If a natural or man-made disaster struck your office, could you get back online within 24 to 48 hours? What if death or disability sidelined your owner or key players? Being able to maintain business continuity has become a huge deal in recent years due to the emergence of unusually severe weather events such as last year’s Hurricane Sandy. For this reason, financial regulators are reminding all industry players to make sure their business continuity plans (BCPs) are reviewed and tested at least once a year.
To that end, the Financial Industry Regulatory Authority (FINRA), Securities and Exchange Commission (SEC), and the Commodity Futures Trading Commission’s (CFTC) Division of Swap Dealer and Intermediary Oversight issued a staff advisory on BCP. This follows a joint review by regulators in the aftermath of Hurricane Sandy, which caused widespread damage to Northeastern states and closed U.S. equity and options markets for two days in October 2012.
“Market reliability and resilience are vital to investors and to the fair and efficient operation of capital markets,” said SEC’s Office of Compliance Inspections and Examination (OCIE) Director Andrew Bowden. “In partnership with our fellow regulators at FINRA and the CFTC, we are sharing these lessons learned from Superstorm Sandy to help industry participants better prepare for future events that threaten to disrupt market operations.”
Although BCP plans should be customized based on a firm’s scale and scope, being small is no excuse for failing to develop and test a continuity plan. FINRA’s Rule 4370 requires securities firms to create and maintain such documents and to provide it with emergency contact information. Similarly, the SEC imposes certain standards under the books and records requirement of Rule 204-2(g) of the Investment Advisers Act. If you’re not sure of the BCP obligations for your license type, check with your compliance officer. In the meantime, here are some tips, courtesy of Wolters Kluwer Financial Services, that will help you resume operations quickly after a disaster.
- Make sure to pre-establish a remote site where you can re-launch operations.
- Establish communication protocols so you can remain in contact with colleagues, vendors and clients.
- Assure that client data won’t be compromised in a disaster’s aftermath.
- Arrange for temporary lodging for key staff in the event you must relocate your office.
- Make sure you have contact information for all third-party service providers, including custodians, broker-dealers, transfer agents and research firms.
- Request and evaluate your vendors’ BCPs.
- Have plans in place in case your firm’s owner or other key players die or become incapacitated.
- Share your BCP with staff and train them on their roles during plan execution.
- Periodically (at least annually) test and revise your BCP.
As with all compliance matters, the National Ethics Association recommends full compliance with all relevant regulations. That’s because it’s better to be safe than sorry after a major disaster. For further information, please review FINRA’s BCP resources, including its plan template, and its recent Regulatory Notice 13-25. Also visit the Federal Emergency Management Agency’s (FEMA) website for plan development guidance.
- Tennessee clarifies insurance-only advisor activities
- SEC approves more BrokerCheck transparency
- Beware pension advances that set retirees back