Securities Industry Association
October 16, 2003
Jonathan G. Katz
Re: File No. SR-NASD-2002-108 and SR-NYSE-2002-35; Business Continuity and Contingency Planning
Dear Mr. Katz:
The Securities Industry Association ("SIA")1 is pleased to comment on the amendments to the proposals ("Proposals") of the New York Stock Exchange ("NYSE") to adopt Rule 446, and the National Association of Securities Dealers ("NASD") to adopt Rules 3510 and 3520, concerning Business Continuity and Contingency Plans.
As we indicated in our previous comment letters2, SIA agrees with the NASD and NYSE that the requirements of a business continuity plan must be tailored to the size and needs of each individual member firm, but that each plan must at a minimum address certain elements of continuity. On this basis, the SIA has expressed support for the nearly identical proposals of the NASD and NYSE. SIA remains concerned that some of plan elements suggest a one-size-fits-all approach to business continuity planning - something that the original proposals sought to avoid. We describe these concerns in more detail below.
We applaud the efforts of the SEC to promote consistency in the area of business continuity planning. The releases reflect a healthy level of coordination between the NYSE and NASD. Nevertheless, some differences in the two releases (discussed in greater detail below) remain. SIA reiterates its commitment to working with the regulators and encourages the NASD and NYSE to meet with representatives of the SIA Business Continuity Planning Steering Committee to ensure a common purpose in addressing these goals.
1. NASD 3510(c)(9)/NYSE 446(c)(10) - New plan element addressing how firm will provide customers with prompt access to their securities and funds.
SIA understands the important customer protection motive for the new provision ensuring that plans address customer access to securities and funds. Nevertheless, there is no discussion in either release about the new provision. Such a discussion might have anticipated questions and concerns regarding how this provision will work with Securities Investor Protection Corporation (SIPC) guidelines that also govern disclosure to customers in the event a customer's firm goes out of business. The customer protection provisions of the SIPC statute are triggered when "a broker or dealer undertakes to liquidate or reduce its business, either pursuant to the direction of a self regulatory organization or voluntarily (emphasis added)."3 Under the SIPC statute, when a brokerage firm fails, SIPC usually asks a federal court to appoint a trustee to liquidate the firm and protect its customers. The SIPC statute also includes provisions for payments to customers and transfer of customer accounts. Given the SIPC statute, and the role of a third party trustee, it is difficult to imagine how a firm could structure its own plan for customer access. In order to avoid exposing the firm to competing compliance requirements if these SRO provisions are approved, SIA respectfully requests the SEC to address the status of SIPC in the context of the proposed rule.
SIA also believes the rules also ought to specify appropriate exceptions for certain types of firms that are not in actual possession of customer funds and securities. For example, an exception could clarify that introducing firms, firms "delivering out" and perhaps other categories of firms are not covered by this rule. Alternatively, the rule could provide a due diligence type obligation for those firms not in actual possession of customer funds and/or securities.
2. NASD Rule 3510(c)(6)/NYSE 446 (c)(7) - Plan element addressing critical counter-parties, constituents.
SIA appreciates the change that the NYSE and NASD made to limit the scope of this provision to "critical" counter-parties. SIA had requested this change in its prior comment letter. Furthermore, SIA appreciates the designation of responsibility to member firms for identifying those relationships deemed critical for purposes of complying with the rule. The NASD filing, however, notes that the NASD might consider enumerating specific relationships that it views as critical to all members based on its experience with the rule following its adoption. SIA would respectfully request the NASD and NYSE to communicate any criteria developed to define such critical relationships at the earliest opportunity. In this way, firms can feel comfortable exercising the responsibility they have been granted for identifying such relationships with the benefit of the latest thinking of the regulators, and without fear that their judgment will be second-guessed.
The actual plan element is described differently in the two releases, evidencing an apparent lack of coordination between the NASD and NYSE. The NASD provision would require a member's plan to address "critical business constituents, banks and counter-parties" while the same NYSE provision would require the plan to address "the impact on critical business constituents, banks, and counter-parties." By omitting "impact" from the element (but referring to "impact" in the discussion of the proposal), it is a little unclear what the NASD rule envisions a firm addressing in this part of its plan. SIA respectfully requests the SEC to exercise its oversight role to ensure uniformity of rule language wherever possible.
3. NASD Rule 3520(a)/NYSE Rule 446(g) - Emergency Contact Information
The Discussion section of the NASD proposal states that the Executive Representative should have authority to make "potentially critical and time-sensitive decisions on behalf of the firm." This phrasing suggests that an individual may be required to commit his firm to a critical decision - i.e., lending as part of a bailout, providing liquidity to make a market - during the course of a telephone conference with regulators. SIA respectfully requests that this language be removed as it has the potential to create a conflict with the governing charter of many member firms. It is rare for the governing charter of a corporation to vest "critical and time sensitive" decision-making power in the hands of one person. At best, many firms will only be able to pledge a prompt response following the corporate charter's prescribed procedure, which may require either a vote or consultation of designated senior officers of directors. The rule should recognize the necessity and legally binding nature of such steps before a firm can commit to a potentially critical and time-sensitive decision.
The requirement to provide notice of a change to a firm's emergency contact information is phrased differently in the two releases. The NYSE requires "prompt notification" of a change in the designation of the emergency contact person. The NASD imposes a strict deadline for these changes and requires the firm to maintain adequate controls and procedures to ensure that only the Executive Representative may review and update emergency contact information. The additional compliance burdens required by the NASD's deadlines, controls and procedures appear excessive in relation to the relatively simple goal of promptly submitting a name change. SIA respectfully requests the SEC to consider harmonizing the different approaches by recommending the more flexible and less burdensome language of the NYSE.
SIA believes the timetable envisioned for implementation of the proposed rules is too aggressive. The recently issued SEC Policy Statement4 on Business Continuity Planning for Trading Markets envisions a deadline of "no later than the end of 2004" for the implementation of plans of SRO Markets and ECN's. SIA believes that deadline is also appropriate for broker-dealer firms. More significantly, SIA believes that implementation dates for all parties involved in the securities markets need to be coordinated in recognition of the interdependencies that exist in these markets. For example, it is unlikely a brokerage firm would be able to fully address such SRO-required elements of a plan as mission critical systems, financial and operational assessments, critical business constituents, or customer access to funds and securities, without knowledge of the plans of market centers and core clearance and settlement organizations.
A logical timetable for the implementation of plans for the various entities is critical if the industry is to avoid expensive and time consuming changes necessitated by developments at an interdependent entity. SIA's Business Continuity Planning effort already provides a forum for all of these interdependent entities to convene for planning purposes. SIA would respectfully suggest that these parties convene for the purpose of deciding upon a logical timetable that can be recommended to the appropriate regulators for purposes of industry-wide rulemaking.
We hope that these comments are helpful. Please feel free to contact Art Trager, Vice-President & Managing Director, Technology & Operations (212-618-0546; firstname.lastname@example.org) with any additional questions you may have concerning these matters or as requested earlier in this letter, to set up a meeting with members of the Business Continuity Planning Steering Committee.
cc: Robert L.D. Colby, Deputy Director, Division of Market Regulation, SEC