to make sure the fund and its employees are actually following the rules. This is about oversight and enforcement.

There is also a third area that keeps growing: technology risk. This is the business risk that comes from using technology itself. If your systems get hacked, if data gets stolen, if software fails at the wrong moment, that is technology risk.

And then there is cybersecurity, which is a huge topic now. Scharfman defines it as protecting your IT systems and data from unauthorized access or theft. This includes outside hackers breaking in and employees stealing data from the inside. The book covers cybersecurity in detail later in Chapter 11, but the foundation starts here.

Electronic Data Changed Everything

Here is a fun bit of history. Hedge funds used to keep everything on paper. Paper trade blotters. Physical trade tickets stamped with the time. Actual paper files sitting in cabinets.

That is mostly gone now. Electronic data took over for good reasons:

It is easier to search. Try finding a specific trade record in a warehouse full of filing cabinets versus typing a query into a database. When regulators come asking questions, you want to find answers fast.

You can control who sees what. Not every employee needs access to the secret trading algorithm or the investor contact list. With electronic systems, compliance can work with IT to restrict access based on who needs it for their job.

You can track who accessed what. Say someone unauthorized looks at a trading algorithm. With electronic records, there is a log of that. You know who did it, when they did it, and you can ask them why.

You can control how data is accessed. Imagine a programmer who is allowed to work on a trading algorithm at the office. But should she be able to access it from her home computer? Maybe not. Compliance and IT can set up rules so sensitive data only works from certain locations or devices.

You can block data from leaving the building. USB drives, external hard drives, CD-ROMs. A hedge fund can prevent employees from downloading sensitive data to portable storage devices. Even if they do manage to download something, you can add password protection and encryption.

You can watermark client documents. When a hedge fund sends a marketing presentation (called a pitchbook) to a potential investor, they can automatically watermark each page with the recipient’s email address. This way, if the document leaks, you know exactly who shared it.

What Records Must Be Kept?

Scharfman references SEC Rule 204-2, the “Books and Records Rule,” which tells hedge funds what they need to archive. The list is long:

  • Financial and accounting records (bank statements, bills, financial statements)
  • Investment records (trade orders, confirmations, proxy votes, client correspondence)
  • Documentation of who gave the fund authority to trade on their behalf
  • All communications with existing and potential clients
  • Code of Ethics documentation (rules about personal trading by employees)
  • Disclosure documents (like Form ADV filings)
  • Annual compliance review documentation

That is a lot of data. And it all needs to be stored, searchable, and accessible.

The Big Questions About Data Archiving

Scharfman lays out several practical questions that every hedge fund compliance team needs to answer:

What data needs to be archived? You might think “just archive everything,” but that is not always practical. Not every fund has unlimited storage budgets.

Do you have a written policy? This one is important. Compliance teams sometimes assume IT is automatically backing up everything. That is not always true. You need written rules that everyone understands and follows.

Where should data be stored? The SEC says records must be kept in an “easily accessible location.” More and more funds use cloud storage now. But compliance needs to understand what kind of cloud (public vs. private) and what security is in place.

How often should backups happen? Not all data is equally critical. Some data gets backed up more frequently than others. IT usually advises on what is practical given the volumes involved.

How long do you keep it? Under U.S. rules, the minimum is five years, sometimes seven. Some funds take a conservative approach and keep everything forever. But that costs money and resources, so it is not always realistic.

Paper Is Not Completely Dead

Even with all this electronic data, some hedge funds still have paper documents lying around. Old brokerage statements, forms that need physical signatures for cash transfer approvals. Legacy stuff.

Smart compliance teams work with IT to digitize these paper processes. Scan old forms into electronic formats. Replace paper approval workflows with software systems. It is a gradual transition, but the direction is clear.

Business Continuity and Disaster Recovery

This section is about what happens when things go wrong. Power outages. Internet goes down. A hurricane hits (Scharfman mentions Hurricane Sandy in 2012, which shut down many hedge funds in the northeast U.S.). Or worse, a terrorist attack.

Regulators now require hedge funds to have written plans for these scenarios. The SEC says it pretty directly: an adviser has a duty to protect client interests even when something goes wrong. If your fund actively manages client money and suddenly stops operating, those clients are at risk.

A good business continuity plan (BCP) and disaster recovery plan (DR) should cover:

  • How data gets backed up and recovered
  • How key employees can communicate during a disaster (including old-school calling trees)
  • How employees can work remotely with secure access
  • Where people should physically go if the office is inaccessible (called a “disruption gathering location”)
  • How to keep talking to investors and service providers during a disruption

And here is the part people forget: you have to actually test the plan. Writing a document and putting it in a drawer does not help anyone. Compliance teams make sure these plans get tested on a regular schedule and that the testing is properly documented.

Chapter Summary

Chapter 5 is all about the growing overlap between IT and compliance at hedge funds. Technology is not just a convenience anymore. It is central to how funds follow regulations, monitor employees, archive data, and prepare for disasters.

The compliance team cannot work without IT. And IT needs compliance to tell them what rules apply. They depend on each other.

In the next chapter, Scharfman looks at what happens when a hedge fund’s internal team is not enough, and they need to bring in outside help: compliance consultants.

Previous: Chapter 4 - Building a Compliance Team

Next: Chapter 6 - Compliance Consultants

#hedge-fund-compliance #jason-scharfman #book-retelling #hedge-funds #compliance #finance #compliance-technology #cybersecurity

About

About BookGrill

BookGrill.org is your guide to business books that sharpen leadership, refine strategy and build better organizations.

Know More

Category

Tags View all tags

Book-Retelling Behavioral-Finance Larry-Harris Market-Microstructure Trading-and-Exchanges Investing Investing-Psychology Paul-Wilmott Quantitative-Finance Finance Hedge-Funds Michael-Pompian Investing-Biases Financial-Markets Trading Wealth-Management Cyril-Demaria Private-Equity Tim-Richards Investor-Psychology Market-Efficiency Psychology Edwin-Burton Sunit-Shah Frank-J-Travers Hedge-Fund-Analysis Investor-Types Due-Diligence Compliance Personal-Finance Private-Banking Thorsten-Hens Economics Free-to-Choose Milton-Friedman Money-Management Hedge-Fund-Compliance Jason-Scharfman Hedge-Fund-Book Hft Richard-C-Wilson Flash-Boys High-Frequency-Trading Michael-Lewis Stock-Market Wall-Street Risk-Management Exotic-Options Asset-Allocation Book-Review Regulation Black-Scholes Capital-Raising Loss-Aversion Private-Debt Prospect-Theory Real-Assets Venture-Capital Cognitive-Bias Iex Interest-Rates Interviews Investor-Behavior Mental-Accounting Risk-Tolerance Volatility Anchoring-Bias Bid-Ask-Spread Bonds Brokers Case-Studies Case-Study Confirmation-Bias Debiasing Derivatives Education Entrepreneurship Financial-Advisory Fixed-Income Goldman-Sachs Hedge-Fund-History History Inflation Ltcm Market-Anomalies Market-Structure Options-Pricing Overconfidence Portfolio-Construction Structured-Products Transaction-Costs Yield-Curve Adam-Smith Algorithmic-Trading American-Options Arbitrage Attribution-Analysis Availability-Bias Best-Practices Binomial-Model