Securities Industry Association

March 31, 2003

Jonathan G. Katz
Securities and Exchange Commission
450 Fifth Street, NW
Washington, DC 20549-0609

Re: File No. SR-NASD-2002-108; Business Continuity Plans and Emergency Contact Information

Dear Mr. Katz:

The Securities Industry Association ("SIA")1 and the Bond Market Association ("TBMA")2 (collectively, the "Associations") are pleased to comment on the amendments to the proposal ("Proposal") by the National Association of Securities Dealers, Inc. ("NASD") to adopt Rule 3510 (concerning Business Continuity Plans) and Rule 3520 (concerning Emergency Contact Information).

As indicated in our previous comment letter3, the Associations agree with the NASD that the requirements of a business continuity plan must be tailored to the size and needs of an individual member firm, but that each plan must at a minimum address certain elements of continuity. On this basis, the Associations expressed support for this and a nearly identical proposal of the NYSE.

The Associations applaud the NASD's attempt to respond to concerns raised by commenters. In a few cases, however, the new language raises fresh questions about the intended scope and meaning of the rule. The letter discusses these questions in turn below:

Proposed Rule 3510(a) - Requirement to have a plan.

The original proposal stated that a firm should have a plan identifying procedures to be followed in the event of a significant business disruption. The new language is less instructive and slightly more vague in that it requires procedures relating to such a disruption.

Of greater concern, however, is the new clause requiring procedures to be "reasonably designed to enable the member to continue its business." The discussion makes clear that the NASD's motive is to ensure that firms understand that merely having a plan is not in and of itself the goal of this regulation. Firms agree that the means selected should of course relate to the plan's continuity goals. Nevertheless, firms are concerned that the very broad language of "continue its business" suggests, at a minimum, an expectation for a level of firm functionality that might not be realistic or contemplated by the firm's plan. Interpreted more broadly, the language suggests a general obligation to continue in business. As such, the new language removes the flexibility that the original proposal promised in allowing firms to determine which functions to recover, restore and/or resume under a variety of scenarios. Indeed, from the standpoint of compliance, it is difficult to imagine what criteria a regulator might apply in evaluating whether a member's plan would enable that member to meet an abstract and undefined level of continuity.

The Associations believe that language should be revised to require that the procedures be reasonably designed to enable a member to meet the continuity goals set forth in the member's plan.

Proposed Rule 3510(c)(6) - Plan element "Business constituent, bank, and counterparty impact."

The Associations had previously asked for additional guidance on this element and appreciate the responsiveness of the NASD in providing for elaboration in the Discussion. The additional guidance clarifying the terms "constituencies," "banks" and "counterparties" is helpful. However, member firms believe that the new discussion language requiring members to provide for "alternative actions or arrangements with respect to their contractual relationships" is somewhat confusing and changes the focus and scope of the required plan element.

The Associations understood this plan element to commit the firm to create a process for assessing the impact on constituents, banks, and counterparties in the event of a significant disruption. As such, this plan element is a reasonable requirement. However, requiring the plan to provide for alternative actions or arrangements with respect to all contractual relationships with constituents, banks and counterparties once the results of that assessment are known is not realistic. Moreover, mandating which alternatives must be made is not consistent with the stated goal of the regulation to allow firms to make determinations about a plan's individual requirements.

First, by requiring that alternatives be developed and included in a plan, the proposal imposes a drastically different and larger burden on member firms. Given the vast number and types of contractual relationships with business constituents, banks, and counterparties, providing alternatives may be neither useful (i.e., the bank is a minor lender whose support is not deemed critical to the firm's continuity); nor meaningful (i.e., counterparty is the "800 pound gorilla in a specific market" and cannot be replaced); nor possible (i.e., counterparties include all 60 (approx.) other market makers in the highest volume Nasdaq stock). Second, the new requirement would upset existing contracts, and indeed contract law generally, by imposing on the parties a conditional obligation to undertake an alternative action or arrangement that the parties may not have expressly agreed to in the contract. Third, the new language requiring alternative actions or arrangements presupposes that a firm will perform a duty (i.e., commitment of new capital) when it may have no legal obligation, nor economic incentive for doing so. Fourth, the new language presupposes that all such actions or arrangements are sufficiently critical to even require consideration of alternatives. The fact that the requirement makes no distinctions based on the critical nature of the constituent, bank, or counterparty activity covered by the contract means that many ordinary activities will be given the same status as mission critical system or data back-up in terms of the necessity of alternatives.

The Associations recommend removing the sentence suggesting a requirement to provide for alternatives so as not to confuse the goal of making assessments with the goal of planning alternatives. Alternatively, the discussion language could suggest that, in planning a process for assessing the impact of a disruption to critical constituents, the firm consider possible alternative actions or arrangements in the event such critical constituents are unavailable. This would ensure that the plan element retains its focus on assessment and that the proposal retains its goal of providing firms with the flexibility to develop alternatives as it deems appropriate.

Time Frame for Implementation - The Associations request that the rule proposal indicate the time required for implementation. We would suggest that this time be 360 days from publication of the final rule in the Federal Register. Obviously, the larger the scope of "alternative actions or arrangements" that may be required under Rule 3510(c)(6), the more time it will take firms to complete such planning.

We hope that these comments are helpful. Please feel free to contact Art Trager, Vice-President & Managing Director, Technology & Operations (212-618-0546; with any additional questions you may have concerning these matters.

Very truly yours,

Jerry W. Klawitter
SIA Business Continuity Planning Committee
TBMA Business Continuity Management Council

cc: Robert R. Glauber, Chairman and CEO, NASD
Mary L. Shapiro, President, NASD
Elisse B. Walter, COO and Executive Vice President, NASD
Marc Menschel, General Counsel, NASD
Robert L.D. Colby, Deputy Director, Division of Market Regulation, SEC
Larry Bergmann, Senior Associate Director, Division of Market Regulation, SEC
David Shillman, Counsel to the Director, Division of Market Regulation, SEC
Peter J. Chepucavage, Attorney Fellow, SEC

1 The Securities Industry Association brings together the shared interests of more than 600 securities firms to accomplish common goals. SIA member-firms (including investment banks, broker-dealers, and mutual fund companies) are active in all U.S. and foreign markets and in all phases of corporate and public finance. The U.S. securities industry manages the accounts of nearly 93 million investors directly and indirectly through corporate, thrift, and pension plans. In the year 2001, the industry generated $198 billion in U.S. revenue and $358 billion in global revenues. Securities firms employ approximately 750,000 individuals in the United States. (More information about SIA is available on its home page:
2 The Bond Market Association represents securities firms and banks that underwrite, trade and sell debt securities, both domestically and internationally. More information about the Association is available on its Internet home page at
3 Letter to Margaret McFarland, Deputy Secretary, SEC, from Jerry Klawitter, SIA/BMA Business Continuity Planning Committee, dated September 30, 2002.