It seems that cyber-attacks, terrorism, and natural disasters have dominated headlines of late. While these can weigh heavy on our minds for a number of reasons, ensuring that you have a comprehensive Disaster Recovery guide in place can ease the burden of an unforeseen business disruption. Having clear policies and procedures in place for different scales of events are now a necessary part of operational risk management.
Disaster recovery has recently gained additional attention from the SEC. The agency proposed a rule in June that would require firms to provide detailed solutions to specific scenarios that will now include natural disasters in addition to system disruptions driven by technical outages or global terrorism. Recent reviews by the agency have informed that existing plans do not provide enough detail to respond to many situations. "Although disparate practices may exist in light of the varying size and complexity of registrants, to effectively mitigate such risks we are proposing to require all SEC-registered investment advisors to have plans that are reasonably designed to address operational and other risks related to a significant disruption in the investment advisor's operations," the rule reads.
The agency introduced a range of circumstances including weather-related emergencies, cyber-attacks, sudden departure or death of key personnel and system malfunctions. Don't be surprised if they adjust the rule to require additional planning to cover uniquely local, target rich areas to have more robust plans in place to allow for a quick response.
Terrorism and geopolitical unrest across regions and markets is putting increasing pressure on asset managers to prove they are capable of continuing operations if a disaster occurs. It is good practice to not only ensure that your plans are up to date with an accurate communication strategy, but ensure that there are adequate backup personnel in place to step in and lead should primary resources not be available. The existing mandate requires firms practice their plans once a year, but with the state of security in the world, a more proactive approach is prudent. Asset managers who are leading the charge will have smaller, targeted practice sessions of disaster recovery plans. Will you and your firm be ready?