SEC Examination Focus: Four Considerations for Vendor Relationships Within Your Business Continuity Plans (BCP)

Dedicated to investor protection and still fully operational nationwide, the SEC’s Office of Compliance Inspections Examinations (“OCIE”) announced that examinations will continue via online and virtual correspondence, in their most recent updated announcement on March 23, 2020. OCIE staff (“Staff”) recognizes that numerous firms have moved toward remote work to address health concerns regarding the COVID-19 outbreak and understand the importance of minimizing disruption during the remote-working and examination process.

Although remote, Staff is working with registrants to ensure all understand the importance of Staff concern and requests with limited “essential” personnel and remote communication. Examinations are focusing on areas of current investor concern – in particular, Business Continuity Plans and third-party vendor relationships.

Below are four considerations firms should focus on when reviewing their own BCPs or Pandemic Continuity of Operations Plan to ensure their efforts address the resiliency practices of its key third-party vendors, service providers, and business partners (also known as “vendors”). Firms need to also inquire and respond if their vendors are operating during the COVID-19 outbreak. Some key questions for firms to consider among their vendor relationships are:

  1. What business continuity program activities have your vendors implemented, such as regularly reviewing, testing and updating their BCP?
  2. What steps or plans do vendors have in place for disaster recovery for their systems, such as identifying the locations where data is backed up and recovery time objectives?
  3. What does your vendor’s business continuity procedures entail, such as comprehensive continuity strategies and procedures with all their vendors?
  4. What communication and alert practices are in place and how effective are the internal and external communication plans, communication with their vendors and clients/customers?

Although your firm’s BCP may be comprehensive, ensuring those of your third-party partners and vendors are also important, as this area is of high-interest for OCIE staff and your clients.

Understanding this is a focus area, how would your firm fare? Keep in mind it’s far easier to probe these questions now and execute proper due diligence upon engagement, rather than not having a response in the current market. Jacko Law Group, PC assists firms and individuals drafting comprehensive BCPs and assists firms prepare for SEC Regulatory Examinations.  For more information, contact our team of attorneys today. 

Leave a Reply

Your email address will not be published. Required fields are marked *