In August, I discussed how the frequency and severity of recent natural disasters has caused regulators to refocus on the quality and effectiveness of the business continuity and disaster recovery plans (BC/DR plans) that investment advisors rely on during business interruptions. It came as no surprise to me and my colleagues when the SEC issued a risk alert on Aug. 27 directing investment advisors to review their BC/DR plans to ensure that they addressed frequently overlooked areas of concern.
The SEC risk alert urges investment advisors to consider the following when reviewing their BC/DR plan:
- Widespread disruption. When Hurricanes Sandy and Katrina devastated the Northeast and the Gulf Coast, businesses went without electrical power, phone service and Internet service for weeks. Entire office buildings were destroyed by flooding and strong winds. Many advisors were unprepared for the widespread devastation.
- Alternative locations. In the case of a widespread disruption, an alternative office across town will likely be compromised and fail to provide advisors with a suitable secondary location.
- Vendor relationships. As more advisors store their electronic files in the cloud, it becomes imperative that advisors consider the geographic location and redundancy capabilities of their information technology vendors.
- Telecommunication and technology services. Advisors who have been slow to move into the digital age are often self-contained, localizing their electronic and hard-copy files. These firms lack the mobility of a cloud-based firm and should consider alternative methods for data storage.
- Communication plans. With today’s meteorological models and predictions, advisors are usually provided with advance warning of a major weather event. The risk alert urged advisors to consider implementing a communication plan to warn clients that there may be a period of time following the storm when the advisor cannot be contacted by normal means.
- Compliance. As I discussed in my column in August, I strongly recommend that a review of your BC/DR plan be part of your annual review process.
- Review of testing. A BC/DR plan isn’t worth the paper it is written on if it can’t be implemented. Testing your BC/DR plan will help you identify weaknesses and also serve as training for employees.
Your BC/DR plan should not be viewed as another regulatory obligation. If it is designed with your firm’s risk exposures and business needs in mind, your plan will not only protect your firm from unnecessary scrutiny, it may also help you maintain your client relationships and your business.
Reg S-ID Deadline Approaching