If you’re a business owner, you’ve probably received umpteen email blasts telling you that you should have a business continuity and/or succession plan. Most businesses are not legally required to have a plan. But some are, including many financial advisers. This post lays out which financial advisers are required to have a business continuity and/or succession plan, and what those plans are supposed to include.
But first, let’s clarify the difference between continuity plans and succession plans. Although the words tend to be used interchangeably, business continuity (sometimes called contingency) plans primarily address business disruptions such as natural disasters, power outages, cyberattacks, and things of that nature.
Succession plans are addressed more toward changes at the individual level, such as death, disability and retirement. These are sometimes referred to as ownership transition plans, or what I referred to in a previous post as a “hit by a bus plan”.
Because broker-dealers are associated with firms that have custody of the clients’ funds and don’t have the fiduciary duties of investment advisers, FINRA is more concerned with continuity plans (business disruptions) than succession plans. FINRA Rule 4370 specifically requires broker-dealers to have a “Business Continuity Plan”. The elements of the plan must at a minimum address:
(1) data back-up and recovery (hard copy and electronic);
(2) all mission critical systems;
(3) financial and operational assessments;
(4) alternate communications between customers and the member;
(5) alternate communications between the member and its employees;
(6) alternate physical location of employees;
(7) critical business constituent, bank, and counter-party impact;
(8) regulatory reporting;
(9) communications with regulators; and
(10) how the member will assure customers’ prompt access to their funds and securities in the event that the member determines that it is unable to continue its business.
The full text of FINRA Rule 4370 is available here. Fortunately, FINRA even goes so far as to provide you with a sample continuity plan template, which you can download here. Of course their sample is highly generic and needs and needs to be customized to match your business.
As far as succession planning (death, disability, retirement), FINRA doesn’t affirmatively require a plan. However, FINRA Notice 22-23 encourages the use of succession plans to address these possible events. It doesn’t contain a template, but there’s a good bullet point list of things to consider.
Unlike FINRA and broker-dealers, the SEC does not specifically require SEC registered RIAs to adopt business continuity plans. However, the SEC has stated its opinion that business continuity and transition plans are mandated by RIAs’ fiduciary duties and existing requirements to adopt “written policies and procedures” to prevent violations of those duties. But because such plans are not specifically required in any SEC rule, the SEC has proposed new Rule 206‑4(4) that would affirmatively require SEC-registered adviser firms to adopt business continuity and transition (e.g. succession) plans. Although the new rule has not been formally adopted, it would be best practice for RIAs to adopt such plans now, to fulfill their fiduciary obligations to their clients and make sure they are in compliance with proposed Rule 206-4(4) when it goes into effect.
New Rule 206(4)(4) is proposed in SEC Release IA-4439, which is available here. In addition to requiring a business continuity plan to safeguard against business disruptions similar to FINRA Rule 4370, the SEC goes a step further and requires the plan to include policies and procedures concerning “business transition in the event the investment adviser is unable to continue providing investment advisory services to clients” (i.e. a succession plan).
The SEC defines a business continuity and transition plan to mean “policies and procedures reasonably designed to address operational and other risks related to a significant disruption in the investment adviser’s operations, including policies and procedures concerning: (i) business continuity after a significant business disruption; and (ii) business transition in the event the investment adviser is unable to continue providing investment advisory services to clients. The release makes it clear that business transition includes events such as death, disability and retirement.
According to the SEC, business continuity and transition plans must address the following issues:
(1) maintenance of critical operations and systems, and the protection, backup, and recovery of data, including client records;
(2) pre-arranged alternate physical location(s) of the adviser’s office(s) and/or employees;
(3) communications with clients, employees, service providers, and regulators;
(4) identification and assessment of third-party services critical to the operation of the adviser; and
(5) plan of transition that accounts for the possible winding down of the investment adviser’s business or the transition of the investment adviser’s business to others in the event the investment adviser is unable to continue providing investment advisory services, that includes the following:
(a) policies and procedures intended to safeguard, transfer, and/or distribute client assets during transition;
(b) policies and procedures facilitating the prompt generation of any client-specific information necessary to transition each client account;
(c) information regarding the corporate governance structure of the adviser;
(d) identification of any material financial resources available to the adviser; and
(e) an assessment of the applicable law and contractual obligations governing the adviser and its clients, including pooled investment vehicles, implicated by the adviser’s transition.
Unfortunately, the SEC doesn’t provide a template like FINRA does, but the FINRA template can be a good starting point for RIAs, at least to address the business continuity components required by the SEC (potential business disruptions). You will have to develop the transition/succession part of it yourself. FINRA Notice 22-23 (mentioned above) and the NASAA model rule (see next paragraph) lay out some excellent guidance for fleshing out such plans, and a good attorney can help as well.
Although state-registered IAs won’t be subject to the new SEC rule when it goes final, you should be aware that the North American Securities Administrator Association has recommended that state securities law agencies require state-registered IAs to “establish, maintain, and enforce written policies and procedures relating to a business continuity and succession plan” (this appears in the NASAA Model Rule for Investment Adviser Written Policies and Procedures adopted in 2020). Although the State of California has not officially required state-registered IAs to adopt such plans, IAs are required to attest in their applications that they have such a plan in place. Even if you are SEC registered, the NASAA Model Rule contains excellent information to guide you in developing your plan to comply with the SEC’s requirements.
Feel free to contact me if you have any questions or would like my assistance in developing a customized plan for your firm.
This post is not intended and should not be relied upon as legal or tax advice pertaining to any specific matter. You are encouraged to seek competent legal and tax counsel before proceeding with any transaction involving any of the matters discussed above.