IA Compliance: The Full 360° View Midwest
June 25 | Chicago, IL

Commitment to Compliance
September 17 | Philadelphia
Conquering Current Compliance Challenges
July 11, 2018 | 2:00 - 2:30 PM EST

Compliance Best Practices for Busy IA CCOs
July 17, 2018 | 2:00 - 3:00 PM EST

Conquering Current Compliance Challenges
Recorded: June 20, 2018 
The SEC Examinations Priorities Handbook
Includes: 28 Best Practices, 20 Document Request Letters and 6 OCIE Risk Alerts

Cybersecurity Strategies to Ensure SEC Compliance, 2nd Edition
Includes: 24 Best Practices, 16 Tools, 4 Risk Alerts and IM Guidance

Your Complete Guide to the New Form ADV
Includes: 20 Best Practices, 6 Peer-tested Tools and a 60-minute Webinar 

The compliance program rule (Investment Advisers Act rule 206(4)-7) requires that all SEC-registered investment advisers adopt and implement written policies and procedures reasonably designed to prevent the adviser or its registered personnel from violating the Advisers Act.  At a minimum, the P&Ps have to address 10 specific items, including business continuity plans.
The SEC notes that firms’ P&Ps must address BCPs because an adviser’s fiduciary obligation to its clients includes taking steps to protect the clients’ interests from risks resulting from the adviser’s inability to provide advisory services after, for example, a natural disaster.  Under Advisers Act rule 204-2, advisers have responsibilities to maintain books and records, including a requirement to maintain electronic storage media “so as to reasonably safeguard them from loss, alteration or destruction.”

In 2016, the SEC proposed a new Advisers Act rule that would mandate that firms have written BCP and transition plans. You can find a link to that proposal at the bottom of this page.

Recommended considerations

The SEC has stated that firms should consider the possibility of widespread lack of telecommunications, transportation, electricity, office space, fuel and water in their BCPs.  The Commission further recommends that consideration be given to multiple, redundant services and the proximity of vendors to the potential disaster area.  Additional consideration areas:  alternative locations, vendor relationships, telecommunications services and technology, communication plans and regulatory and compliance.
The SEC recommends firms consider conducting full BCP tests and participating in industry testing, at least annually, but more frequently if changes are made.  Annual training and the requirement that employees sign off that they had received their firm’s BCP are also best practices.

Still have questions? Click here to share your questions with our editors.