The SEC and state regulatory bodies have been tightening up their audit practices in many areas of compliance. The frequency and severity of recent natural disasters has brought sharp regulatory focus on the quality and effectiveness of the business continuity and disaster recovery plans (BC/DR plans) used by investment advisors. As a result, I asked my colleague, Steve Galletto, to share his thoughts on the changing regulatory landscape regarding BC/DR plans.
Galletto advised that in some instances, advisors located within a geographic area affected by a natural disaster have been subject to regulatory probes geared toward determining whether the BC/DR plans maintained by those firms were sufficient to protect advisory clients from the risk of a business interruption.
Business interruptions pose a threat to advisors and their ability to service clients. When faced with a business interruption, firms that have invested time and effort in BC/DR planning find themselves in a better position to resume operations than those firms that failed to do so. Well-drafted and maintained BC/DR plans help investment advisors prepare for disruptive events and may even prevent business interruptions from occurring. Unfortunately, BC/DR plans have become an afterthought for some investment advisors.
As a fiduciary, an investment advisor is obligated to take steps to prevent business interruptions that could potentially put clients at a disadvantage. Accordingly, SEC Rule 206(4)-7 and comparable state regulations require that investment advisors maintain a BC/DR plan. However, these regulations fail to provide advisors with specific guidance as to the development of an effective plan.
Effective BC/DR plans are the product of the following: a thoughtful and thorough assessment of risk exposures, including an impact analysis to identify the critical areas of your business; customization to ensure that the BC/DR plan fits your firm’s level of sophistication; adequate infrastructure to support the implementation of the BC/DR plan; routine testing to ensure that the BC/DR plan protects your firm as intended; and maintenance to ensure that the BC/DR plan evolves with changing regulations and the way you do business.
It is imperative that you review and assess whether your BC/DR plan is tailored to your firm’s risk exposures and business needs. Inadequate BC/DR plans will not only draw regulatory attention, they may also jeopardize your client relationships and your business. With careful planning and continued diligence, your BC/DR plan can help your firm weather any storm.
In addition, during an exam you should be prepared to demonstrate to regulators the importance of the BC/DR process, including monitoring and updating the plan as necessary on an ongoing basis; making the BC/DR plan part of the firm’s chief compliance officer’s required annual review process; and sharing the particulars and importance thereof with firm staff. I recommend that the BC/DR process be an agenda item on the annual compliance meeting that each firm should have for its staff.
In light of the changing regulatory focus on the quality and effectiveness of investment advisors’ continuity and recovery plans, we recently advised all of our clients that it is prudent to review their current plans and have them enhanced or rewritten so as to better prepare the firm for any business interruption and to correspondingly demonstrate to regulators the firm’s readiness to respond.