The Securities and Exchange Commission proposed a rule in June requiring investment advisors to put in place business continuity and transition plans. But the requirement would be part of a new anti-fraud rule, a move the Investment Adviser Association and SIFMA believe is a mistake. Instead, it should be included in the agency’s Compliance Program Rule, the two groups wrote in comment letters to the SEC.
“Business continuity and transition planning are inherently more operational in nature than conduct typically governed by anti-fraud rules,” the IAA letter said. “We strongly submit that a deficiency in business continuity and transition planning should not be considered per se fraud. Thus, we believe that the adoption of a new anti-fraud rule, as proposed, is unnecessary and in fact could become counterproductive.”
Rather, guidance under the Compliance Program Rule would be more appropriate for governing business continuity and transition plans, the IAA argues. This rule would characterize such deficiencies as a failure of a firm’s compliance program, not fraud.
“There is no such thing as a perfect [business continuity] plan, and imperfections—likely assessed in hindsight—may not reflect fraudulent or deceptive conduct, but rather decisions made in good faith that were rendered inadequate by unforeseen events,” the letter said.
“The SEC has developed a very helpful discipline of providing investment advisors with timely guidance around best practices for successful business continuity planning,” said Timothy Cameron, managing director and head of SIFMA’s Asset Management Group. “We are concerned that the proposed rule would depart from this practice and establish cumbersome and ill-fitting expectations for advisors that could raise the possibility of fraud charges for firms that encounter even temporary interruptions in business operations.”
The SEC proposal details how continuity and transition plans would "minimize material disruptions" to service in the event of natural disasters, cyber attacks, technology failures, the departure of key personnel or other events. Advisors could tailor their plans to fit their operations and risks specific to their particular business models.
The IAA likes that aspect of the proposal, but says in the comment letter that guidance would inherently provide more flexibility.
Under the proposal, advisors would need plans to maintain systems and protect data, arrange alternative work sites, keep up communications and review third-party service providers. They would also need to show how they would handle the transition of winding down or stopping services.
Advisors would have to review their plans at least annually.