Last month, we discussed business continuity plans and how important they were to firms. Further, my partner, Josh Horn, and I, recently, conducted a webinar for the NSCP on this very topic.
Now, we know both the SEC and FINRA will be conducting examinations to evaluate securities firms response to the pandemic as well as their BCPs. In particular, the regulators have indicated that they will be focusing on business operations and continuity; firm policies; unforeseen issues and weaknesse in the firm’s policies; the BCP plan and its interplay with various third-parties; and cybersecurity and remote access among other things. Firms should take the opportunity to review their policies and correct any issues that may have arisen since the beginning of the pandemic.
Firms are going to have answer questions from these regulators as well as provide documents and information to ensure that they do not face further regulatory scrutiny. The critical item to keep in mind is that, although firms need to have and implement BCPs, the standard that regulators usually use to evaluate these plans is not perfection, but compliance.
No one could have predicted this pandemic, however, we have all have an obligation to respond in a clear and effective manner. The regulators will be looking to see if firms have followed through on those obligations, and consulting with securities counsel is the best place to start in preparing for these inquiries.