Investment dealers have been hit with stringent business continuity guidelines. Member firms of the Investment Dealers Association of Canada will now have to take measures that previously were voluntary. Ironically, the regulations came into effect at the end of July, during a heat wave that caused power outages and data losses in the U.S. and Europe.

The bylaw, labelled 17.16, calls for all IDA members to establish a  procedure for staying in business in the event of a significant power disruption so they can meet their obligations to clients.

The implications of that requirement are far-reaching. Members need a business continuity plan that is adequate and will ensure access by clients to their assets within 48 hours, says Maysar Al-Samadi, the IDA’s vice president of professional standards. The IDA has posted instructions on its Web site.

“The bylaw itself is very brief, but to follow it you have to follow the guidelines,” says Al-Samadi.

The IDA, which also published guidelines last November on what it sees as a certain avian flu pandemic, is interested only in preservation of client assets, says Al-Samadi: “The thing to keep in mind is that the bylaw is for inves-tor protection. We do not demand that members get back into business, into the full swing of things as they were before.”

Guidelines include a business continuity plan adequacy checklist that includes questions such as whether members have completed a business impact analysis, whether they have defined critical business functions that must be recovered in an emergency and whether they have a defined strategy to protect and recover electronic or physical data. Members will be required to have their business continuity plans reviewed by a third-party auditor.

Karen McGuinness, vice president of compliance at the Mutual Fund Dealers Association, says the MFDA is also concerned about business continuity and is drafting a set of guidelines for members.

“We are trying to make it relatively flexible,” she says. “When looking at contingency planning, you can’t look at the whole universe of things. It’s more like a guideline to say, ‘Here are things you should look out for and be thinking about’.”

The MFDA guidelines, scheduled for release in the next two months, are being developed by the policy group, although the MFDA already has some general rules on contingency planning in its compliance division.

“Some of our rules cover bits of contingency planning,” says McGuinness. “We mandate books, records and retention requirements. And, in some cases, that touches on contingency planning requirements. But we don’t have anything as specific as the IDA.”

Business continuity plans would become important in the event of a terrorist attack, for example, or a natural disaster such as a flood, when customer data could be in danger. However, data-recovery experts warn that even apparently benign situations such as a heat wave could endanger customer data.

“We have been in the data recovery business for 20 years, and summer is always our busiest period,” says Jim Reinert, senior director of software and services for data recovery firm Ontrack Data Recovery. “It definitely has a relationship to summer weather and increased electrical storms, and to higher temperatures in general. Hard drives and computers are sensitive to temperature.”

Tim Margeson, general manager of CBL Data Recovery Tech-nologies, warns that power surges from electrical storms can be damaging. “A surge that comes through the group can affect the servers, and the hard drives inside can be damaged,” he says.

Similarly, computers and operating systems that are shut down unexpectedly can corrupt data, rendering it inaccessible when they start up again. IE