Hurricane Season: How Does your BCM Program Stack Up?

As Hurricane Harvey touches down on U.S. soil and we hope for the safety of the millions in its path, we encourage all firms, even those outside Harvey’s path of flooding and damaging winds, to consider their BCM readiness for such an event.

Business Continuity Plans are designed to ensure firms have conducted sufficient advance preparation so as to minimize potential harm to clients or investors due to interrupted services. The SEC has made numerous statements regarding the value of BCM plans and have proposed a rule to enhance regulatory safeguards to mitigate these risks to the industry and to investors. Weather is only one of the scenarios in which a Business Continuity scenario may be required; other scenarios include cyber-attack, technology failures, departure of key personnel and other events.

A BCM plan should outline procedures to:

  1. Minimize the impact of the interruption as much as possible
  2. Sustain a minimally acceptable level of services for an extended period of time
  3. Return to normal business activities as quickly as possible

The reality is that in a natural disaster scenario, your personnel and clients in the immediate area of the disaster will have other considerations, most importantly their physical safety and that of their families. The U.S. government provides resources for individuals through www.ready.gov to plan ahead for such events. A BCM plan for your firm that has been thought through, well-vetted and tested can alleviate one component of the logistical stress inherent to an event like Hurricane Harvey, as well as protect your clients and investors.

And because you can’t always predict when a BCM scenario will occur, we recommend asking the following questions proactively, rather than reactively:

  • Are your written policies and procedures outlining BCM plans detailed enough?
  • Are your employees educated on the topic? How confident are you that they would know what to do in a BCM scenario?
  • Have you designated responsible parties for running BCM operations? This includes both owning the policy and running point on the day of an event.
  • Do you know what you would tell employees and clients, when and how you would distribute communications? As part of your BCM plan, you can outline who is responsible for such communications and even keep drafts at the ready.
  • Do you have a list of your critical vendors, and are you comfortable with their BCM procedures? Have you coordinated with them on your plans?
  • If your systems at your primary office location went down, would you be able to provide any services to clients? Is the data backed up?
  • When is the last time you tested your BCM procedures? If not within the last year, we highly encourage that you prioritize this.

In the event (like a hurricane or large storm) where you may have a few days notice, we recommend the following action items:

  • Send out a reminder about the firm’s BCM Plan and what messages employees can expect from the firm
  • Double check that the “call lists” are up to date or the call out system is functioning properly
  • Double check with building management that physical safety protocols are in place and what they’re planning for the event
  • Remind each employee they should have a copy of the BCM Plan at home for reference
  • Remind employees that the firm will inform them about reporting to work after the event is over

Ascendant Compliance Management provides multiple services regarding Business Continuity, covering both working with you to craft policies and procedures, as well as assistance with data loss prevention, cybersecurity and testing. Contact us today to learn more.

Latest Content

Ascendant’s Jason Morton to Speak on RegTech at Strata Data Conference

Alongside technology experts from American Express, Credit Suisse and CIBC, Ascendant’s Jason Morton will speak on developments in regulatory technology at the ‘Fintech Data Day’ at the annual Strata Data Conference on September 26, 2017 in New York. The Strata Data Conference is an annual conference for technology and business professionals who are seeking innovative … Continued

Surprise, Surprise: SEC Conducting Unannounced Exams

The Boston Regional Office of the SEC has recently conducted roughly 20 unannounced visits to registered investment advisers in the region. This fact, confirmed during the recent meeting of the New England Broker-Dealer and Investment Adviser Association (NEBDIAA), is in keeping with the SEC’s renewed focus on a more robust examination program. While onsite, the … Continued

One Phish, Two Phish, Red Phish, Blue Phish: How to Detect and Mitigate Social Engineering and Ransomware Techniques

Ransomware attacks like WannaCry and NotPetya are increasing in both frequency and damage, routinely making headline news with their abilities to bring down networks of established companies. Yet these cyberattacks typically start by compromising the weakest point in your security chain – people – through simple or complex phishing techniques before spreading to other parts … Continued

DOL Fiduciary Rule Transition Period Extension to 2019 Requested

The Secretary of Labor, Alexander Acosta, made a court filing on August 9 requesting the Transition Period and Delay of Applicability for the Department of Labor Fiduciary Rule be extended from January 1, 2018 to July 1, 2019. This court filing included extending the deadlines for the following Prohibited Contract Exemptions: Best Interest Contract Exemption … Continued

SEC Cyber Sweep Highlights Areas In Need of Improvement

The results of the SEC’s second cybersecurity sweep examinations are in, and they paint a picture of an industry that has come to grips with the need to address cybersecurity risk, but where the canvas is incomplete in many respects.

Mailing List

Subscribe to the Ascendant Compliance email list for the latest compliance resources, conferences, ComplianceCasts™, and more.

Loading form...

Contact Us

Ascendant works together with clients to identify and assess critical needs through customized plans. If you need assistance with compliance functions, regulatory services, cybersecurity or technology tools, we’d love to speak with you.