It’s Time to Revisit Business Continuity Planning: What Works and What Does Not Work

September 25, 2013

The Securities and Exchange Commission (SEC) and other U.S. financial regulators (collectively, Regulators) recently issued important guidance related to the need for industry participants to maintain business continuity and disaster recovery plans (BCPs). First, the SEC’s Office of Compliance Inspections and Examinations (OCIE) published a National Exam Risk Alert (Risk Alert) prepared by the staff and directed to U.S.-registered advisers. Hurricane Sandy prompted the SEC’s National Exam Program (NEP) to review the BCPs of about 40 advisers. The NEP assessed the impact of Hurricane Sandy on processing securities transactions (e.g., order taking, order entry, execution, allocation, clearance and settlement) as well as delivery of funds and securities, client relations, financial and regulatory obligations and technology, among other topics. In addition, the SEC, the Commodity Futures Trading Commission (CFTC) and the Financial Industry Regulatory Authority (FINRA) jointly issued (Joint Publication) best practices and lessons learned guidance concerning business continuity planning that is more broadly applicable. The core message of the Risk Alert and the Joint Publication is that BCPs should be the result of careful and comprehensive planning, thorough preparation, strategic redundancy and geographic diversity applied to critical supply chain providers, good internal and external communications and testing.

Read "It’s Time to Revisit Business Continuity Planning: What Works and What Does Not Work."