Superstorm Sandy shutdown the New York Stock Exchange for two business days in October of 2012. The last time the NYSE shutdown was on Sept. 11, 2001, and the only time in history it was closed for two days was in 1888, also due to weather issues. As we approach the one year anniversary of Superstorm Sandy, it’s important to note what the Securities and Exchange Commission has done to ensure business can continue operations and fulfill their fiduciary responsibility to their clients. The SEC’s National Examination Program (NEP) reviewed the Business Continuity and Disaster Recovery plans of dozens of advisers “to assess their compliance with applicable laws, rules, and regulations relating to business continuity plans.” The NEP’s goal was to understand how financial services firms were impacted by the storm, how they enacted their BCPs, and determine any opportunities for improvement.
It’s important to note that following the Dodd-Frank Act in 2010, the Commodity Futures Trading Commission (CFTC) adopted regulations in which it’s now required that any swap dealers (SDs) or major swap participants (MSPs) which engage in trading must have a BCP and DR plan, plus test it annually by a qualified auditor, with the goal to resume operations within the next business day. Based on the NEP’s research, here are five ways to improve the BCP for your organization.
1. Consider implementing a policy in which employees are required to annually sign that they have received the BC and DR plan. By distributing the plan, it will help make everyone aware of its existence and help develop a culture of preparedness within your organization.
2. Make it a requirement that all business units develop continuity of operations plans which consider multiple scenarios to help ensure advisers can meet their fiduciary duty to clients.
3. Review your BCP to ensure it “adequately address and anticipates widespread events.” In our 7 Steps to Preparedness, Preparis advocates conducting a risk assessment which takes into account your company’s vulnerability to internal, external, historical and geographical factors. Some plans neglect one of these four elements.
4. Plan to switch to a backup systems in advance of the incident, rather than waiting for a blackout or other threat which could take down your phone, internet, or data. During Superstorm Sandy, the massive flooding left more than seven million people without power.
5. Form committees (or crisis teams) to plan, develop, test and, if necessary, execute
the advisers’ BCP.
For more information about how to ensure your Business Continuity and Disaster Recovery Program is comprehensive for your organization, download our 7 steps to preparedness e-book or request a demo to see how Preparis can help your firm meet the requirements of the CFTC and SEC.