The SEC is Worried About BCP. Should You Be?

With the SEC and FSOC focused on business continuity planning and third-party oversight, the industry must take notice and continue to advance their efforts to enhance their business continuity plans. 

This summer the SEC staff issued guidance and industry best practices on business continuity risks for fund complexes. Though not the genesis of the guidance, perhaps a catalyst was the August 2015 third-party system malfunction at a major service provider that halted the calculation of system-generated NAVs for hundreds of mutual funds and ETFs for five business days.  While business continuity plans (BCP) often require those crafting them to think of the unexpected, a system outage or a third-party vendor breakdown is unfortunately a possibility, particularly with the industry’s reliance on daily data to calculate NAVs.

The SEC’s guidance on business continuity planning for asset managers and fund complexes is in line with the FSOC’s on-going focus on the stability of the asset management industry, which both include a spotlight on third-party oversight.  Both the SEC and FSOC have cited concerns for the industry relating to liquidity, operational oversight, and transition management.  With two major regulators focused on the same themes, the industry must take notice and continue to advance their efforts to enhance their business continuity plans.

Overall the industry has historically dedicated significant resources to its BCP efforts.  Fund complexes must continue to reevaluate the critical functions to their business, including vendors and technology, and assess the appropriateness of their plans through timely due diligence.  The risks to fund complexes and asset managers are relatively homogeneous to the industry and as such, industry working groups have long focused on periodic exchanges of information on challenges, process improvements, and communications prior to and during BCP events.  The SEC’s staff guidance summarizes these efforts and creates an expectation that asset managers and fund complexes should use as a baseline as they build and refine their plans.

The SEC’s guidance suggests considering who performs key business functions and the lessons learned from past business continuity events when developing plans, and highlights the following considerations regarding critical service providers:

  • Evaluate back-up processes and contingency plans
  • Monitor incidents and communications protocols
  • Understand the interrelationship of critical service provider BCPs
  • Contemplating various scenarios

Though the emphasis is on understanding BCPs at critical service providers, it also recommends that fund complexes consider alternatives or redundancies that would address service provider disruption, such as in the case from August 2015.  The industry is largely united and resolute that their existing business continuity plans are sufficient to handle business interruptions.  Through earthquakes, hurricanes, and terror attacks, the fund industry has persevered and remained financially stable, which is inherently the risk that the SEC is looking to mitigate.  However, it is clear that asset managers and the entire mutual fund community must learn from the past and plan for the unexpected as we move forward, perhaps even if it is with a nudge from the SEC.