Paula Kennedy was lucky. A senior manager and a financial planner for executives at Deloitte & Touche at 2 World Financial Center–just across the street from the destroyed World Trade Center towers–she was scheduled on September 11 to work out of the company’s Parsippany, New Jersey, office. Kennedy had her laptop with her and thus all her relevant client data, but about 80% of the people in her group in lower Manhattan didn’t.
Fortunately, none of Deloitte’s World Financial Center employees was harmed in the attack, although windows were blown out. In the days following the tragedy the employees were relocated to other company offices in Manhattan, New Jersey, Long Island, and Connecticut.
“We lost considerable productivity while Deloitte searched for housing for us and started the process of renting computers,” Kennedy explains. “I would say that very little got done the first two weeks. We spent a lot of time calling clients, who were much more worried about us than about their records or their tax returns.”
With clearance from New York authorities, Deloitte & Touche was recently allowed to retrieve some equipment from its downtown offices including hard drives, laptops, and paper files. “We had to make lists of files we needed, and prioritize,” says Kennedy. “They would get what we asked for, within reason.” Because not all files could be carried out, some client data remains inaccessible. But since the company performs daily data backups, storing them off site, most client information was available to employees as soon as they were operative in their temporary office digs.
At present, Kennedy and 600 of her fellow employees are working out of four floors of the Marriott Marquis hotel in midtown Manhattan, where they expect to be for at least 60 days. Kennedy is ensconced in room 1840. “It’s like a dorm quad,” she says. The hotel removed beds from all the rooms and installed four tables in each. Deloitte techies jury-rigged a computer network which “sometimes even works,” Kennedy jokes. While it’s not easy functioning under these conditions, it’s no longer impossible. And this, along with the strange and slow process of getting back to a state they all once knew as “normal,” is something that Kennedy and her co-workers feel grateful for. The company plans to move back to 2 World Financial Center, but for the moment, no one is saying when that will happen.
That the entire nation was ill prepared for what occurred on September 11–not just New York financial district firms–has given rise to a reevaluation of methodologies in any number of business areas, the most relevant to advisors being those issues relating to data security and succession planning, be it temporary or permanent. Advisors admonish their clients to possess the mental fortitude necessary to withstand market histrionics that would threaten the sanctity of their asset allocation strategies, and be ready for any eventuality. But how ready are advisors?
Imagine. You survive a catastrophe in your home town involving terrorists, nut cases, or natural havoc in the form of earthquake, fire, or flood–but your office doesn’t. It no longer exists. Or, as in the case of the Deloitte & Touche employees in downtown Manhattan, the old office will not be usable for weeks or months.
Your Rolodex is toast, along with every personal and professional note, memo, photograph, or letter you had filed in manila folders for safekeeping. Your computers are kaput, your SEC files burned to ash, waterlogged, mangled, or covered with toxic asbestos waste, and your framed, professional degrees lie shattered on the floor. Your disaster plan might have included digitized documents, off-site backups, spare personal computers, and other contingencies required to raise your office from the dead. But wary of non-essential expenditures and lacking the resources of a large firm, you didn’t have one. As a result, you are left with nothing.
Mindful of Dostoevsky’s observation that “realists do not fear the results of their study,” what exactly have we learned from the once unimaginable World Trade Center tragedy–and our own projected worst-case scenarios–that might enable us to better plan and function should something unexpected happen again?
In terms of preparedness, Paul Baumbach, president of Mallard Asset Management Corp. in Newark, Delaware, likens advisors to the cobblers’ children who go shoeless. But many planners have something in place, however rudimentary. The goal now is to make that something a whole lot better.
“I try to practice what I preach about preparing for contingencies,” says Judith Martindale of Martindale Associates in San Luis Obispo, California, “but it’s a process.” Seeing what Martindale and Baumbach and others have done and are doing regarding the safeguarding of data and business succession planning may shed light on your own strengths and weaknesses in the same vital areas, or bring to mind others that may need attention.
Baumbach is fortunate in that he has two degrees in computer science, and in a prior career helped to develop a backup system for users of Unisys mainframes. “As a result, ‘embraced technology’ is an understatement for my firm,” he says. There are six computers for the firm’s two employees: two personal workstations, a file server (which includes the backup drive and scanner), a Net server (running Linux, with a firewall for a DSL line), a little-used laptop, and a conference room system. Baumbach uses an OnStream 30GB backup drive, with daily backups of data (not programs)–and each day he carries the backup tapes offsite.
He performs desktop upgrades every 12 to 18 months. It’s a process that helps remind him of the wide range of software he uses, and the need to maintain a system good enough to track it. He also recently purchased an Epson Perfection 1640SU scanner with automatic document feeder and PaperPort software. While he’s “dedicated” to using it for all new clients–part of an effort that will also reduce office paper–he intends to gradually capture existing client data, which he estimates will take a year or two.
The Bottom Line of Security
What’s all this protection cost? It’s hard to pinpoint an exact figure, since some equipment is used for multiple purposes. For example, Baumbach has a network enabling him to have a client presentation in the conference room while at the same time allowing the file server to hold all critical files and back them up daily. He offers these rough estimates: $2,500 for hardware, $300 for software, $750 for consulting expenses, and five minutes each day to swap tapes. The tapes, he notes, are fairly expensive ($300 or so per year) and should be replaced every few months. His protection costs–totaling some $3,850–could be lower than other small firms because he is capable of doing most of his own support work (for example, he built the file server himself with his son one weekend last month). But his actual costs are likely to be higher because, being a “technology addict,” he insists on implementing more than the minimum.
While Martindale, like Baumbach, lacks the true paperless office, she does scan all client retainer agreements for the SEC, and maintains the firm’s compliance manual in both hard copy and electronic form. Each client’s net worth and investment information can also be found in both hard copy and electronic form. “I’m still duplicating lots of material but am printing out less and less,” she says, adding that in the process she and her staff have grown “more competent and confident” with the computer. As for backup, it’s done on site twice a week. Twice a year (since her firm prepares taxes, this is performed in June and again at year end) all data is backed up. It is then taken and stored off site in Martindale’s own safe deposit box.
As for data protection costs, her firm uses three PCs and one laptop, which all serve various purposes. The scanner is the only piece she purchased “specifically for having the retainer agreements in the computer.” Her contingency equipment breaks down thusly: three PCs, $3,300; a router, $79; a Hewlett Packard scanner, $139; a Zip drive, $150; Quantum Snap Server, $499–for a grand total of $4,167.
Like most advisors, since September 11 Martindale has stepped up her efforts at safeguarding data and formulating contingency plans. “Just today we ordered more memory for all the computers,” she says. “I personally love to delete items but my office manager, I discovered today, has information hidden where I can’t get to it. My staff knows and takes care of me so I can take care of my clients. It’s a good system.”
One advisor who does lay claim to running a paperless office–which as a means of easily and effectively safeguarding client and office data is itself a giant step in the right direction–is Dennis Carpenter, president of International Wealth Management, an independent broker/dealer office located in Grapevine, Texas, that is affiliated with Prospera Financial Services.
Carpenter’s paperless office is made possible by LaserFiche Document Imaging (www.laserfiche.com), a division of California-based Compulink Management Center Inc., which manufactures document imaging and document management software products. The products, he says, are compliance friendly to most broker/dealers, registered investment advisors, and especially to the NASD and the SEC.
“Now when you visit clients in their home or office, you can scan their documents into your laptop and never have to physically take possession of clients’ valuable papers,” Carpenter explains. “Then, no matter where in the world you are, you can have immediate access to the documents.” In the meantime, he adds, “you donate your filing cabinets to your church, school, or favorite charity. Everybody wins.”
Like most prudent advisors, Carpenter is a stickler for data backups, LaserFiche or not. “Systems are becoming faster and faster,” he notes, “and you must religiously back up the files every day and then remove the backup copy from the physical premises to a secure offsite area; maybe a fireproof safe at home.” But he believes not enough is being done in terms of data destruction. He cites as incentives confidentiality concerns, the Gramm-Leach-Bliley Privacy Act, and a proliferation in the number of stolen identity cases.
“You better not be letting one piece of paper go out of your office with any legible client information on it,” he cautions. “If you do, it’s not a question of if you’ll be sued, it’s just a matter of when and for how much.” If you don’t have a paperless office, get a paper shredder fast, he advises.
When All Is Lost
What happens when a planner’s contingency plan doesn’t pan out (or one is lacking to begin with) and data loss is total? “I shudder to think,” says Baumbach, who offers the following advice: In the absence of compliance files–paper and computer–he would contact his clients posthaste, along with his state regulatory office, and explain the steps he would be taking to “reconstruct what I could.”
These steps might include asking clients to bring in their folders to their next meeting with him, whereupon he would photocopy everything. He would also try his hand at, for example, “forensics” in the form of “grabbing old copies of computer files off a machine used two years ago.” He would contact all his vendors (Advent is at the top of his list) to get what assistance he could for data warehoused outside his firm.
As an independent investment advisor, Baumbach doesn’t have a B/D; for client accounts he uses primarily TDWaterhouse, which does not offer him any disaster planning system assistance, he says.
If he lost just his unscanned paper files, he would be able to access the bulk of them in stored digital form as Word, Excel, Advent, and ProTracker documents and files. “This wouldn’t be catastrophic.” As for office reference material–manuals on programs such as ProTracker and Advent are used regularly, as is the most recent tax guide and a few of his core CFA books–not much that sees regular use is irreplaceable.
Planner Martindale reports that since she has an ongoing relationship with most of her clients, if her office data were destroyed she would have to get new signatures when she next saw them. “Although I don’t remember names well, once I can place a client, I can remember much of their net worth and investments,” she says. As for replacing office reference material, much of the information she uses, including that relating to taxes, resides online because of its time-sensitive nature.
Ready for What?
Y2K and its attendant forecasts of data doom and chaos undoubtedly ensured a level of readiness among many planners who otherwise wouldn’t have felt pressed enough to make the effort. But since Y2K itself proved such a dud, the long-term aspects of that readiness often fell by the wayside. This happened to Mark Beck, vice president of Financial Strategies in Brookfield, Wisconsin. Under his direction and prior to Y2K, the firm developed a total backup system. The plan to launch additional systems to ensure frequent onsite backups and periodic offsite backups, however, never really materialized; with so much else to do in running a firm, it just didn’t seem necessary. The September 11 disaster catapulted information systems and the safeguarding of data to the forefront in Beck’s three-person office, and thousands like it everywhere. “I have become increasingly aware of our vulnerabilities,” he says, “and am actively working on cementing the processes we began back in 1999.”
For many an independent planner, doing what’s now deemed necessary is no easy task. The big wirehouses in New York City already maintain data backup and redundant systems, sometimes out of state. And firms like Deloitte & Touche, as we’ve seen, are able to quickly set up shop in multiple locations. It’s a level of preparedness akin to the Federal Emergency Management Agency’s ability to truck mobile-office trailers to a disaster area and within 48 hours transform those trailers into fully functional communication and command centers, replete with everything from satellite links to paperclips and personnel.
The small, independent advisor, however, must make do with less. So while the computer systems at Beck’s Financial Strategies, for example, are comparatively simple, and while all the firm’s pertinent files have been consolidated to one known area on the system, Beck has come to realize that the scope of his “preparedness” project is larger than he originally thought.
Valuable files come from several different software packages, he explains, and include client-specific files, internally created template-type files, and corporate-related files. Once all this information is catalogued and strategically located, creating a backup is rather simple, he admits, but it must be done regularly–and that takes discipline and time.
Most of the firm’s software systems for financial planning and investment management have a backup function built into them. Beck then backs up these files on a CD-ROM drive. All other files are copied also to the CD-ROM. And all backup CDs are stored at Beck’s home. “The challenge is implementing and sticking with a regularly scheduled plan,” he says, “even as we are lulled back into a sense of security.”
As weeks and months are put between us and what occurred on September 11, we cannot as a nation afford to let down our guard any more than you as advisors can in protecting your office and client data. Novelist Louise Meriwether once wrote: “I always knew I would turn a corner and run into this day, but I ain’t prepared for it no how.” Maybe next time will be different.
The Plumber’s Leaky Sinks
Another area that planners are revisiting in the wake of the events of September 11 is succession planning, or something similar. Paul Baumbach, president of Mallard Asset Management in Newark, Delaware, has no formal succession plan per se. Instead, he has developed for each client an “investment policy statement.” This is designed to what is known as a “competent stranger” standard, so that his clients can bring their account to another money manager and, as Baumbach puts it, “avoid many bumps in the transition process.”
A member of the National Association of Personal Financial Advisors, Baumbach hopes that a NAPFA initiative succeeds that would enable NAPFA firms to plan for succession with other member firms. But the terrorist acts of September 11 have not increased the urgency he feels for this initiative, he says. He notes that he is 39 years old, and that his practice will be just five years old in November.
Judith Martindale of Martindale Associates in San Luis Obispo, California, doesn’t have a business succession plan either, at least one in the usual sense. As a founding member of Cambridge Advisors, an alliance of about 80 fee-only planners throughout the country who share a common philosophy and software, she is confident, however, that her clients would be assisted by any other Cambridge Advisor in her absence. “I wouldn’t be surprised if several of the advisors would want to move here to San Luis Obispo to care for my clients,” she says. If something should unexpectedly happen to her, there is another CFP in the office to care for the firm’s clients. “I was out of the office for five weeks this summer and everything went very smoothly,” Martindale notes. “That was a blow to my ego, but I’m glad everything went well.” She also keeps in close touch with an advisor in Monterey, California, some three hours from her office. “He and I are unofficial backups to each other,” she says.
Dennis Carpenter, president of International Wealth Management in Grapevine, Texas, has noticed of late a substantial increase in the number of financial advisory practices for sale. It’s been his observation that the general sales price tends to be two times revenues. In some cases he believes this could be more, dependent as it is on steadfast client loyalty and the need for principal to “stay on board” for one to three years, or longer. For these and other reasons, he feels succession planning is a must. “If planners aren’t doing it they are just as foolish as their $5 million client without a will,” he says. “Think of it, your spouse in all likelihood isn’t licensed so he/she cannot collect the fees or trails. So are you going to do nothing and let the income stream die with you? But that’s what’s happening, the plumber’s sink leaks and the financial planner doesn’t have a succession plan.”–Cort Smith
With Reservists and National Guard troops being called up for various phases of the war on terrorism, it’s only a matter of time before some planning offices are hit with the loss to active duty of a vital staff member, or even a principal or two.
We talked with a couple of military types to see what sort of plans would be good to have in place to handle such an eventuality. What we discovered is what you probably find when you ask your clients about estate planning–some well-intentioned ideas, but no firm policy as yet.
Mark Mensack, a major in the Army Reserves, is a planner with Legg Mason in Marlton, New Jersey. He has a wealth of military experience, including flying helicopters, serving in operations, and teaching at West Point, and is on a list of reservists who may be called back to active duty. He’s considered the possibilities for being called to active duty, and concedes that under certain circumstances it could happen–”although the likelihood of them calling up a 39-year-old to fly helicopters [he flew Hueys and Cobras and would need to be trained in Apaches and Blackhawks before piloting in combat] is pretty low.” The most likely scenario for him to be called back, he says, is as a teacher at West Point, and as such he could continue to serve his clients. “Although I couldn’t grow my business, because I wouldn’t be able to call [my] people,” he concedes.
The possibility of active duty in the far more grueling area of Operations, however, “in a tent somewhere” planning missions, would leave him unable to monitor the markets and work with clients. In that case, he says, he’s talked to his manager and the most likely strategy would be to split up his book of business among other planners in the office. There is no succession plan in place at his office, but when we spoke at press time he was working with his manager to establish exactly what would happen to his business both during a hypothetical term of service and after, when he would return to work.
Ron Pearson, a retired Navy pilot turned financial planner in Virginia Beach, Virginia, recommends that anyone facing the possibility of a call to active duty should have a strategy in place such as one would have for a long illness or accidental death.
“I had a new client couple come in a few years ago. They had been working with a broker and said they didn’t like him any more, and they interviewed me. She said, ‘You’re a sole practitioner, Ron, and we like you, but what happens if something happens to you?’” Pearson’s tone is wry as he recounts that he told them that the business was “mostly mental stuff, and the only thing that would keep me from handling it would be something like a stroke. They said, ‘Our last stockbroker had a stroke,’ and it was like being hit between the eyes.”
Pearson suggests that you line up someone who can take over for you if something happens–particularly if you haven’t gotten a call-up notice yet. That gives you some time to find someone reasonably compatible with your views who can care for your clients in case duty calls. He also points out that you’ll need to work out some kind of arrangement for payment to whoever that might be.
There is also the virtual office, he reminds us. With a laptop and e-mail–at one month to the day since the attacks at this writing, “they’re already getting e-mail off the carriers in the combat zone”–you can keep up with anything. “Except if you’re carrying a rifle and running around the mountains in Afghanistan,” says Pearson, “you can still conduct business.”
And if you’re having mixed feelings about going, just keep in mind what Mensack reminds us. Serving on active duty “is not as hard as being one of those 700 people who worked for Cantor Fitzgerald.”–Marlene Y. Satter
A To-Do List
Brian M. Oard, the managing partner at Business Consul- tants Group in Westlake Village, California, has compiled this contingency list, based on his own nerve-rattling experiences.
Not long after launching his Southern California planning firm in the early 1990s, he was locked out of his 10th floor office in a Woodland Hills office building for a week due to the 1994 Northridge earthquake.
Deemed the costliest natural disaster in U.S. history, the temblor killed 61 persons and caused over $40 billion in damages. Here’s what Oard finds most valuable in keeping himself–and you–a step ahead of a manmade disaster or an act of God.
1.Place off site a copy of your com-puter operating system software.
2.Store off site copies of yourapplications software.
3.Back up data on a daily basis and rotate disks from off site.
4.Make an inventory of equipment and necessary documents.
5.Store off site a copy of the firm’s standard operating procedure binder and update it quarterly.
6.Keep off site a supply of essen-tial office stationary, including items like extra business cards.
7.Keep off site a copy of all contracts, licenses, and operating agreements. Update quarterly.
8.Keep in the office an emergency preparedness kit, with items like bottled water, a flashlight, and gloves.
9.Store off site essential financial information for your firm for previous years.
10.Have an action plan in writing and rehearse it periodically with allthe principals in the business.