Submitted by: Scott Nelson, CFA, CFP® - Professional Issues Committee Director
Last week my office experienced an internet outage. For over an hour, we were without access to our CRM or portfolio management system, not to mention email or the ability to shop the World Wide Web. While I had more than enough to do offline, it got me thinking about the state of our disaster recovery plan in the ever changing internet age. With an ever increasing amount of the typical advisor’s business services being offered via the internet, have you thought lately about how that affects your business continuity plan?
The NASAA has thought about it and in April 2015 issued Model Rule 203(a)-1A requiring state regulated RIAs to adopt a“Business Continuity and Succession Plan”. This Model Rule effectively makes it the fiduciary duty of advisor to develop plans to minimize service disruptions and the resulting client harm from those disruptions. While the SEC has previously stressed business continuity plans, it is considering a similar rule for larger RIAs to provide additional guidance on what such a plan should involve.
Model Rule 203(a)-1A prescribes that a Business Continuity and Succession Plan provide for the following:
- The protection, backup, and recovery of books and records.
- Alternate means of communications with customers, key personnel, employees, vendors, service providers and regulators.
- Office relocation in the event of temporary or permanent loss of principal place of business.
- Methods for minimizing service disruptions and client harm.
The Model Rule also requires creation of a succession plan for the loss of key personnel. Items to consider when developing a business continuity plan include:
- Indicating who will be undertaking the duties of key persons in the event their death or unavailability.
- How does the death of an advisor affect investment advisory agreements?
- What will happen in the event of the loss of the manager of discretionary accounts?
- Who is responsible for dealing with creditors and vendors?
- How will the ownership and registration status of the business be affected by the death or unavailability of a key person.
It is a lot to think about. One resource I found for getting the basics down was a template for Business Continuity and Disaster Preparedness Plan created by the US government found at www.ready.gov. While this template doesn’t cover issues specific to financial advisors, it can be a useful first step.
Perhaps you created a plan when you started your firm but have you looked at it recently? Have the key personnel changed? Have your client communication channels changed?Have your vendors changed? What is your insurance for such disruption? The key to any plan is that it be relevant when needed. Ensuring that it is relevant may include testing it to see if the process works as intended. Better to find the gaps in your plan when the things are running smoothly rather when all hell is breaking loose.
While we in Minnesota, don’t have to worry about earthquakes or hurricanes causing business disruptions there are a host of events (fire, utility outage, hacker attack) that could happen anywhere. Perhaps, you did not realize it, but it is your fiduciary duty to your clients to be prepared to respond to catastrophic events in a manner that keeps your business operating and their best interests served.