Business Continuity Plan, including Succession Plan

September 05, 2014

The North American Securities Administrators Association (NASAA) proposed a model rule requiring investment advisers to create and implement written procedures to address business continuity and succession planning in the event of the owner’s and other key personnel’s untimely departure or a natural disaster (http://www.nasaa.org/wp-content/uploads/2014/08/IA-RFPC-Model-Rule-Model-Guidance.pdf). With this proposal NASAA has caught up with the United States Securities and Exchange Commission’s (SEC) requirements for federally registered investment advisers to establish business continuity and disaster recovery plans.

NASAA is an international organization devoted to investor protection. It is a voluntary association whose membership consists of 67 state, provincial and territorial securities administrators including all 50 U.S. states. NASAA and its participating members create model securities rules that are often similar, but sometimes vary from those of the SEC. While not required to do so, many states adopt these model rules or adopt similar rules. It is important to clarify that just because NASAA drafts a model rule it does not mean a member entity (i.e. state) has to adopt the rule. While many states create their own rules and regulations they commonly defer to those outlined by NASAA

NASAA’s proposed model rule cautions of the realities of business interruptions. Any number of things can halt the daily functions of an investment adviser firm. Natural disasters, fires, floods, deaths, injuries and accidents disrupt business continuity. In the absence of any state-specific requirements, investment advisers have a fiduciary duty to have policies and procedures in place that minimize risk to clients and ensure clients’ access to their assets.

NASAA recognizes the wide range of different business models and structures so its proposal does not mandate specific criteria each firm must follow. The proposal gives discretion for firms to develop customize plans based on their unique circumstances. However, the model rule does provide general expectations of investment adviser firms. These general expectations include:

  1. Data back-up and recovery (hard copy and electronic)
  2. All mission critical systems
  3. Financial and operational assessments
  4. Alternate communications between customers and your firm
  5. Alternate communications between your firm and its employees
  6. Alternate physical location of employees
  7. Critical business constituents, banks and counter-party impact
  8. Regulatory reporting
  9. Communications with regulators
  10. How your firm will assure customers’ prompt access to their funds and securities in the event that you firm is unable to continue its business

The NASAA proposal is now open for public comment until October 1, 2014. RIA Compliance Consultants encourages you to read the proposed rule and to consider its safeguards. Additionally, RIA Compliance Consultants offers template Disaster and Continuity plans and can help your firm draft its own specific recovery plan.

Posted by Bryan Hill
Labels: Business Continuity Plan, Succession Plan, Written Policies and Procedures