NEW YORK (Thomson Reuters Regulatory Intelligence) - Many investment advisers have already taken steps to comply with a 2016 Securities and Exchange Commission rule proposal(here) to enhance adviser written business continuity and transition plans, an industry survey found.
Nearly 26 percent of surveyed firms have changed or are in the process of changing their plans to adapt to the 2016 proposal. This includes firms that have separate plans and those that have a combined business continuity and transition plan, according to the joint survey by the Investment Adviser Association, ACA Compliance Group and OMAM, a global asset management company.
In addition, a relatively high 22 percent of firms do not need to change their plans as they are already in compliance with the proposed rule. Therefore, 48 percent of advisers will be ready for SEC future rules guiding a firm’s business continuity and transition plans.
The survey also highlights the use and components of current business continuity and transition plans as well as firm testing habits. This year's survey(here) was conducted online in the spring of 2017 and collected responses from compliance officers at 599 Securities and Exchange Commission-registered investment advisory firms.
Firms of all sizes responded, with the majority being a mid-sized advisory firm managing $1 to $10 billion. A majority of responding firms reported having 50 or fewer employees.
BUSINESS CONTINUITY/TRANSITION PLAN PROPOSED RULE
Business continuity plans have been widely adopted by SEC-registered advisers in attempt to tackle business disruptions typically caused by natural disasters and system failures, among others. However, the SEC was concerned about the adequacy and inconsistency of the current plans and has opted to implement rule-based requirements.
The proposed rule would require an adviser’s plan to be based upon the particular risks associated with the adviser’s operations and include policies and procedures addressing the maintenance of systems and protection of data, pre-arranged alternative physical locations, the communication with employees and clients, review of third-party service providers and a plan to account for business transitions. The plan must also be subject to an annual review and maintain certain plan records.
Of the proposed elements, the requirement for an adviser to have a plan when a firm is exiting the market or unable to continue providing services, including death of a single principal firm, merger with another adviser or the sale of its business, could present the biggest compliance challenge for firms, especially small-to-midsize.
When planning for a transition, the SEC urged advisers to address it in both normal and stressed market conditions. Policies and procedures should address how the adviser intends to safeguard, transfer and/or distribute client assets in the event of a transition, considering the unique attributes of each type of the adviser’s clients and how the adviser plans to transfer accurate client information to other advisers or their service providers.
A final rule has yet to be released.
PLANS
Firms that have not moved to comply with the new rule will wait to make any changes to their existing plans until the SEC adopts the proposed plan requirements. For nearly 22 percent of firms , the changes will have to be significant if the rule is adopted as proposed.
A vast majority of firms surveyed have a written plan in place. Of that majority, 81 percent have a stand-alone business continuity plan and only 13 percent have a stand-alone transition plan. Nearly 15 percent have a combined plan.
Most of the firms that have a written plan addressing facility-wide outages such as electrical failures or fire, the temporary interruption of discrete services such as internet or data feeds, and natural disasters.
Also common in many written plans are the identification of critical third-party service providers, responses to cyber attacks, terrorist attacks and succession.
Even though succession and transition were addressed by many firms surveyed, these topics are likely to take a more prominent position if the proposed rule is finalized.
TESTING
A majority of firms are performing a complete test annually of their business continuity and transition plans. However, more than 26 percent only complete a partial test each year. That strategy would most likely put a firm at regulatory risk if the proposed rule is finalized, as the proposal requires a firm to review at least annually and retain records of the review.
When testing, firms concentrate on the ability to recover data, access to back-up records, communications with employees and the testing of contact information for employees, clients, business partners and service providers.
Lastly, nearly 63 percent of advisers test the business continuity readiness of services providers by reviewing a summary of the third-parties business continuity plan. In addition, a majority also use due diligence questionnaires.
(Jason Wallace is a senior editor for Thomson Reuters Regulatory Intelligence. Jason began his career at TD Waterhouse Securities Inc., now TD Ameritrade Inc., where he held key positions in the Trading, Risk Management and Compliance departments for both retail and institutional sides of the firm. Jason joins Thomson Reuters after serving as an associate director for National Regulatory Services, in San Diego, California. Follow Jason on Twitter @Wallace_iabrief. Email Jason at jason.wallace@thomsonreuters.com)