Global Trustee and Fiduciary Services News and Views

Markets and Securities Services |

United States

Proposing Release

Regulatory background

The Proposing Release notes that, although the

SEC previously addressed business continuity

planning when it required advisers to adopt

compliance programmes pursuant to Rule

206(4)-7 under the Advisers Act, the staff of

the SEC has observed a range of practices

with respect to the robustness of advisers’

operational risk management practices and

business continuity plans. In particular, the

Proposing Release states that the “staff has

noted weaknesses in some adviser [business

continuity plans] with respect to consideration

of widespread disruptions, alternate locations,

vendor relationships, telecommunications and

technology, communications plans, and review

and testing.” Furthermore, the Proposing

Release highlights the importance of business

continuity planning for the resiliency of the US

financial system.

both internal and external events and situations,

including technology or systems failures, loss

of key personnel, loss of access to physical

locations and facilities, loss of adviser or client

data, natural disasters, cyberattacks, terrorism

and the loss of a service provider. The Proposing

Release further states that operational risks can

also arise when an adviser ceases or winds down

its business, merges with another adviser, sells a

portion of its business or commences bankruptcy

proceedings. The Proposing Release provides

examples of recent business continuity situations

and transitions, including Hurricanes Katrina and

Sandy and the 2008 financial crisis.

Proposed Rule 206(4)-4 would require advisers

to adopt, implement and annually review a

written business continuity and transition plan

containing policies and procedures addressing:

(i) business continuity following a significant

business disruption and (ii) business transition

in the event the adviser is unable to continue

providing investment advisory services to clients.

Business continuity and transition plans

The Proposed Rule would require an adviser’s

business continuity and transition plan to be

based on the risks of the adviser’s operations

and contain policies and procedures designed

to minimise material service disruptions,

including policies and procedures addressing

certain specific components listed in the

Proposed Rule.

Key components enumerated

in the Proposed Rule are listed below, along

with additional detail from the Proposing

Release as to the items and actions the SEC

believes should be addressed with respect to

a particular required component.

• Maintenance of critical operations and systems,

and the protection, backup, and recovery of

data. An adviser’s plan would be required

to identify and prioritise critical functions,

operations and systems (e.g. processing of

portfolio securities transactions, valuation

and maintenance of client accounts, and

delivery of funds and securities). Furthermore,

a plan should consider alternatives and

redundancies to seek to maintain operations

during a business-disruption event and

identify key personnel for short- and long-term

planning purposes. A plan should also address

both hard copy and electronic backups of

data, include an inventory of key documents

with a list of key service providers and address

the risks of cyberattacks.

In the Proposing Release, the SEC states

that, because advisers owe fiduciary

duties of care and loyalty to their clients,

an adviser must seek to protect client

interests from being placed at risk as a

result of the adviser’s inability to provide

advisory services.

Further, Section 206(4) of the Advisers Act

authorises the SEC to adopt rules designed to

prevent fraudulent and deceptive conduct, and

the Proposing Release indicates that the SEC

“believe[s] it would be fraudulent and deceptive for

an adviser to hold itself out as providing advisory

services unless it has taken steps to protect clients’

interests from being placed at risk as a result

of the adviser’s inability (whether temporary or

permanent) to provide those services.”

Overview

The Proposing Release states that the Proposed

Rule is “intended to help ensure that an adviser’s

policies and procedures minimise material

service disruptions and any potential client harm

from such disruptions.” Specifically, the SEC is

focused on operational risks “that may impact

the ability of the adviser and its personnel to

continue operations, provide services to clients

and investors, or, in certain circumstances,

transition the management of accounts to another

adviser.” The Proposing Release discusses a

number of operational risks that can arise from