bcp - a practical guide
TRANSCRIPT
Real World Preparations
Business Continuity PlansBusiness Continuity Plans
AgendaAgenda
• Introduce a BCP scenario
• Defining the BCP
• Regulations
• Compliance
• Supervision
• Enterprise Risk Management
• What to do
• BCP Applied
BCP ScenarioBCP Scenario
Firm: Shorepoint Financial
Size: ~ 100 person BD and RIA
Event: A major storm hits the east coast. Shorepoint Financial’s office is inaccessible due to coastal flooding. It is unclear whether the office survived a 100 year flood event.
What is a Business Continuity Plan?What is a Business Continuity Plan?
Business continuity plan (BCP) is a document describing contingency plans in the event ordinary business practices are interrupted. It assumes the firm has entered into contracts with service providers to ensure operations may continue even if unforeseen circumstances make usual and customary business operations difficult or impossible.
REGULATIONSREGULATIONS
Regulations and LawRegulations and Law
4370. Business Continuity Plans and Emergency Contact Information
High Points:
A. Each firm must have a Business Continuity Plan (BCP)
B. The plan must be updated when there is a material change in the firm’s business model
C. The plan, according to the rule must include the following elements:
D. A senior manager of the firm must approve the plan
E. The firm must disclose the BCP to the public.
F. The firm must keep FINRA apprised of any changes
Critical!
Know your “mission critical systems”
Financial and operational assessment" means a set of written procedures that allow
a member to identify changes in its operational, financial, and credit risk exposures.
10 Elements of a FINRA BCP10 Elements of a FINRA BCP
(1) Data back-up and recovery (hard copy and electronic);
(2) All mission critical systems;
(3) Financial and operational assessments;
(4) Alternate communications between customers and the member;
(5) Alternate communications between the member and its employees;
(6) Alternate physical location of employees;
(7) Critical business constituent, bank, and counter-party impact;
(8) Regulatory reporting;
(9) Communications with regulators; and
(10) How the member will assure customers' prompt access to their funds and securities in the event that the member determines that it is unable to continue its business.
COMPLIANCECOMPLIANCE
Compliance (The Plan)Compliance (The Plan)
Question: What is your plan?
Tailor the BCP to your business model.
Service provider due diligence
Template BCPs are not sufficient.
Devise a test of your BCP. - Think FIRE DRILL!
SUPERVISIONSUPERVISION
SupervisionSupervision
Question: How will you test your plan?
You planned a fire drill. What does it look like?
Frequency - annual testing at a minimum
1. Verbal review with emergency contacts and service providers.
2. Announced BCP drill. Make arrangements with service providers and emergency contacts to actually “work the system.”
Enterprise Risk ManagementEnterprise Risk Management
Think beyond compliance.
Disasters, whether man-made or natural can put you out of business.
Be ready to communicate with customers with confidence.
ENTERPRISE RISK MANAGEMENT
ENTERPRISE RISK MANAGEMENT
Next StepsNext Steps
1. Review Forms BD and ADV Parts 1 and 2
2. Update them if needed.
3. Use the FINRA BCP for small firms and customize it.
4. Put a senior manager on the hook for the BCP.
5. Develop a testing method, follow through and keep records.
6. Tweak the plan where necessary, updating all documents.
Shorepoint FinancialShorepoint Financial
What should they do?
Let’s discuss.
Select ResourcesSelect Resources
1. FINRA BCP Page
http://www.finra.org/Industry/Issues/BusinessContinuity/index.htm
2. Small Introducing Firm Business Continuity Planning Template:
http://www.finra.org/Industry/Issues/BusinessContinuity/p006464
3. National Flood Insurance Programhttps://www.floodsmart.gov/floodsmart/
4. Commercial Flood Coverage
https
://www.floodsmart.gov/floodsmart/pages/commercial_coverage/cc_overvie
w.jsp
5. Centers for Disease Control and Preventionhttp://www.cdc.gov/flu/
Contact InformationContact Information
Stephen Selby, CRCP
Assistant Vice President, Social Media Strategy, Audit & Regulator Relations
Office Phone: (860) 285-7858
Cell Phone: (860) 205-1529
An Online account is just a click away: https://www.limra.com/Request_Access/
LinkedIn Profile: http://www.linkedin.com/in/stephenselby
Follow me on Twitter - http://twitter.com/limra_crs