On June 28, 2016, the SEC proposed a new rule applicable to private equity funds that are Registered Investment Advisors. The proposed rule would require these private equity funds to adopt and implement written business continuity and transition plans. The full text of the rule proposal is available at https://www.sec.gov/rules/proposed/2016/ia-4439.pdf.
The purpose of the rule is to ensure that private equity funds are addressing operational and other risks that could result from a significant disruption in their operations or in the operations of their key vendors. In so doing, the SEC is seeking to protect fund investors from being placed at risk as a result of the fund’s inability to provide advisory services.
A fund’s ability to service its investors may be compromised by many events, including, but not limited to, natural disasters, acts of terrorism, cyber-attacks, equipment or system failures, or unexpected loss of a service provider, facilities, or key personnel. While noting that many registered investment advisors have established plans and protocols in place to deal with risks to operational continuity, the SEC observed that such preparedness is not universal.
The rule proposed by the SEC would require funds who are registered investment advisors to adopt and implement a plan which includes policies and procedures that address the following:
- maintenance of critical operations and systems, and the protection, backup, and recovery of data;
- pre-arranged alternate physical location(s) of the fund’s offices and/or employees;
- communications with clients, employees, service providers, and regulators;
- identification and assessment of third-party services critical to the operation of the fund; and
- plan of transition that accounts for the possible winding down of the fund’s business or the transition of the fund’s business to others in the event the fund is unable to continue providing its services.
The comment period will be 60 days after publication of the rule in the Federal Register.
Funds should consider evaluating their existing disaster recovery plans for compliance with this new rule, making necessary updates and implementing a procedure to conduct audits of the recovery plans of key vendors.