Rule 1-14-6.23 - Compliance-SupervisionA. It is unlawful for an investment adviser registered or required to be registered pursuant to the Act to provide investment advice to clients unless the investment adviser establishes, maintains, and enforces written policies and procedures tailored to the investment adviser's business model, taking into account the size of the firm, type(s) of services provided, and the number of locations of the investment adviser. The written policies and procedures must provide for at least the following: 1.Compliance Policies and Procedures. The investment adviser must establish, maintain, and enforce written compliance policies and procedures reasonably designed to prevent and detect any violations of the Act and Rules promulgated thereunder.2.Supervisory Policies and Procedures. The investment adviser must establish, maintain, and enforce written supervisory policies and procedures reasonably designed to prevent violations by the investment adviser's supervised persons of the Act and the Rules promulgated thereunder.3.Proxy Voting Policies and Procedures.a. If the investment adviser has the authority to vote client securities: i. The investment adviser must establish, maintain, and enforce written proxy voting policies and procedures that are reasonably designed to ensure that the investment adviser votes client securities in the best interest of clients. These procedures must include how the investment adviser addresses material conflicts that may arise between its interests and those of the investment adviser's clients.ii. Disclose to clients how they may obtain information from the investment adviser about how it voted with respect to their securities.iii. Describe to clients the investment adviser's proxy voting policies and procedures and, upon request, furnish a copy of the policies and procedures to the requesting client.b. If the investment adviser does not have the authority to vote client securities, then this information must be disclosed to clients.4.Physical Security and Cybersecurity Policies and Procedures. The investment adviser must establish, implement, update, and enforce written physical security and cybersecurity policies and procedures reasonably designed to ensure the confidentiality, integrity, and availability of physical and electronic records and information. The policies and procedures must be tailored to the investment adviser's business model, taking into account the size of the firm, type(s) of services provided, and the number of locations of the investment adviser. a. The physical security and cybersecurity policies and procedures must:i. Protect against reasonably anticipated threats or hazards to the security or integrity of client records and information;ii. Ensure that the investment adviser safeguards confidential client records and information; andiii. Protect any records and information the release of which could result in harm or inconvenience to any client.b. The physical security and cybersecurity policies and procedures must cover at least five functions: i.Identify. Develop the organizational understanding to manage information security risk to systems, assets, data, and capabilities.ii.Protect. Develop and implement the appropriate safeguards to ensure delivery of critical infrastructure services.iii.Detect. Develop and implement the appropriate activities to identify the occurrence of an information security event.iv.Respond. Develop and implement the appropriate activities to take action regarding a detected information security event.v.Recover. Develop and implement the appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to an information security event.c.Privacy Policy. The investment adviser must deliver upon the investment adviser's engagement by a client, and on an annual basis thereafter, a privacy policy to each client that is reasonably designed to aid in the client's understanding of how the investment adviser collects and shares, to the extent permitted by state and federal law, nonpublic personal information. The investment adviser must promptly update and deliver to each client an amended privacy policy if any of the information in the policy becomes inaccurate.5.Material Nonpublic Information Policy and Procedures. The investment adviser must establish, maintain, and enforce written policies and procedures reasonably designed to prevent the misuse of material, nonpublic information by the investment adviser or any person associated with the investment adviser.6.Business Continuity and Succession Plan. The investment adviser must establish, maintain, and enforce written policies and procedure relating to a business continuity and succession plan. The plan must provide for at least the following: a. The protection, backup, and recovery of books and records.b. Alternate means of communications with customers, key personnel, employees, vendors, service providers (including third-party custodians), and regulators, including, but not limited to, providing notice of a significant business interruption or the death or unavailability of key personnel or other disruptions or cessation of business activities.c. Office relocation in the event of temporary or permanent loss of a principal place of business.d. Assignment of duties to qualified responsible persons in the event of the death or unavailability of key personnel.e. Otherwise minimizing service disruptions and client harm that could result from a sudden significant business interruption.B.Annual Review. The investment adviser must review, no less frequently than annually, the adequacy of the policies and procedures established pursuant to this section and the effectiveness of their implementation.C.Chief Compliance Officer. The investment adviser must designate a supervised person as the chief compliance officer responsible for administering the investment adviser's policies and procedures.Miss. Code Ann. § 75-71-411 (2020).