Business Continuity and Succession Planning for RIAs
RIA Business Continuity Plan
Business Continuity and Succession Planning is a relatively hot topic these days that seems to be top of mind for a lot of advisors. Most advisers we bring on as clients know of the requirement (Rule 203(a)-1A and/ or the proposed SEC Rule 206(4)-4) to have a Business Continuity and Succession Plan in place but have not yet created one. This is a big reason why we ask each and every RIA we work with to at least have a basic plan in place to bridge the time gap until a more concrete plan can be developed and implemented. The need for a Business Continuity Plan has become a much talked about item in financial circles. This is mainly due to the aging adviser/client population.
At Aurora Compliance Solutions, we believe it is an investment advisers “Fiduciary” duty and responsibility to their clients to have a Business Continuity and Succession Plan in place that can be acted upon in less than 24 hours. A basic Business Continuity and Succession Plan should contain the following 4 items at a minimum:
Identify key individuals along with their roles and responsibilities. Key personnel should have a backup person identified that has the capability and knowledge to step in and handle their role during a business disruption.
Have and maintain duplicate records that are to be located in an alternative location than the principle place of business.
Maintain a list of all clients, employees, vendors, service providers, custodians and regulators; and at least 2 methods of communication with each.
Alternative office location in the case of temporary or permanent loss of a principal place of business.
All RIAs should review and/or develop a Business Continuity and Succession Plan. Once a plan is created the RIA should then test the plan for operational effectiveness and accuracy at least annually. This will also allow the plan to be adaptable to ongoing business plans. Aurora Compliance Solutions has the experience to help guide advisers through the various areas called upon by the proposed Rule, to include regulatory and compliance assistance, business continuity, transition planning, and cyber security.