The compliance program rule (Investment Advisers Act rule 206(4)-7) requires that all SEC-registered investment advisers adopt and implement written policies and procedures reasonably designed to prevent the adviser or its registered personnel from violating the Advisers Act.  At a minimum, the P&Ps have to address 10 specific items, including business continuity plans.
 
The SEC notes that firms’ P&Ps must address BCPs because an adviser’s fiduciary obligation to its clients includes taking steps to protect the clients’ interests from risks resulting from the adviser’s inability to provide advisory services after, for example, a natural disaster.  Under Advisers Act rule 204-2, advisers have responsibilities to maintain books and records, including a requirement to maintain electronic storage media “so as to reasonably safeguard them from loss, alteration or destruction.”

In 2016, the SEC proposed a new Advisers Act rule that would mandate that firms have written BCP and transition plans. You can find a link to that proposal at the bottom of this page.

Recommended considerations

The SEC has stated that firms should consider the possibility of widespread lack of telecommunications, transportation, electricity, office space, fuel and water in their BCPs.  The Commission further recommends that consideration be given to multiple, redundant services and the proximity of vendors to the potential disaster area.  Additional consideration areas:  alternative locations, vendor relationships, telecommunications services and technology, communication plans and regulatory and compliance.
 
The SEC recommends firms consider conducting full BCP tests and participating in industry testing, at least annually, but more frequently if changes are made.  Annual training and the requirement that employees sign off that they had received their firm’s BCP are also best practices.