February 2016
E-Mail from Marshall Gandy 2/4/16
A registrant may have one or more emergency plans referred to variously as business continuity plans, disaster recovery plans, or contingency plans. Contingency plans will vary widely among registrants, and depending upon the registrant's structure, operations, and commitments. The Chief Compliance Officer of the registrant will be responsible for implementing and maintaining contingency plans, but a contingency planning committee composed of supervisors and other key personnel may do much of the work.
The planning process should focus, at a minimum, on the types of disasters that could occur and the potential impact each would have on the adviser's business and investment operations, as well as the people that provide services to and for the adviser. A contingency planning process should include appropriate provisions for handling a large number of factors that are likely to arise in the event of a disaster or dislocation, including, but not limited to, employees, clients, physical facilities, communications, information resources, business operations, regulatory concerns, third-party service providers and financial resources.
In reviewing a firm's contingency planning preparedness, examiners will generally focus on the process the firm has established to respond to and recover from the various types of contingencies and disasters to which it is exposed. Such contingencies and disasters could include the following:
- Fire, flood, tornado, hurricane, blizzard;
- Terrorist attack, building destruction;
- Evacuation of building/area, quarantine of area; disease pandemic;
- Assignment of duties to qualified responsible persons in the event of the death or unavailability of key personnel;
- Absence of substantial number of employees, labor strike; unanticipated market closures;
- Computer crashes, network failure; or,
- Telecommunication interruptions, Utilities failure.
Examiners will also discuss with firms areas of concern unique to the firm and the plans that have been, or should be, made to address those concerns.
- Rule 206(4)-7 – Requires each investment adviser to adopt and implement written policies and procedures reasonably designed to prevent the adviser from violating the Advisers Act. In Release No. IA-2204, the Commission states that these policies and procedures should include business continuity plans.
- Release IA-2204 states that an adviser's fiduciary obligation to its clients includes the obligation to take steps to protect the clients' interests from being placed at risk as a result of the adviser's inability to provide advisory services after, for example, a natural disaster or, in the case of some smaller firms, the death of the owner or key personnel. The clients of an adviser that is engaged in the active management of their assets would ordinarily be placed at risk if the adviser ceased operations.
- Release No. 34-47638 emphasized three new business continuity objectives for all financial institutions:
- Rapid recovery and timely resumption of critical operations following a wide-scale disruption;
- Rapid recovery and timely resumption of critical operations following the loss or inaccessibility of staff in at least one major operation location; and
- A high level of confidence, through ongoing use or robust testing, that critical internal and external continuity arrangements are effective and compatible.
Rule 206(4)-7: Compliance Procedures and Practices
The "Compliance Rule" (Rule 206(4)-7 under the Advisers Act) requires advisers to adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act. Each adviser should identify conflicts and other compliance factors creating risk exposure for the firm and its clients in light of the firm's particular operations, and then design policies and procedures that address those risks. The Commission expects that an adviser's policies and procedures, at a minimum, should address a standard set of operations to the extent that they are relevant to the adviser as provided for in the "Compliance Rule Release." Advisers must review those policies and procedures at least annually for their adequacy and the effectiveness of their implementation, and designate a Chief Compliance Officer ("CCO") to be responsible for administering their policies and procedures.
As stated previously, Rule 206(4)-7(a) requires registered advisers to adopt and implement compliance programs in the form of written policies and procedures reasonably designed to prevent violation of the Advisers Act by the adviser or any of its supervised persons. The rule requires advisers to consider their fiduciary and regulatory obligations under the Advisers Act and to formalize policies and procedures to address them.
An adviser should establish a reasonable process for responding to emergencies, contingencies and disasters. The plan's procedures should focus, at a minimum, on the types of disruptions that could occur and the potential impact each would have on the advisory business operations and employees. Therefore, the planning process should include appropriate policies, plans, and procedures for handling the large number of factors or issues that are likely to arise in the event of a disruption, some of which include employees, clients/shareholders, physical facilities, communications, information resources, business operations, regulatory concerns, outside service providers and financial resources.
Hope this information is helpful.
Marshall Gandy
Senior Officer and Associate Regional Director
Office of Compliance Inspections and Examinations
Fort Worth Regional Office
United States Securities and Exchange Commission
Joan M. Ridley is President of Business Wealth Solutions, a business consultancy that helps business owners protect, preserve, and enhance value, often in preparation for management or ownership transition for manufacturers, wholesale distributors, and B2B services, coordinating her efforts with the client's personal financial advisors. She is a Certified Business Intermediary, Certified Business Exit Planner, and a Certified Financial Planner™. In 2013 she received the first Excellence in Exit Planning Award conferred by the Exit Planning Institute for her pioneering contribution to this new discipline. She is the Founder of the North Texas Chapter of The Exit Planning Institute. Call 214-692-9192 and visit www.bwsllc.net.