SEC Proposes New Rule Mandating Business Continuity and Transition Plans

On June 28, 2016, the SEC proposed a new rule which will require Registered Investment Advisers (“RIAs”) to adopt and implement written business continuity and transition plans. The purpose of proposed Rule 206(4)-4 is to ensure that RIAs have plans in place that are designed to minimize the damage if there are disruptions to a firm’s operations. Comments on the proposed rule will be permitted for sixty days after its publication in the Federal Register. The proposed rule can be found at https://www.sec.gov/rules/proposed/2016/ia-4439.pdf.

Rule 206(4)-4 is based on the assumption that advance planning and preparation can help mitigate the impact from disruptions. The SEC believes that the proposed rule might even prevent disruptions from occurring.

An effective business continuity and transition plan can minimize the damage from temporary or permanent disruptions caused by events such:

• Natural disasters;
• Technology failures;
• Departure of key personnel; and
• Cyber-attacks.

An RIA’s business continuity and transition plan can be tied in with the firm’s efforts to guard against cyber threats.

An RIA’s plan must be tailored to the specific risks faced by the firm and should address:

• Maintenance of critical operations and systems;
• How clients’ records and other data will be protected, backed-up, and recovered;
• Where to conduct business if an RIA’s office becomes unavailable due to a disruption;
• Communication procedures in the event of a disruption, including contact information for clients, employees, regulators, and service providers;
• Identification and assessment of third-party services critical to the operation of the RIA; and
• Transitional issues in case an adviser needs to wind down operations or becomes unable to continue providing advisory services.

Rule 206(4)-4 as it relates to transition planning

In the release that accompanied the proposed rule, the SEC stated that keeping clients’ assets safe and maintaining ready access to their information, is fundamental to acting in the best interest of the client. An RIA’s policies and procedures should address how the RIA will safeguard, transfer, and/or distribute assets in the event of a transition.

A succession plan is one way to ensure that an RIA’s clients are protected in the event of a transition. Although a full succession plan is not required, the SEC does expect to see how the RIA will protect clients if the business ceases to exist in its current form and must be sold to another firm or dissolved.

The components of a transition plan should include:

• Policies and procedures intended to safeguard, transfer and/or distribute client assets during the transition;
• Policies and procedures that make it easier and quicker to generate the information needed to transition each client account;
• Information regarding the RIA’s corporate governance structure, so designated persons know how to execute the transition plan;
• Identification of any material financial resources available to the RIA to facilitate the transition; and an
• Assessment of applicable law and contractual obligations affecting the RIA and its clients that will be triggered by the transition.

For example, client contracts might not permit them to be assigned to a third party without their consent.

These components are designed to help RIAs to prepare for a transition – expected or unexpected – so action can be taken quickly to protect clients’ interests.

Business continuing and transition planning is ongoing for every adviser

The proposed rule and its amendments would require SEC-registered advisers to review the adequacy and effectiveness of their plans at least annually and to retain specified books and records.

State-register advisers may also be subject to a rule requiring them to engage in business continuity and transition planning. Last year, the North American Securities Administrators Association (“NASAA”) adopted a model rule dealing with business continuity and succession planning. NASAA’s model rules are utilized by states in formulating their own requirements for advisers registered in their jurisdiction.

Even if a state has not adopted NASAA’s model rule, RIAs owe a fiduciary duty to their clients to prepare for disruptions that might impact them. Otherwise, clients’ financial well-being may be at jeopardized through no fault of their own.

NCS Regulatory Compliance clients should already have a business continuity plan in place as part of their compliance manual. They will be notified when Rule 206(4)-4 has been finalized.

Other RIAs might find that having a compliance consultant can minimize the disruption to their firm caused by new rules and regulations. As two large trade groups pointed out last year, implementing a business continuity and transition plan is more than just a regulatory requirement. It is a business imperative.

NCS Regulatory Compliance has been assisting broker-dealers and investment advisers with industry critical compliance responsibilities for over 25 years. We continue to provide products and services to thousands of firms in the financial services industry. If you have questions related to compliance obligations, compliance requirements, or other compliance topics, please contact us at info@ncsregcomp.com.

Les Abromovitz can be reached at NCS Regulatory Compliance by e-mailing him at labromovitz@ncsregcomp.com. Les is the author of THE INVESTMENT ADVISOR’S COMPLIANCE GUIDE, which was published by the National Underwriter Company, a division of ALM. The book is available at http://www.nationalunderwriter.com/the-investment-advisor-s-compliance-guide-2.html.