Header graphic for print
Securities Compliance Sentinel Analysis of cutting-edge securities industry issues

So You Don’t Think You Need A Business Continuity Plan; Here Are 15 Considerations Why You Should Have One

Posted in Broker-Dealer Regulation, Compliance and Supervision, Financial Industry Trends, Investment Adviser Regulation, Registered Representatives, SEC Compliance

Now that summer is in its waning days, the hurricaine season is about to take off.  Hurricaine Sandy had a devastating impact on the financial markets, closing the equity markets for two days and some firms for at least a week.  The SEC, CFTC and FINRA recently provided financial firms a framework to improve their business continuity plans (BCP) in the event of another disaster, natural or otherwise.

The regulators noted that firms should, among other things, take the following considerations into account:

  1. Multiple redundant services to ensure ongoing communication between the firm and its employees, as well as customers, the markets and regulators.
  2. Improve employee remote access and enhance technology to ensure the availability of such access.
  3. Alternate back-up locations away from the firm main location.
  4. Accessibility of staff to alternate work locations, as well as an assessment of the number of staff needed to operate an alternate location.
  5. Expansion of surplus generator capacity to support expanded business functionality.
  6. Question critical firm vendors to ensure that they have an adequate BCP and, in doing so, categorize the vendors depending upon the risk associated with their continued operation.
  7. Provide customers, trading counter-parties, regulators and staff with updated contact information should the firm have to resort to alternate telephone lines.
  8. Update your web site to provide access to your BCP.
  9. Establish multiple broker-dealer relationships to allow alternate market entry points.
  10. Communication plans to provide better communication with staff, customers, regulators, etc.
  11. Centralized process to communicate with all staff, together with diverse communication methods.
  12. Give proper weight to time senstive regulatory requiremnts to avoid being crunched by an outage of some sort.
  13. Revise existing BCPs to take into account any new regulatory or SRO requirements.
  14. Once you have a BCP, test it (with adequate stress tests) on a regular basis.
  15. Conduct staff training on at least an annual basis to ensure familiarity with the process.

Firms will have to decide what works best based upon the nature and size of their operation.  Neverttheless, all firms should develop, implement and test your BCP to avoid a disruption and financial loss due to a business interruption.