Wednesday, September 28, 2016

NASAA requests clarifications to SEC’s continuity plan proposal

By Amy Leisinger, J.D.

In comments to the SEC, NASAA offered support for the Commission’s proposal to require registered investment advisers to adopt and implement written business continuity and transition plans. According to the organization, proposed Rule 206(4)-4 is substantially similar to NASAA’s model rule on continuity planning. However, NASAA asked the SEC to clarify how the proposed rule relates to existing record-preservation duties and to what extent each plan would need to address an adviser’s specific safeguarding duties under Regulation S-P.

SEC proposal. In June 2016, the SEC issued a proposed rule that would require SEC-registered investment advisers to adopt and implement written business continuity and transition plans designed to address risks related to a significant disruption in the investment adviser’s operations, including, among other things, cyberattacks and technology failures. An adviser’s plan would need to be based upon the particular risks associated with its operations and include policies and procedures addressing: mainte­nance of systems and protection of data; prearranged alternative physical locations; communication plans; review of third-party service providers; and a plan of transition in the event the adviser is winding down or is unable to continue providing advisory services.

NASAA praise, critiques. NASAA noted the importance of a new rule to govern business continuity and transition planning that applies to all SEC-registered advisers, particularly in light the failure of many firms to give sufficient attention to the issue in their compliance programs.

This type of planning is not only a sound business practice, but is also crucial to investor protection, it stated. Moreover, NASAA explained, the proposal is generally consistent with NASAA’s model rule on continuity and transition planning for state-registered investment advisers with only minor differences in the approach to transitions of key personnel.

NASAA recommended, however, that the SEC clarify whether the proposed rule would create any new duties to preserve records and whether a business continuity and transition plan must address an adviser’s obligations under Regulation S-P’s Safeguards Rule. In addition to general obligations to maintain required books and records under Advisers Act rules, the Safeguards Rule requires SEC-registered advisers to adopt written policies and procedures designed to safeguard customer records and information and to properly dispose of consumer report information. Proposed Rule 206(4)-4 states that a plan must provide for protection and backup of client records and for generation of client-specific information necessary to transition an account.

The proposal is not clear as to whether the scope of documents included in a plan is co-extensive with the scope of information required to be preserved under existing rules, and the Commission should take steps to address this ambiguity, NASAA concluded.