While the actual wording of the Securities and Exchange Commission (SEC) proposed regulation of investment adviser business continuity and transition plans is less than two pages, the document released June 28, 2016 is almost 100 pages. It contains a significant number of de facto requirements for registered investment advisers. Several requirements worded in the form of “…advisers should…” are actually contained in footnotes. For example, both footnote 59 and 62 contain SEC requirements. In order for advisers to fully address the SEC requirements, the entire document needs to be read and analyzed line-by-line. We have completed this analysis and can share it with interested parties.
Below is an illustration of the contrast between the official stated text and requirements sprinkled throughout the document relating to the official requirement.
Starting on page 30 and extending into page 31 of the proposed regulation, there are four embedded requirements, highlighted below:
“The proposed rule would require advisers’ business continuity and transition plans to include policies and procedures on the maintenance of critical operations and systems, and the protection, backup, and recovery of data, including client records. With respect to maintaining critical operations/systems, an adviser’s plan generally should identify and prioritize critical functions, operations, and systems and consider alternatives and redundancies to help maintain the continuation of operations in the event of a significant business disruption. When evaluating which operations and systems are critical, advisers generally should consider those that are utilized for prompt and accurate processing of portfolio securities transactions on behalf of clients, including the management, trading, allocation, clearance and settlement of such transactions. Advisers generally should also consider operations and systems that are critical to the valuation and maintenance of client accounts, access to client accounts, and the delivery of funds and securities. This typically will include identification and assessment of third-party services that support certain functions, as activities conducted may involve systems and processes that the adviser controls and others that may be wholly or partially dependent on third-party vendors, which we address below. Advisers generally also should identify which key personnel either provide critical functions to the adviser or support critical operations or systems of the adviser such that the temporary or permanent loss of those individuals would disrupt the adviser’s ability to provide services to its clients.”
Within footnote 73 on the bottom of page 30, there is another embedded requirement:
“Investment advisers should also generally consider in their business continuity planning circumstances in which a service provider (including another investment adviser that provides operations or systems to the adviser) is permanently unable to provide the adviser with critical operations or systems. See, e.g, Financial Conduct Authority, Outsourcing in the Asset Management Industry: Thematic Project Findings Report (Nov. 2013) (FCA Paper), (“Based on our initial assessment of asset managers last year, we concluded that firms in the sample were unprepared for a failure of their service provider.”). The FCA Paper suggested that asset managers should review their own outsourcing arrangements and where appropriate (i) “enhance their contingency plans for the failure of a service provider providing critical activities, taking into account industry-led guiding principles where applicable” and (ii) “assess the effectiveness of their oversight arrangements to oversee critical activities outsourced to a service provider, making sure the required expertise is in place.”
The takeaway? Investment advisers should pay careful attention to the entire document released with the SEC proposed rule change, not just the two-page “official” text.
For more information on regulatory compliance, or to learn how Baker Tilly's financial services specialists can help, contact our team.