During this time more than ever, registered investment advisors ("RIA") firms are being required to test their business continuity plans ("BCP") to see if they hold up not only for a one or two day disruption but for potentially months on end. In dealing with a global pandemic, advisors need not only address how their advisory business is being disrupted but also by extension how their clients, personnel, and suppliers/vendors are being impacted.
The first step for any RIA firm is to promptly, conduct a high-level assessment of COVID-19’s impact on its business and operations. Specifically, firms need to identify and address any weaknesses or unforeseen issues, any inability to conduct essential operations or operate essential systems, and any inability to monitor third party vendors.
Investment advisers should also be prepared to address regulatory inquiries and examinations related to business continuity planning for pandemics. In particular, RIA firms should be prepared to provide and discuss:
- The firm's business continuity plan and additional compliance and/or information security policies and procedures addressing the continuity of business operations.
- Firm-specific policies, procedures, communications, training, or other materials tailored to address pandemics and the continuity of business operations.
- Whether the firm's business continuity plan has been implemented and any potential unforeseen issues or circumstances that will require the plan to be modified
- Ability of firm personnel to work remotely
- Ability to continue operations if certain key personnel are unable to work
Business Continuity Planning Considerations
Given that the firm may have most if not all personnel working remotely, the RIA should also perform the following:
- Catalog systems that cannot be accessed remotely, if any
- Shutdown non-essential hardware (e.g., computers)
- Lock its physical storage (e.g., file cabinets) and all office access
- Check-in with building management, if applicable, to determine current security at the facility
- Require that firm personnel continue following adverting guidelines for applicable communications
- Ensure electronic cataloging of communication is still taking place
- Continue to document all interactions with clients, regardless of the medium of interaction
- Update their business continuity plan as needed
There are also specific steps to take with respect to personnel. RIAs should alert personnel to the increase likelihood of phishing attempts and client impersonation schemes related to COVID-19. Firms will also need to refer personnel to their existing cybersecurity best practices and ensure that those practices are up to date.
Separately, any personnel that is limited in their ability to work remotely, should immediately inform their supervisor. Limitations include but are not limited to physical incapacity, inadequate hardware, software, or other systems, or the need to provide care giving for children or other persons. The human element is at a premium during times of crisis so it is recommended that RIAs conduct check-ins with advisory personnel no less than weekly, if not much more frequently, regarding work remote conditions.
Finally, vendors are also undoubtedly affected by the COVID-19 pandemic, so RIA firms need to be aware of any detrimental effects to vendor relationships. If appropriate, advisory firms should endeavor to discuss with vendors their business continuity efforts, disaster recovery plans, and better understand the advisory firm's reliance on particular vendors or suppliers.
How RIA in a Box Helps Firms with Business Continuity Planning related to Pandemics
This is the time for RIA firms to ensure they have implemented a robust business continuity plan that is tailored to the COVID-19 pandemic and potential future pandemics. RIA in a Box clients have access to a business continuity plan section which specifically addresses pandemics, epidemics, and outbreaks categorized as following:
- General business operations including client communication considerations
- Remote operations
- Personnel including alternative forms of client meetings
All RIA firms can also access the free RIA in a Box vendor due diligence platform to help review and document critical vendor relationships during this challenging time. Firms can sign up for free here.
RIA in a Box LLC is not a law firm, investment advisory firm, or CPA firm. RIA in a Box LLC does not provide legal advice or opinions to any party or client. You should always consult your relevant regulatory authorities or legal counsel if applicable.