FINRA is currently seeking feedback on its Business Continuity Rule, including if firms have activated their business continuity plans and whether the costs of creating, maintaining or updating such a plan outweigh the benefits. Feedback is due April 26, 2019.
What makes an effective Business Continuity Plan?
An effective plan can create loyal customers by ensuring they receive critical services during an event. While no one wants to have to activate a Business Continuity Plan (“BCP”) as the result of a natural or man-made disaster, having one in place will help you protect your firm and your customers.
Effective BCP plans aren’t just technology exercises, they are developed based upon the size, needs and business risks of a firm. Key components that comprise an effective Business Continuity Plan typically include:
- Key person death, disability, or unavailability
- Data backup and recovery (hard copy and electronic)
- Mission critical systems
- Financial and operational assessments
- Alternate communication methods between the firm, its customers, employees and strategic vendors
- Alternate physical locations to conduct service
- Critical business constituent, bank, and counterparty impact
- Regulatory reporting
- Communications with regulators
- How the firm will assure customers’ prompt access to their funds and securities in the event that the firm is unable to continue its business
The inability to communicate with and service your client’s accounts may subject your firm to loss of clients, regulatory action or arbitration/litigation. Investment advisors may be unable to fulfill their fiduciary duty to their clients.
You may think that your firm will never be subjected to a business disruption or the need for succession planning, but why take the chance? As the old saying goes… “Plan for the worst and hope for the best.”
What Are the Requirements Around Business Continuity Plans?
Guidance on the requirements and items that constitute an effective BCP and/or Succession Planning are found in FINRA Rule 4370.
For state-covered advisors in states where the NASAA Module Rule has been adopted, guidance can be found in NASAA Model Rule 203(a)-IA or Rule 411(c)-IA.
The SEC, as part of Rule 206 (4)-7, requires the creation of a BCP as part of the firm’s overall compliance procedures. Currently, SEC Rule 206(4)-6, which addresses specific requirements for a BCP, is still pending approval.