Case study · Management consultancy · AI & Data Science
Fund BCP Implementation Framework
Under the Private Fund Investment Advisers Registration Act of 2010, fund managers at scale must implement a business continuity plan as part of their SEC compliance programme. This framework covers the regulatory requirements, key concerns, implementation approach, and benefits of a well-structured BCP.

Registration threshold A
$100M AUM
Managing a fund and separate accounts
Registration threshold B
$150M AUM
Managing a fund only
SEC Rule 206(4)-7
Investment Advisers Act
Dodd-Frank
Registration requirement
Annual review
Minimum BCP update requirement
Senior mgmt
Plan approval required

NH
Author
Nour Hamdieh

Read time
5 minute read

Published
23 Jun 2020
Topics
AI and Data Science
Application Development
Cyber Security
Featured
Management Consultancy

Executive summary
Business continuity is not optional — it is a compliance requirement.
Recent provisions promulgated by the Private Fund Investment Advisers Registration Act of 2010 — a section of the Dodd-Frank legislation — require managers to register with the SEC and implement a suitable compliance programme if they either have $100M of AUM (managing a fund and separate accounts) or $150M of AUM (managing a fund only).
Under SEC Rule 206(4)-7 of the Investment Advisers Act of 1940, those managers must design and manage a business continuity plan as part of the compliance programme. The SEC has stated that an adviser has an obligation to protect its clients’ assets from risks resulting from the adviser being unable to provide advisory services — and the BCP must be “reasonably designed” to enable the adviser to meet client obligations in the event of a natural disaster, emergency, or significant business disruption.

Business environment
A regulatory landscape with growing expectations
Globally, many business recovery standards are developing to meet the needs of international organisations — such as the British Standards Institution’s BS 25999. It is important to assess which standard is appropriate, taking into consideration the nature of the business, international acceptance of BCP practices in your markets, and management’s approach regarding risk management.
Best practice guidance is available from many credible sources. The SEC has co-authored the Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System, and SIFMA, the MFA, and FINRA have published best practice guidelines under Rule 4370 — providing a framework for private fund advisers.

BCP framework — key areas to address
Establishing and maintaining a BCP — procedures for emergency or significant business disruption
Updating requirements — review at least annually and upon any material operational change
Plan approval — designation of senior management registered principal to approve the BCP
Disclosure requirements — written at account opening, posted on website, available on request
Designating emergency contacts — at least one must be senior management and a registered principal
Business constituent, bank, and counterparty relationships identified and analysed for continuity

BCP detail areas — minimum compliance framework
Data back-up and recovery (hard copy and electronic)
All mission critical systems
Financial and operational assessments
Alternate communications between member and customers
Alternate communications between member and employees
Alternate physical location of employees
Regulatory reporting
Communications with regulators
Assurance of customers’ prompt access to funds and securities

Key concerns
Issues to address in a top-down BCP programme
A firm planning a top-down approach to BCP implementation needs to focus on its strategic business priorities and review the relevance of industry guidelines within that context.
Regulatory requirements — SEC guidance may be forthcoming; will FINRA become the model?
Risk management including exposures of vendors and to counterparties
Executive ownership, commitment, and support of the programme
Programme as part of company culture — recognizing it is part of “doing business”
Adequate funding and staffing

Key questions
Nine questions every fund must answer
Before designing the BCP, the firm must honestly assess its own exposures, dependencies, and critical functions across all business lines.
Q1
What business activities are in scope?
Q2
Do you know your exposures?
Q3
Who are your customers and what are their expectations?
Q4
What is your reliance on critical vendors?
Q5
What is your reliance on critical infrastructure, clearing firms, administrators?
Q6
What functions, operations, and products are critical?
Q7
What are the minimal resources required to maintain the business for a selected time period?
Q8
What immediately non-critical functions become critical after a given time period?
Q9
What is the “proximity” risk to your firm — internal and external?

Key terms
Definitions used throughout this framework
Investment Adviser
The “adviser” to a private fund is specifically understood, in the legal sense, to be responsible for compliance to the Investment Adviser Act, as well as to the investment clients they represent.
Mission critical system
Any system necessary to ensure prompt and accurate processing of securities transactions — including order taking, order entry, execution, comparison, allocation, clearance, settlement, maintenance of customer accounts, access to customer accounts, and delivery of funds and securities.
Financial and operational assessment
A set of written procedures that allow a member to identify changes in its operational, financial, and credit risk exposures.
Investment Advisers Act of 1940 (as related to Dodd-Frank)
Requires the registration of anyone in the business of offering investment advice. Promulgates disclosure rules with respect to the adviser’s interests in all transactions, and contains anti-fraud provisions. As updated by the Private Fund Investment Advisers Registration Act of 2010, sets the AUM thresholds triggering SEC compliance programme requirements including BCP.

Approach
A structured approach to BCP implementation
Effective BCP implementation requires executive-level commitment and a clear view of whether the strategy will be driven by application resiliency or business impact analysis — or both. The appropriate resources must be secured before implementation begins.
Step 01
Executive commitment
Obtain executive-level commitment and strategic insight prior to implementation. Without senior ownership, BCP programmes fail to become embedded in firm culture and receive insufficient funding and staffing.
Step 02
Strategy decision
Decide the business and technology mix — whether application resiliency or business impact analysis will drive the strategy — and plan the implementation project accordingly.
Step 03
Essential resources
Secure ad hoc resources required for an effective implementation — legal counsel, compliance assessment, operations project management, and IT project management.

Benefits
What a well-structured BCP delivers across the firm
A robust BCP is not just a compliance requirement — it is a business asset that reduces operational risk, supports client transparency, and frees the firm to respond to disruption with confidence rather than improvisation.
📊
Portfolio management & trading
Codification of clearly defined backup processes and reduced business risk — traders and portfolio managers operate with confidence that continuity procedures are in place and tested.
Risk & compliance
Recovery platform designed to mitigate key risks and provide an up-to-date regulatory mechanism for regulatory inquiries — reducing exposure to enforcement action during and after a disruption.
🤝
Client services
Up-to-date risk management and client reporting transparency for client inquiries and new business requests — demonstrating institutional-grade operational resilience to investors and prospects.
🖥
Operations & IT
Codification of clearly defined backup processes and reduced operational risk — IT and operations teams have documented, tested procedures rather than improvised responses during disruption events.

Citations
1. Mallon, Bart. “Business Continuity Plans (Disaster Recovery Plans) | Investment Adviser Registration.” Retrieved October 18, 2010, from http://www.hedgefundlawblog.com
2. Amended by SR-FINRA-2009-036, effective December 14, 2009.
3. SIFMA (2008). The Business Continuity Program — Expanded Practices Guidelines. New York: Business Continuity Planning Committee.
4. Securities and Exchange Commission, Division of Investment Management website (www.sec.gov). SME, legal & industry interpretations appended.
5. “Protecting Investors: A Half Century of Investment Company Regulation”, United States Securities and Exchange Commission, Division of Investment Management, May 1992.

Business continuity is not a project. It is a discipline.
OmniVista · Management consultancy · AI & Data Science

Talk to our team →

Building or reviewing your fund’s business continuity programme?
OmniVista provides BCP framework design, compliance assessment, and implementation support for private fund advisers and investment management firms.

Get in touch

Published On: June 23rd, 2020 / Categories: Featured /