United States: SEC Focuses On Business Continuity And Transition Plans: Implications For Registered Investment Advisers And Funds And Their Critical Service Providers

The Securities and Exchange Commission (the "SEC") recently proposed new Rule 206(4)-4 (the "Proposed Rule") under the Investment Advisers Act of 1940 (the "Advisers Act"), which would require registered investment advisers to adopt and implement business continuity and transition plans ("BCPs").1 At the same time, the SEC's Division of Investment Management issued a Guidance Update discussing certain elements of BCPs that registered investment companies ("funds") should consider adopting under Rule 38a-1 under the Investment Company Act of 1940.2

The Proposed Rule is the most recent installment of the five-part package of reforms outlined by SEC Chair White in late 2014.3 It likely is driven by the SEC's ongoing efforts to address systemic risk concerns that the Financial Stability Oversight Council believes are presented by asset managers.4 The Guidance Update, on the other hand, appears more closely-related to last year's event in which a major service provider experienced software failures that interrupted its ability to act as a pricing agent. It focuses on the need for a fund's BCP to account for dependencies on critical service providers and how the fund would respond to an interruption of services from such providers.

Proposed Rule

Background

Since 2003, when the SEC adopted Rule 206(4)-7, the investment adviser compliance rule, there has been a general consensus regarding the obligation of most larger advisers to adopt BCPs as a part of their compliance programs. In the adopting release to Rule 206(4)-7, the SEC listed BCPs among the issues that an adviser's policies and procedures should address, to the extent relevant. In that release, the SEC went even further and stated that an adviser's fiduciary duties to its clients include the obligation to "take steps to protect the clients' interests from being placed at risk as a result of the adviser's inability to provide advisory services after, for example, a natural disaster, or in the case of smaller firms, the death of the owner or key personnel."5

The Proposed Rule would codify the SEC's 2003 statements regarding an adviser's obligations to have a BCP, and would specify in more detail the content of advisers' BCPs. In the Proposing Release, the SEC acknowledged that many advisers have, as part of their general risk management policies and procedures, taken steps to address and mitigate risks of business disruption, but pointed to weaknesses in some BCPs the SEC staff observed after Hurricane Sandy.6

The Proposed Rule, described in more detail below, would specify elements of what the SEC believes to be more robust BCPs of advisers. Echoing its earlier statements, the SEC notes in the Proposing Release that an adviser's fiduciary duty obligates it to take steps to protect client interests from being placed at risk as a result of an adviser's inability to provide services. Therefore, the SEC believes it would be "fraudulent and deceptive" for an adviser to hold itself out as providing advisory services unless it has taken steps to protect a client's interests following a disruption event.7

The SEC requested comment on all aspects of the Proposed Rule. Comments are due on or before September 6, 2016.

BCP Content

The Proposed Rule would require registered investment advisers to adopt and implement a written BCP reasonably designed to address operational and other risks related to a significant disruption in the adviser's operations, to ensure (i) business continuity after a significant business interruption and (ii) business transition if the adviser is unable to continue providing investment advisory services to its clients.8 An adviser would be required to review the adequacy and effectiveness of its BCP at least annually.9

The SEC identified certain business disruption events that should be addressed by a BCP, including natural disasters, acts of terrorism, cyber-attacks, equipment or system failures, or unexpected loss of a service provider, facilities or key personnel. To these, the SEC added the unexpected termination of some or all of the adviser's business as a result, for example, of stressed market conditions or due to a sale of its business.

The Proposed Rule would require an adviser's BCP to be based on the risks associated with the adviser's operations and to include policies and procedures designed to minimize material disruptions of client services.10 Although the SEC acknowledged the need for an adviser to tailor its BCP to its particular circumstances, the Proposed Rule would require that a BCP include a transition plan as well as the following specific components (suggested actions outlined by the SEC in the Proposing Release are also provided below):

  • Maintenance of critical operations and systems, and the protection, backup and recovery of data, including client records. A BCP should identify and prioritize critical functions that are utilized for the prompt and accurate processing of portfolio transactions, and the valuation and maintenance of client accounts. Advisers also should identify key personnel that provide critical functions, such that the loss of such personnel would disrupt the adviser's ability to provide services to its clients. With respect to data protection, backup and recovery, a BCP should address both hard and electronic backup and include an inventory of key documents (including details of an adviser's management structure and risk management processes), including the location and description of each.
  • Pre-arranged alternative physical location(s) of the adviser's office(s) and/or employees. An adviser should consider the geographic diversity of its offices or remote sites and employees, as well as access to the systems, technology, and resources necessary to continue operation at different locations in the event of a disruption.11 The SEC urged advisers to consider technology that allows for secure remote-access.
  • Communications with clients, employees, service providers, and regulators. A BCP should address how the adviser will communicate to employees, clients, service providers and other persons involved in critical aspects of the adviser's operations in the event of a business disruption. A BCP also should address employee training to highlight specific roles and responsibilities following a business disruption.
  • Identifications and assessment of third-party services critical to the operation of the adviser. A BCP should identify third-party vendors supporting critical functions or services for or on behalf of the adviser. The SEC wants advisers to assess the BCPs of service providers to the extent those BCPs would affect the adviser's operations following a disruption event. In the absence of a BCP, an adviser should consider alternatives for such critical services, which may include other service providers or internal functions as contingencies.

Under the Proposed Rule, a BCP should include a plan of transition that accounts for the possible winding down or transition of the adviser's business if the adviser is unable to continue providing investment advisory services. According to the SEC, transition plans should be designed to prepare an adviser to act quickly and in its clients' best interests following a transition event. Under the Proposed Rule, a plan of transition should include the following key components:

  • Policies and procedures intended to safeguard, transfer and/or distribute client assets during transition. A BCP should reflect the unique attributes of each type of the adviser's clients (e.g., registered investment companies, private funds and separately-managed accounts)12 and account for the different transfer and distribution methods applying to each client type. BCPs also should address special instructions applying to clients holding assets that would require special treatment.
  • Policies and procedures facilitating the prompt generation of any client-specific information necessary to transition each client account. Client-specific information includes, for example, the identity of custodians, positions, counterparties, collateral and related records of each client.
  • Information regarding the corporate governance structure of the adviser. A BCP should include an organizational chart and other information about the adviser's ownership and management structure, including the identity and contact information for key personnel, and the identity of affiliates (both foreign and domestic) whose dissolution or distress could lead to a change in or material impact to the adviser's business operations.
  • Identification of any material financial resources available to the adviser. For example, an adviser could identify any material source of funding, liquidity, or capital it would seek to ensure continued operations in times of stress. An adviser also could consider how it would implement a reduction of expenses following a disruption event.13
  • An assessment of the applicable law and contractual obligations governing the adviser and its clients, including pooled investment vehicles, implicated by the adviser's transition. The SEC noted that contractual obligations and the need to comply with multiple regulatory regimes could affect an adviser's ability to transition its advisory services.

Annual Review

Under the Proposed Rule, an adviser would be required to review at least annually the adequacy and effectiveness of its BCP.14 In the Proposing Release, the SEC provided guidance on the scope of such annual review, stating that the review should consider any changes to the adviser's products, services, operations, critical third-party service providers, structure, business activities, client types, location and any regulatory changes that might suggest a need to revise its BCP. The review should include an analysis of whether a BCP adequately protects clients' interests from being placed at risk and steps to mitigate such risks following a disruption event. The annual review also should address weaknesses an adviser may have identified and any lessons learned during a BCP's implementation during the previous year.

Recordkeeping

In connection with the Proposed Rule, the SEC also proposed to amend Rule 204-2 under the Advisers Act to require an adviser to maintain copies (including electronic copies) of all BCPs (including records documenting its annual review) that are in effect or were in effect at any time during the previous five years following the compliance date of the Proposed Rule.15 The SEC stated that this requirement addresses the importance that advisers retain easy access to necessary information during periods of stress. The recordkeeping requirement under the Proposed Rule tracks similar requirements under Rule 204-2 regarding an adviser's compliance policies and procedures adopted pursuant to Rule 206(4)-7.

Implications of the Proposed Rule

The Proposed Rule would impose additional and detailed regulatory requirements on advisers. The amount of the burden on an adviser – if the Proposed Rule is adopted as proposed – will turn on the extent to which the adviser has already implemented a detailed BCP. For example, advisers who also are broker-dealers already have detailed BCPs in place, and advisers that are part of larger financial institutions likely already rely, at least in part, on broader, enterprise-wide BCPs.16

Advisers also often rely on third-party service providers to meet the bulk of their operational or "back office" functions, and the SEC acknowledged that advisers would likely seek to comply with the Proposed Rule, in part, by seeking information from third-party service providers regarding their BCPs. However, advisers that rely on various large technology platforms to conduct their businesses are likely to face additional challenges in developing and maintaining BCPs under the Proposed Rule. An adviser may be unlikely to successfully negotiate changes to such platforms if it finds the platforms' BCPs to be wanting or difficult to fold into the adviser's BCP. In some cases, third-party service providers are selected by clients, and rejection of the service provider is not an available option if an adviser wants to retain the client.

Overall, it is unclear the extent to which all but the largest advisers will be able to effect meaningful changes with respect to third-party service providers. Later in this Stroock Special Bulletin, we discuss a few areas of focus for advisers to engage in discussions with their technology vendors and other service providers with respect to contractual arrangements implicating business continuity planning.

Given the compliance regime that has evolved out of Rule 206(4)-7, and the prior statements by the SEC with respect to an adviser's fiduciary obligation to protect its clients from business disruptions, one might question what the Proposed Rule is really adding to the existing regulatory framework. Client assets are usually kept separate from the adviser, and the failure of an adviser will likely simply result in the client obtaining advisory services from another adviser, without the movement of any client assets or the intervention of any bankruptcy court. When, for example, Lehman Brothers failed in 2008, its asset management business (Neuberger Berman) was spun off into a separate business. Looking further back into history, when Drexel Burnham Lambert failed in 1990, its asset manager, Burnham Management, also was spun off into a separate company.17

SEC Guidance for Funds and Their Boards

Concurrent with the issuance of the Proposing Release, the staff of the SEC's Division of Investment Management issued the Guidance Update highlighting the operational risks associated with business disruption events for funds. The Guidance Update points to the obligations of funds under Rule 38a-1 to have compliance policies and procedures, including procedures that address the risk of loss of business continuity and discusses a number of measures the SEC staff believes funds should consider as part of evaluating their business continuity preparedness, especially with respect to critical service providers.18

In the SEC staff's view, a fund should have tailored compliance policies and procedures that address business continuity planning and potential disruptions in services, whether provided by the fund's investment adviser or affiliates or by a third-party service provider. Although the SEC staff acknowledged that funds and their service providers have continued to build and improve their business continuity practices, they cited to last year's well-publicized third-party system malfunction at a service provider19 as a recent event where they believed some funds could have been better prepared to manage a business disruption event involving one of their critical service providers.

Notable BCP Practices

The Guidance Update summarized the findings of a recent outreach by the SEC staff to a number of funds and their advisers regarding BCPs generally. Instead of stating specific obligations that funds have with respect to their BCPs, the Guidance Update highlights the following "notable practices" identified by the SEC staff regarding business continuity planning by funds:

  • BCPs typically cover the facilities, technology/systems, employees and activities conducted by the fund's investment adviser and any affiliates, as well as dependencies on critical services provided by third-party service providers.
  • A broad cross-section of employees from key functional areas are involved in BCPs, typically including senior management, technology, information security, operations, human resources, communications, legal, compliance, and risk management.
  • A fund's Chief Compliance Officer ("CCO") typically participates in the fund's third-party service provider oversight process.
  • BCP presentations are typically provided to a fund's board of directors on an annual basis.20
  • For many funds, some form of BCP testing occurs at least annually, and the results of that testing may be shared in updates to fund boards.
  • Business continuity outages, including those incurred by a fund or a critical third-party service provider, are monitored by the CCO and other pertinent staff and reported to the fund's board as warranted.

BCP Considerations to Address Critical Service Providers

Because funds outsource key aspects of their operations to critical service providers, the SEC staff believes that funds should consider conducting thorough initial and ongoing due diligence of those third parties, including due diligence of their service providers' BCPs.21 The staff suggested that funds consider the following lessons learned from past business continuity events and their outreach efforts when assessing their BCPs relating to critical service providers:

  • Back-Up Processes and Contingency Plans. A fund should consider examining its critical service providers' backup processes, the robustness of the provider's contingency plans, including reliance on other critical service providers, and how these providers intend to maintain operations during a significant business disruption. Funds generally should understand how their own BCPs address the risk that a critical service provider could suffer a significant business disruption and how the provider and the fund might respond under certain scenarios.
  • Monitoring Incidents and Communications Protocols. A fund should consider how it can best monitor whether a critical service provider has experienced a significant disruption (e.g., a cybersecurity breach) that could impair the service provider's ability to provide uninterrupted services, the potential effect that disruption may have on fund operations and the communication protocols and steps that may be necessary for the fund to successfully navigate the disruption.22
  • Understanding the Interrelationship of Critical Service Provider BCPs. To better ensure that the fund can continue operations and/or promptly resume operations during a significant business disruption, a fund should consider how the BCPs of its critical service providers relate to each other. For example, funds should discuss with their service providers any redundancies and backup plans the service provider has in the event it experiences a significant business disruption. Additionally, funds should consider if they have backup procedures that address the steps that would need to be taken to successfully navigate through the service provider disruption.
  • Contemplating Various Scenarios. A fund should consider how a critical service provider disruption could impact fund operations and generally have a plan for managing the response to potential disruptions under various scenarios, whether such disruptions occur with an affiliated or third-party service provider.

Board and CCO Oversight of Fund BCPs

In the SEC staff's view, as part of a fund board's oversight function, boards generally should discuss with the fund's investment adviser and other critical service providers the steps being taken to mitigate the risks associated with business disruptions and the robustness of the service providers' business continuity planning, including how the fund's own BCP addresses the risk that a critical third-party service provider could suffer a business disruption.

The Guidance Update also seems to suggest a larger role for a fund's CCO to the extent business and operational continuity is viewed as part of the compliance function. Typically, CCOs will not have the skill sets useful to promoting well-designed technology or in assessing third-party capabilities. We have already seen the SEC bring enforcement actions against advisers that failed to have adequate cybersecurity policies, and in light of the Guidance Update, CCOs should be alert to their obligations with respect to fund BCPs.23

Technology Vendors and Other Third Party Service Providers

The Proposing Release and the Guidance Update reflect the SEC's continued recognition of maintenance and protection of technology infrastructure, including potential cyber-attacks, as a primary area of risk.24 Indeed, the weaknesses the SEC observed in advisers' BCPs with respect to telecommunications and technology were a stated impetus for the Proposed Rule.

Although the Proposing Release and the Guidance Update focus on the key components of BCPs, advisers and funds should not lose sight of the fact that the foundation of an effective BCP as it relates to technology infrastructure may be, in certain respects, dependent on the contractual relationships with their existing and future technology vendors. Indeed, many of the observations of the SEC examination staff reflected in the Proposing Release have direct relevance to vendor contracts and serve as reminders of the types of provisions advisers and funds should consider including in such contracts.

At a most basic level, vendors must be active participants in an adviser's or fund's BCP. From a contractual standpoint, this may start with an obligation for a vendor of a critical system or operation to have its own BCP and test it annually. The SEC has signaled the need for collaboration among advisers, funds and their technology vendors.25 This may translate into contract provisions providing for transparency regarding the vendors' BCPs and disaster recovery systems, as well as related obligations, including minimum requirements, physical location, annual testing and reporting, and notification of material changes. Of course, vendors might also be obligated to participate in the annual review of an adviser's or a fund's own BCP. In light of the SEC examination staff's finding regarding inadequate testing of BCPs, the existence of a BCP that is appropriate on its face may provide little protection if implemented poorly with vendors following an actual business interruption.

Similarly, an otherwise thorough BCP may provide little protection if delayed in its implementation (e.g., due to a vendor's failing to either adequately monitor its systems or provide notification of issues). As discussed above, the Proposed Rule will require an adviser's BCP to include a communication plan, and the communication plan may reflect both monitoring and notification of disruptions. Although contractual remedies may be limited, parameters regarding such monitoring and notifications may be incorporated into the vendor contract.

As another example, the Proposing Release and the Guidance Update note the importance of considering the interrelationship of vendors in creating a BCP and enhancing preparedness. Also important is the interrelationship of third-party vendor systems and an adviser's internal, proprietary systems. Mapping such interrelationship – the physical telecommunications interconnections and logical data inputs and outputs among them—can be important to the creation of a BCP. With the normal interrelation mapped, potential deviations to it necessitated by interruptions can be considered and addressed in vendor contracts. The contracts might include pre-negotiated statements of work for the provision of backup services. For example: providing for alternate data formats or forms of data transfer used by the vendor; the provision of additional services as replacement to impaired third-party or adviser-provided services; or other potential work-arounds.

In short, this may be an appropriate time for advisers and funds to take inventory of their existing vendor contracts and revisit requirements for future ones. Although certain of the takeaways may not be new, they may provide insight into the SEC's future evaluation of BCPs and the management of technology vendors and other third-party service providers.

Footnotes

1. Adviser Business Continuity and Transition Plans, 81 FR 43530 (July 5, 2016) (the "Proposing Release").

2. SEC Investment Management Guidance Update No. 2016-04, Business Continuity Planning for Registered Investment Companies (June 2016), available at https://www.sec.gov/investment/im-guidance-2016-04.pdf (the "Guidance Update").

3. Mary Jo White, Chair, SEC, Enhancing Risk Monitoring and Regulatory Safeguards for the Asset Management Industry, (Dec. 11, 2014), available at http://www.sec.gov/News/Speech/Detail/Speech/1370543677722. In addition to the Proposed Rule, over the last twelve months the SEC has issued proposals relating to (i) modernizing and enhancing reporting requirements for funds and advisers, (ii) liquidity risk management for certain funds and (iii) funds' use of derivatives. The last part of the outlined reform package—stress testing for large funds and advisers—has not yet been proposed.

4. See, e.g., Financial Stability Oversight Council, Update on Review of Asset Management Products and Activities (April 18, 2016), available at https://www.treasury.gov/initiatives/fsoc/news/Documents/FSOC%20Update%20on%20Review%20of%20Asset %20Management%20Products%20and%20Activities.pdf.

5. Compliance Programs of Investment Companies and Investment Advisers, Advisers Act Release No. 2204 (Dec. 17, 2003) at n. 22, available at https://www.sec.gov/rules/final/ia-2204.htm.

6. National Exam Program Risk Alert, SEC Examinations of Business Continuity of Certain Advisers Following Operational Disruptions Caused by Weather-Related Events Last Year (Aug. 27, 2013), available at https://www.sec.gov/about/offices/ocie/business-continuity-plans-risk-alert.pdf (the "NEP Alert").

7. Proposing Release at 43532.

8. Proposed Rule 206(4)-4(a).

9. Proposed Rule 206(4)-4(a)(2).

10. Proposed Rule 206(4)-4(b)(2).

11. The SEC noted this requirement is generally consistent with regulations adopted by other regulatory agencies. Proposing Release at 43539 n. 79 and accompanying text.

12. The SEC noted that the transfer of client information with respect to funds and private funds may be more complex than that of separately managed accounts. Id. at 43542. It is unclear, however, whether the terms of the Proposed Rule itself extend to operations of a private fund advised by the adviser (or for that matter the investors of a fund). Courts have held that a fund (rather than the investors in the fund) is the client of the adviser. See Goldstein v. SEC, 451 F.3d 873 (D.C. Cir. 2006).

13.The SEC clarified that, when considering any material financial recourses available to it, an adviser could identify any insurance coverage. Proposing Release at 43543 n. 122.

14. Proposed Rule 206(4)-4(a)(2).

15. Proposed Rule 204-2(a)(20) and (e)(1).

16. See FINRA Rule 4370 (requiring that member BCPs address certain elements, including data backup and recovery, all mission critical systems, alternate communications, alternate physical location of employees and critical business constituents (i.e., a business with which a member has an ongoing commercial relationship in support of the member's operating activities). See also NASD, Notice to Members 04–37: Business Continuity Plans (May 2004), available at https://www.finra.org/sites/default/files/NoticeDocument/p003095.pdf.

17. The only examples cited the Proposing Release of transitions that have not "been seamless or without a problem" involve the winding down of Long-Term Capital Management, L.P. in 1998 and The Reserve Fund in 2008. Proposing Release at 43536. In both of those cases, however, the immediate wind-down was of the adviser's client (a hedge fund and a money market fund, respectively), and was made difficult by the need to sell large amounts of illiquid securities held in those funds' portfolios. It is not readily apparent what, if anything, in the Proposed Rule would have even addressed this circumstances.

18. In the SEC staff's view, a fund's critical service providers likely would include, but not be limited to, each named service provider under Rule 38a-1 (i.e., the fund's investment adviser and any sub-investment adviser, principal underwriter, administrator and transfer agent), as well as the fund's custodian and any pricing agents.

19. In August 2015, The Bank of New York Mellon experienced a malfunction in one of its third-party systems provided by SunGard Data Systems Inc., and was unable to, among other things, deliver timely system-generated net asset values ("NAVs") for certain clients for several days. This malfunction resulted in the affected funds having to price their shares using stale or manually calculated NAVs.

20. These presentations may be provided separately, as part of periodic presentations related to contractual arrangements (including as part of the annual section 15(c) process for considering the renewal of investment advisory arrangements), or as part of the CCO's annual presentation to the board, as required by Rule 38a-1.

21. The SEC staff noted that funds typically seek a combination of information, including, but not limited to, service provider presentations, on-site visits, questionnaires, certifications, independent control reports and summaries of programs and testing, where appropriate, including with respect to BCPs. Guidance Update at 4.

22. Such protocols might include: (i) policies and procedures for internal communications across the fund complex (e.g., involving key function area personnel) as well as with fund boards; (ii) external communications plans that address ongoing discussions with the affected service provider (as well as other providers as warranted) and intermediaries, investors, regulators, and the press, as appropriate; (iii) maintaining updated and accessible contact information for essential communications with various constituents during an event; and (iv) providing timely communications that report progress and next steps (e.g., posting updates to websites or portals to facilitate accessibility and broad dissemination of information). Id. at 5-6.

23. See, e.g., R.T. Jones Capital Equities Mgmt., Inc., Advisers Act Rel. No. 4204 (Sept. 22, 2015).

24. Proposing Release at 43545 (BCPs "shall include policies and procedures ... that address ... maintenance of critical operations and systems, and the protection, backup, and recovery of data") and Guidance Update at 1 (noting increasing use of third-party technologies and consideration of them as part of business continuity planning). Prior SEC consideration of technology includes, for example: Regulation Systems Compliance and Integrity, Securities Exchange Act Rel. No. 73639 (Nov. 19, 2014); NEP Alert (addressing "Telecommunications Services and Technology Considerations"); SEC Investment Management Guidance Update No. 2015-02, Cybersecurity Guidance (April 2015), available at http://www.sec.gov/investment/im-guidance-2015-02.pdf and OCIE Cybersecurity Examination Sweep Summary, OCIE, National Exam Program Risk Alert, Vol. IV, Issue 4 (Feb. 3, 2015), available at http://www.sec.gov/about/offices/ocie/cybersecurity-examination-sweep-summary.pdf (providing summary observations from the examinations of 57 broker-dealers and 49 advisers conducted under OCIE's Cybersecurity Initiative). See also National Exam Program Risk Alert, OCIE Cybersecurity Initiative (April. 15, 2014), available at http://www.sec.gov/ocie/announcement/Cybersecurity-Risk-Alert--Appendix---4.15.14.pdf.

25. Proposing Release at 43534 (noting failure of advisers to engage service providers to ensure backup servers worked properly) and Guidance Update at 3 (noting "particularly the need to understand the business continuity and disaster recovery protocols of critical fund service providers" and the need for continuing diligence).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

Disclaimer

Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

Registration

Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

Cookies

A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links

This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

Mail-A-Friend

If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

Security

This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.