Insurer urges organizations to harden business continuity plans, following recent hurricanes
- Published: Monday, 25 September 2017 08:17
In the aftermath of the recent hurricanes, EOforLess is encouraging professionals to strengthen their business continuity plans or to develop one if they have yet to do so.
Being prepared for future storms is just one reason professionals should strengthen their business continuity plans. Another, says EOforLess, is to help them manage three post-disaster business challenges:
- Assuring an ethical response to customers;
- Complying with business continuity related regulations; and
- Avoiding E&O insurance liabilities due to a botched business continuity plan activation.
“Although most advisors focus on the compliance aspects of disaster planning, they should never forget the ethical implications of their actions in a time of crisis,” said Japheth Smellie, chief operating officer of EOforLess, as well as executive director of its sponsor, the National Ethics Association. “This means not only focusing on getting their business back online as quickly as possible, but also on being there for their clients as fellow human beings affected by the same tragedy.”
A related ethical concept is fiduciary duty. Once organizations activate their business continuity plan after a crisis, insurance and securities licensed professionals should adopt a fiduciary mindset toward their clients: i.e., taking appropriate steps to protect their assets and interests. Although they are not legally required to do this as legal fiduciaries (because they aren’t regulated as such), it makes good business sense to adopt a fiduciary-like posture with clients at this time. However, state and federally registered investment advisors are held to a strict fiduciary standard, especially in the aftermath of a natural disaster or other disruption. It’s not only an ethical duty, but also a legal one to exhibit loyalty and prudent care to clients in times of need.
Business continuity compliance
The second business challenge is to comply with all business continuity regulations affecting insurance agents and agencies, securities brokers, and registered investment advisors (RIAs). Reflecting the financial-services industry’s patchwork regulations, the nature of financial professionals’ business continuity plans depend on how they’re licensed, although there are broad similarities across license types.
Federally-supervised RIAs (those with assets under management of $100 million or more) are subject to the US 2004 Investment Advisors Act Rule 206(4)-7. This rule required RIAs to formally adopt written compliance procedures as well as to appoint a chief compliance officer to oversee those procedures, one of which is to develop a BCP in the event of a natural disaster or death of a firm principal or key staffer.
However, in June 2016, the Securities and Exchange Commission proposed a new measure (Rule 206(4)-4). It explicitly requires federal RIAs to have a formal, written business continuity and transition plan to make sure they can deliver on their fiduciary duties during and after a crisis. In fact, the final rule, which is expected in April 2018, will make it illegal to provide investment advice unless a firm has a written business continuity plan that is reviewed at least annually. The SEC may even hold advisors liable for fraud if they operate without one.
State-regulated RIAs (those with assets under management of less than $100 million) must comply with the business continuity rules of their state securities administrator. The North American Securities Administrators Association (NASAA) adopted a model rule on Business Continuity and Success Planning in April 2015, which mandates that advisors provide for the following:
- The protection, backup, and recovery of books and records;
- Alternative means of communications with customers, key personnel, employees, vendors, service providers, and regulators;
- Office relocation in the event of temporary or permanent loss of a principal place of business;
- Reassignment of duties to a qualified staffer in the event of the death or unavailability of key personnel;
- Prevention of service disruptions and client harm that could result from a sudden significant business interruption.
The NASAA model rule is now effective in Colorado, Illinois, Iowa, Nebraska, Pennsylvania, Vermont, and Virginia, with the state of Washington having its own rule. More states are expected to enact the rule over time.
For their part, securities licensed professionals must comply with the Financial Industry Regulatory Authority’s (FINRA) Emergency Preparedness Rule (Rule 4370), which is similar to the SEC rule without the fiduciary overlay. It also requires brokers to provide their business continuity plans to customers at account opening, as well as post it on their website and mail it to customers upon request.
Life, health, and P&C insurance agents, unlike investment advisors and securities brokers, don’t have an SEC or FINRA type national business continuity plan protocol. However, they are subject to state insurance department rules. This does not mean they can skimp on developing a business continuity plan, since their ability to survive a business disruption hinges on the quality of their BCP and their ability to deploy it seamlessly.
Minimize E&O insurance liabilities
The third challenge — the need to minimize E&O insurance liabilities — is especially acute for financial professionals who provide the types of services that would be in high demand during a catastrophe. For example, after a hurricane, P&C agents who have sold local residents homeowner’s insurance will need to be back online quickly to help answer client questions about their coverages and to help them file claims if needed.
Similarly, clients with an emergency need to generate cash through a securities sale may need to speak with their broker or RIA. If that entity is offline for a lengthy period and no other service contact is available, consumers seeking help may become annoyed, at the very least, or suffer a financial loss, which might spark an E&O insurance claim later on. Having a hardened business continuity plan in place will assure that financial professionals will have the ability to receive and act upon client requests in the immediate aftermath of a disaster.
Given these three imperatives — ethical, compliance, and E&O liability —and the mounting threat of extreme weather, what should professionals do to strengthen their existing business continuity plans? EOforLess and the National Ethics Association suggest the following steps:
- Update the BCP’s threat assessment to make sure it takes all relevant risks into account and adjusts potential severity as needed.
- Evaluate the BCP’s chain of command to assure there are no missing communication links, which might leave key staff people uninformed.
- Focus on safety so that the BCP does a good job of keeping client assets, information, and other interests protected.
- Test the BCP regularly so that everyone in the company knows their role and can perform it like clockwork even from an offsite location.