As the majority of individuals in the midatlantic states and New England are home today experiencing the wrath of Winter Storm Juno, a majority of organizations may be bemoaning the fact that the “snowpocalypse” that was predicted never came to fruition unless you are in Long Island, Connecticut and New England .
What could have been a major event has turned into a nuisance that has resulted in a loss of productivity this week, but leads one to think what if the New York-New Jersey area were to be crippled by a blizzard that would dump three feet of snow on the area ? Based upon the lessons learned from Hurricane Sandy and 9/11 , would your firm’s business continuity plan be effective ? Would it meet the requirements for business continuity planning that are dictated by FINRA Rule 4370 ?
Does your plan cover all ten points that the rules discusses that a plan must have
How frequently do you test your plan ?
Are your Business Continuity Contacts up to date, do they agree with the individuals listed in the FINRA Contact System. ?
The FINRA website will offer you several resources to help with Business Continuity. If you are going to use the small business BCP templete that FINRA offers on the website, make sure that you fill out and customize the plan accordingly, nothing is more embarrising than having an examiner ask you a question about your plan when you are $5k broker-dealer and your BCP plan talks about your clearing firm or trading when your firm does neither of those activities.
If you need help with crafting your plan or just have questions about testing , feel free to contact me : firstname.lastname@example.org
As a quick refresher, here is rule 4370 listed below.
4370. Business Continuity Plans and Emergency Contact Information
(a) Each member must create and maintain a written business continuity plan identifying procedures relating to an emergency or significant business disruption. Such procedures must be reasonably designed to enable the member to meet its existing obligations to customers. In addition, such procedures must address the member’s existing relationships with other broker-dealers and counter-parties. The business continuity plan must be made available promptly upon request to FINRA staff.
(b) Each member must update its plan in the event of any material change to the member’s operations, structure, business or location. Each member must also conduct an annual review of its business continuity plan to determine whether any modifications are necessary in light of changes to the member’s operations, structure, business, or location.
(c) The elements that comprise a business continuity plan are flexible and may be tailored to the size and needs of a member. Each plan, however, must at a minimum, address:
(1) Data back-up and recovery (hard copy and electronic)
(2) All mission critical systems;
(3) Financial and operational assessments
(4) Alternate communications between customers and the member
(5) Alternate communications between the member and its employees
(6) Alternate physical location of employees
(7) Critical business constituent, bank, and counter-party impact;
(8) Regulatory reporting
(9) Communications with regulators
(10) How the member will assure customers’ prompt access to their funds and securities in the event that the member determines that it is unable to continue its business.Each member must address the above-listed categories to the extent applicable and necessary. If any of the above-listed categories is not applicable, the member’s business continuity plan need not address the category. The member’s business continuity plan, however, must document the rationale for not including such category in its plan. If a member relies on another entity for any one of the above-listed categories or any mission critical system, the member’s business continuity plan must address this relationship.
(d) Members must designate a member of senior management to approve the plan and he or she shall be responsible for conducting the required annual review. The member of senior management must also be a registered principal.
(e) Each member must disclose to its customers how its business continuity plan addresses the possibility of a future significant business disruption and how the member plans to respond to events of varying scope. At a minimum, such disclosure must be made in writing to customers at account opening, posted on the member’s Web site (if the member maintains a Web site), and mailed to customers upon request.
(f)(1) Each member shall report to FINRA, via such electronic or other means as FINRA may specify, prescribed emergency contact information for the member. The emergency contact information for the member includes designation of two associated persons as emergency contact persons. At least one emergency contact person shall be a member of senior management and a registered principal of the member. If a member designates a second emergency contact person who is not a registered principal, such person shall be a member of senior management who has knowledge of the member’s business operations. A member with only one associated person shall designate as a second emergency contact person an individual, either registered with another firm or nonregistered, who has knowledge of the member’s business operations (e.g., the member’s attorney, accountant, or clearing firm contact).
(2) Each member must promptly update its emergency contact information, via such electronic or other means as FINRA may specify, in the event of any material change. With respect to the designated emergency contact persons, each member must identify, review, and, if necessary, update such designations in the manner prescribed by NASD Rule 1160.(g) For purposes of this Rule, the following terms shall have the meanings specified below:(1) “Mission critical system” means any system that is necessary, depending on the nature of a member’s business, to ensure prompt and accurate processing of securities transactions, including, but not limited to, order taking, order entry, execution, comparison, allocation, clearance and settlement of securities transactions, the maintenance of customer accounts, access to customer accounts and the delivery of funds and securities.(2) “Financial and operational assessment” means a set of written procedures that allow a member to identify changes in its operational, financial, and credit risk exposures