The SEC has proposed a new rule that would require all registered investment advisers to adopt and implement written business continuity and transition plans to address business disruptions such as natural disasters, cyber-attacks, technology failures, and the departure of key personnel. Each plan must be tailored to the adviser’s business but every plan must address maintenance of systems and data, alternative physical locations, communication plans, review of service providers, and transition plans. The proposal also requires annual testing and recordkeeping. Although the rule does not specifically apply to registered funds, the Division of Investment Management issued a companion Guidance Update that advises registered funds to consider business continuity plans including due diligence of fund service providers.
OUR TAKE: Most good compliance programs should already include a robust BCP. This rule seems to merely codify guidance and best practices that compli-pros already follow. Nevertheless, firms should review and update their BCPs to address the specifics of the proposal, especially due diligence of service providers.