Real World Preparations

Business Continuity PlansBusiness Continuity Plans

AgendaAgenda

• Introduce a BCP scenario

• Defining the BCP

• Regulations

• Compliance

• Supervision

• Enterprise Risk Management

• What to do

• BCP Applied

BCP ScenarioBCP Scenario

Firm: Shorepoint Financial

Size: ~ 100 person BD and RIA

Event: A major storm hits the east coast. Shorepoint Financial’s office is inaccessible due to coastal flooding. It is unclear whether the office survived a 100 year flood event.

What is a Business Continuity Plan?What is a Business Continuity Plan?

Business continuity plan (BCP) is a document describing contingency plans in the event ordinary business practices are interrupted. It assumes the firm has entered into contracts with service providers to ensure operations may continue even if unforeseen circumstances make usual and customary business operations difficult or impossible.

REGULATIONSREGULATIONS

Regulations and LawRegulations and Law

4370. Business Continuity Plans and Emergency Contact Information

High Points:

A. Each firm must have a Business Continuity Plan (BCP)

B. The plan must be updated when there is a material change in the firm’s business model

C. The plan, according to the rule must include the following elements:

D. A senior manager of the firm must approve the plan

E. The firm must disclose the BCP to the public.

F. The firm must keep FINRA apprised of any changes

Critical!

Know your “mission critical systems”

Financial and operational assessment" means a set of written procedures that allow

a member to identify changes in its operational, financial, and credit risk exposures.

10 Elements of a FINRA BCP10 Elements of a FINRA BCP

(1) Data back-up and recovery (hard copy and electronic);

(2) All mission critical systems;

(3) Financial and operational assessments;

(4) Alternate communications between customers and the member;

(5) Alternate communications between the member and its employees;

(6) Alternate physical location of employees;

(7) Critical business constituent, bank, and counter-party impact;

(8) Regulatory reporting;

(9) Communications with regulators; and

(10) How the member will assure customers' prompt access to their funds and securities in the event that the member determines that it is unable to continue its business.

COMPLIANCECOMPLIANCE

Compliance (The Plan)Compliance (The Plan)

Question: What is your plan?

Tailor the BCP to your business model.

Service provider due diligence

Template BCPs are not sufficient.

Devise a test of your BCP. - Think FIRE DRILL!

SUPERVISIONSUPERVISION

SupervisionSupervision

Question: How will you test your plan?

You planned a fire drill. What does it look like?

Frequency - annual testing at a minimum

1. Verbal review with emergency contacts and service providers.

2. Announced BCP drill. Make arrangements with service providers and emergency contacts to actually “work the system.”

Enterprise Risk ManagementEnterprise Risk Management

Think beyond compliance.

Disasters, whether man-made or natural can put you out of business.

Be ready to communicate with customers with confidence.

ENTERPRISE RISK MANAGEMENT

ENTERPRISE RISK MANAGEMENT

Next StepsNext Steps

1. Review Forms BD and ADV Parts 1 and 2

2. Update them if needed.

3. Use the FINRA BCP for small firms and customize it.

4. Put a senior manager on the hook for the BCP.

5. Develop a testing method, follow through and keep records.

6. Tweak the plan where necessary, updating all documents.

Shorepoint FinancialShorepoint Financial

What should they do?

Let’s discuss.

Select ResourcesSelect Resources

1. FINRA BCP Page

http://www.finra.org/Industry/Issues/BusinessContinuity/index.htm

2. Small Introducing Firm Business Continuity Planning Template:

http://www.finra.org/Industry/Issues/BusinessContinuity/p006464

3. National Flood Insurance Programhttps://www.floodsmart.gov/floodsmart/

4. Commercial Flood Coverage

https

://www.floodsmart.gov/floodsmart/pages/commercial_coverage/cc_overvie

w.jsp

5. Centers for Disease Control and Preventionhttp://www.cdc.gov/flu/

Contact InformationContact Information

Stephen Selby, CRCP

Assistant Vice President, Social Media Strategy, Audit & Regulator Relations

Office Phone: (860) 285-7858

Cell Phone: (860) 205-1529

sselby@LIMRA.com

An Online account is just a click away: https://www.limra.com/Request_Access/

LinkedIn Profile: http://www.linkedin.com/in/stephenselby

Follow me on Twitter - http://twitter.com/limra_crs