ACTION REQUESTED
[15794]
March 21, 2003
TO: OPERATIONS COMMITTEE No. 6-03
SEC RULES COMMITTEE No. 26-03
SMALL FUNDS COMMITTEE No. 9-03
RE: SEC REQUEST FOR COMMENT ON REVISED NASD BUSINESS CONTINUITY PLAN
RULE PROPOSAL
The Securities and Exchange Commission has published for comment a notice of
proposed amendments to a rule proposal issued by the National Association of Securities
Dealers, Inc. related to business continuity plans and emergency contact information.1 The
Release is attached, and it is summarized below.
Comments on the proposal are due on March 31, 2003. If you have comments that you
would like the Institute to consider in a possible comment letter, please provide them to
Barry Simmons or Frances Stadler by Tuesday, March 25, 2003. Barry Simmons may be reached
by phone at (202) 326-5923, by fax at (202) 326-5827, or by email at bsimmons@ici.org. Frances
Stadler may be reached by phone at (202) 326-5822, by fax at (202) 326-5822, or by email at
frances@ici.org.
Proposed NASD Rule 3510
Proposed NASD Rule 3510 would require each NASD member firm to create and
maintain a written business continuity plan that identifies procedures to be followed in the
event of an emergency or significant business interruption. To clarify the scope of the rule’s
requirements, the NASD’s proposed amendments would make clear that each such plan should
“be reasonably designed to enable the member to continue its business in the event of future
significant business disruptions.”
1 SEC Release No. 34-47441 (March 4, 2003); 68 Fed. Reg. 11432 (March 10, 2003) (“Release”). As we previously
informed you, the NASD issued a rule proposal last year to require all NASD members, including mutual fund
principal underwriters, to create and maintain business continuity plans (proposed NASD Rule 3510) and supply
NASD with emergency contact information (proposed NASD Rule 3520). See Institute Memorandum No. 14670,
dated April 25, 2002. The Institute submitted a comment letter on the NASD’s proposal. See Institute Memorandum
No. 14724, dated May 15, 2002. The SEC subsequently published a revised version of the NASD’s proposed rule for
comment, and the Institute submitted another comment letter at that time. See Institute Memorandum No. 15218,
dated October 3, 2003.
2
Although the NASD has proposed to allow each member firm to tailor its business
continuity plan to suit its size, business, structure, and operations, the proposed rule provides
that each such plan, at a minimum, must address eight areas.2 In light of concerns expressed by
the Institute that several of the required items are not applicable to mutual fund underwriters,
the NASD has modified the text of the proposed rule to require inclusion of the items “to the
extent applicable.” However, although the firm may exclude the category from its plan, the
proposed amendments would require the member firm to provide an explanation for the
exclusion.
The NASD’s amendments to proposed Rule 3510 also would expand the annual review
requirement. Previously, the NASD had proposed to require member firms to conduct a yearly
review of their plan to determine whether any modifications are needed in light of any changes
to the member’s operations, structure, business, or location. The proposed modifications would
require firms to conduct a review of their plan both annually and in the event of any material
change to the member’s operations, structure, business or location.
Regarding member firms that are part of a fund complex or larger financial services
organization, the NASD has taken the position, consistent with the Institute’s view, that a
subsidiary member firm may satisfy its obligations under the proposed rule by participating in
a corporate-wide business continuity plan of its parent corporation that addresses its subsidiary
member firm, regardless of whether the parent corporation is a member or nonmember firm.
However, the proposed rule would require the parent’s business continuity plan to comply
with the proposed rule and address all requirements under the rule (including NASD rules on
recordkeeping and supervision), and grant NASD access to its business continuity plan upon
request.3
Proposed NASD Rule 3520
Proposed NASD Rule 3520 would require member firms to maintain and provide the
NASD with emergency contact information and update any information in the event of a
material change, but at a minimum review the information twice a year to ensure its accuracy.
The NASD’s proposed amendment would revise the rule proposal to eliminate the semi-annual
update requirement and instead require members to promptly update any changes to their
emergency contact information. To be consistent with other contact information required by the
NASD and periodic updates required by the NYSE, the NASD will issue future guidance on a
periodic update requirement.
Barry E. Simmons
Associate Counsel
Attachment (in .pdf format)
2 These areas include: (1) data back-up and recovery; (2) all mission critical systems; (3) financial and operational
assessments; (4) alternate communications between customers and the firm; (5) alternate communications between
the firm and its employees; (6) business constituent, bank and counter-party impact; (7) regulatory reporting; and
(8) communications with regulators.
3 Although in its most recent comment letter on the proposal, the Institute expressed concern that imposing this
requirement on non-member firms would be inappropriate and unnecessary, the NASD explained that a member
firm’s participation in its parent company’s business continuity plan is “merely an alternative, and is intended to give
firms greater flexibility in complying with the proposed rule.”