“SEC Updates its Focus on Business Continuity and Transition Plans”

The Securities and Exchange Commission (the “SEC”) recently provided insight into its current thinking regarding business continuity and transition plans (“BCPs”) and the management of both internal and outsourced technology infrastructure.
Although the SEC’s recent releases are addressed to investment advisers and funds, they reflect the SEC’s continued recognition that the maintenance and protection of technology infrastructure, including planning for potential cyber-attacks, should be a primary area of focus for financial institutions in general.  Moreover, the SEC has identified certain “notable practices” that were distilled from recent industry outreach, which provide guidance on dealing with third party service providers in connection with BCPs—an industry-wide issue.