When unexpected disruptions strike your financial services firm, the absence of a robust continuity plan doesn't just threaten operations—it exposes you to serious fiduciary liability and regulatory consequences.
Most independent advisors think of continuity planning as a 'good business practice.' Something to get to eventually. Something driven by age, health, or succession timing. The reality is much more direct: having a real continuity plan in place is part of your fiduciary duty today. Not someday. Not when you are ready to retire. Today.
It is true that the SEC does not have a final rule that explicitly says every investment adviser must have a signed continuity or succession agreement with another firm. But stopping there misses the point. Under existing regulation, continuity planning is already a regulatory expectation.
Rule 206(4)-7, the Compliance Program Rule, requires RIAs to adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act. Over time, the SEC has made it clear that this includes business continuity planning. That means planning for what happens if the firm is disrupted by death or permanent disability of the owner, loss of key personnel, cyber incidents or data loss, or natural disasters and operational shutdowns.
For small and founder-led RIAs, those risks are inseparable from the owner. Your fiduciary obligation to act in the best interest of your clients does not pause when you are incapacitated. It extends to ensuring that someone is prepared to protect those clients if you cannot. This is not theoretical. It is a legal and ethical responsibility embedded in your duty of care.
In 2016, the SEC went a step further and proposed Rule 206(4)-4, which would have required RIAs to adopt formal business continuity and transition plans. That rule was never finalized. But it matters anyway. Why? Because the proposal spelled out exactly what the SEC believes firms should already be doing to meet their fiduciary obligation to clients.
Among other things, the SEC expected firms to address how client data is protected, backed up, and recovered; how clients, employees, and regulators will be notified during disruption; which third-party providers are critical to operations; and how client accounts would transition if the owner is no longer able to operate the firm.
For solo and small RIAs, that last point is the heart of the issue. If you are hit by a bus tomorrow, who is legally and operationally prepared to step in and protect your clients? If the honest answer is 'no one,' that is a fiduciary gap.
The SEC has been clear, even without a single rule. Regulators expect you to have a framework that addresses both temporary disruptions and permanent transitions. They expect documentation, clarity, and actionable steps. They expect you to think beyond yourself and consider the real-world impact on the clients who depend on you.
Many advisors believe they are covered because they have a written BCP sitting in a compliance binder. Often, that plan focuses on technology recovery, remote access, or temporary disruptions. What it does not do is solve the hardest problem: who actually takes responsibility for your clients if you cannot?
The cost of unpreparedness is not just operational. It is reputational, legal, and financial. When a firm cannot execute on its continuity plan, clients are left in limbo. Accounts go unmanaged. Questions go unanswered. Trust erodes. In some cases, regulatory action follows. In others, families are forced to navigate complex legal processes to gain access to their own financial information.
Consider the real-world scenario: a solo advisor suffers a sudden medical emergency. There is no designated successor. No one has access to the CRM. No one knows which clients have upcoming distributions or tax deadlines. The advisor's family does not know who to call. Clients start reaching out to custodians, compliance consultants, and attorneys. What should have been a seamless transition becomes a crisis.
This is not a hypothetical edge case. It happens regularly. And when it does, the damage extends far beyond the immediate disruption. It affects client outcomes, firm value, and the advisor's legacy. A generic BCP is not enough. You need a plan that answers the questions regulators and clients care about: Who has the authority to manage accounts immediately? Who communicates with clients in plain language? Who understands the investment philosophy and client relationships? How is value determined and paid if a transition becomes permanent?
A true continuity plan is not a document. It is a relationship. It is a legal agreement with another advisor or firm who is prepared to step in and serve your clients if you cannot. It is a documented understanding of how your practice operates, who your clients are, and what they need.
Start by identifying a continuity partner. This should be someone who shares your investment philosophy, understands your client base, and is willing to take on fiduciary responsibility in the event of your incapacity or death. Formalize that relationship with a written agreement that specifies roles, responsibilities, compensation, and timelines.
Next, document your operations. Create a playbook that includes client contact information, account details, service models, billing arrangements, and key vendor relationships. Make sure your continuity partner has access to this information and understands how to use it. Test the plan regularly to ensure it works in practice, not just on paper.
Address the financial side. How will your continuity partner be compensated for stepping in? How will value be determined if the transition becomes permanent? These are not easy conversations, but they are necessary. Without clear financial terms, even the best continuity agreement can fall apart when it matters most.
Finally, communicate the plan to your clients. Let them know you have taken steps to protect them. Introduce them to your continuity partner if appropriate. This transparency builds trust and reinforces your commitment to acting in their best interest, even in the worst-case scenario.
Having a continuity plan is not a one-time task. It is an ongoing fiduciary commitment. Your practice evolves. Your clients change. Your technology and vendor relationships shift. Your continuity plan must evolve with them.
Test your plan at least annually. Walk through the steps with your continuity partner. Verify that access credentials are current. Confirm that contact information is accurate. Simulate a disruption scenario and identify gaps. This is not about checking a compliance box. It is about ensuring that your plan will actually work when it is needed.
Update your documentation regularly. When you onboard a new client, add them to your continuity playbook. When you change custodians or service providers, update your vendor list. When your business model shifts, revise your operational procedures. A continuity plan that is outdated is nearly as dangerous as having no plan at all.
Review your continuity agreement with legal and compliance counsel. Make sure it complies with current regulations and reflects best practices. Ensure that your continuity partner is still willing and able to fulfill their role. Life circumstances change. A partner who was available five years ago may no longer be in a position to step in today.
Continuity planning is not optional. It is not something to get to eventually. It is a fiduciary obligation that exists today, grounded in regulatory expectations and your duty to act in the best interest of your clients. The question is not whether you need a plan. The question is whether the plan you have will actually protect your clients when it matters most.