It's not a muscle group, but during COVID-19, advisers should be giving their business continuity plans a workout.
You tell your clients to prepare for the future, the unexpected. Have you?
Buried under the mountain of more pressing compliance tasks, it can be easy to overlook the BCP. However, federal and state regulators have agreed that our industry is important enough to warrant mandating advisers to have one in place. It’s particularly clear why that is, as businesses scramble to monitor and react appropriately to COVID-19. If you’re not one of the advisers just implementing your plan and are frantically cobbling one together at the last minute, here are some things to consider.
Today, the disaster is coronavirus. Tomorrow it could be a hurricane. Your BCP can’t guess every scenario that could happen, but it can address protocols for the three main types of interruption durations that impact your business:
Temporary (e.g. internet outage; situations that may disable a core service you need to run your business but doesn’t displace the firm’s employees)
Extended (e.g. natural disasters; situations that may prevent you from utilizing your primary office space)
Permanent (e.g. founder passes away; succession scenarios)
As you craft a workable plan of action for these types of business interruptions, it is also important to:
Identify the key processes that are integral to the business in order to mitigate business continuity risks in the face of an interruption to your firm or at a key third-party service provider that may be utilized for that specific process;
Establish who is in charge of identifying and initiating the BCP protocols;
Develop alternative methods of communicating with employees (and, as necessary, regulators or key service providers)
Provide training to employees
Test the plan on at least an annual basis; and
Consider when and how to notify clients of any impact
Many firms think about their BCP as a plan only for disaster scenarios. But, it’s also a great test of several other compliance program concepts like cybersecurity, vendor due diligence, building out a risk matrix, and succession planning. In addition, having a plan in place goes a long way to easing client concerns in tumultuous situations like these. Advisers may consider stealing a page out of Delta CEO’s book and consider proactively reaching out to clients to reassure them that (i) you’re prepared, (ii) you’ve learned, and (iii) you’re taking action!
Crafting a strong BCP, it isn’t just good business. It’s the law.