Pages

Wednesday, December 31, 2008

Averting Disaster

(This article is written for Financial Advisors, but the concepts apply to all businesses.)

Business continuity plans are needed to minimize any risks that would disrupt your firm.

Financial Advisor magazine

By David Lawrence

Business continuity plans have taken on greater importance in recent months after a plethora of natural (or unnatural) disasters afflicted many parts of the nation. August and September ... saw several storms rage across various parts of the eastern and southern United States, causing widespread damage, power loss and subsequent business interruptions. Elsewhere, earthquakes, tornadoes, wildfires, flooding, mudslides and other natural phenomena have created havoc for financial advisors and their clients.

Thus, disaster planning is just one important reason to have a business continuity plan. ... Any potential risk to the continued operation of a firm should be covered in a properly prepared plan. A few questions to ask yourself might include: How prepared is your business to reopen within 24 to 48 hours following a natural or man-made disaster or epidemic? What is your anticipated disaster recovery time...? Have you formulated a plan and strategies to limit the risks to your business? Where will your clients and suppliers go during your downtime if your building is destroyed or damaged or if your employees are quarantined and your business unavailable for some length of time? Does your building have emergency lighting or a generator? What features do you have in place to protect paper files in the event of a fire, water damage or theft? What would happen in the event that you could temporarily not work? ...

The objectives of a business continuity plan should be to protect the firm, its employees and clients; to stay in business no matter what; and to protect the interests of the economy and your community.

A business continuity plan should embrace a planning process that includes: • Vulnerability assessment; • Risk identification and quantification; • Risk transfer; • Protection and mitigation; • Business impact analysis in case of the interruption of operations; • A plan to curtail operational and financial risk; • An emergency response in case of an operational or financial upheaval; and • Plans to resume business and to recover and restore the technological and physical infrastructure that supports a firm.

... The disability or death of key employees could prove to be just as devastating to a firm that has not anticipated it with proper succession planning. Inadequate insurance during a disruption could prove to be a huge vulnerability, too. Many firms carry business insurance, but is it enough? And does it cover the appropriate risks? ...

... In April of 2004, the Securities and Exchange Commission (SEC) approved rules proposed by the NASD (now FINRA) and the New York Stock Exchange that required their member firms to establish procedures to handle an emergency or significant business disruption. ... The rule further required member firms to conduct an annual review of their plans and update them whenever the firms made any major changes such as realigning their business structure or operations or changing location. ...

In May of 2006, FINRA ... [stated] that all firms must include ten critical elements specified in the original NASD Rule 3510:

1. The firms must secure data backup and recovery (both in hard copy and electronic form); 2. The firms must secure all mission-critical systems; 3. The firms must make financial and operational assessments; 4. They must create alternative channels of communication between clients and the firm; 5. They must create alternative channels of communications between the firm and its employees; 6. They must be able to remove their employees to another physical location; 7. They must assess the impact of a disaster on critical business constituents, banks and counterparties; 8. They must maintain regulatory reporting; 9. They must maintain communications with regulators; and 10. They must consider how their firms will assure clients’ prompt access to their funds and securities if the firm determines it is unable to continue business.

... Take into account how much it would cost for any of these things:

• To establish and use a temporary alternative location (which requires equipment costs, rent, start-up expenses, etc.); • To route phone calls to new lines, establish Internet/e-mail connections, etc.; • To pay restoration costs (for rebuilding computers, reinstalling software, recovering electronic files, rebuilding destroyed paper files, replacing equipment, furniture and other office items); • To pay temporary employees; • To suffer the loss or disaffection of clients after a perceived violation of trust; or • To possibly fall out of compliance or compromise your security and private client information.

Many stories have surfaced in recent years about violations of privacy. ... Therefore, it is incumbent on all financial advisors to prepare a properly written plan and share it with their clients to alleviate such fears. It is also simply a best business practice. For more information on the current regulations and to obtain a free small firms template, visit www.finra.org/Industry/Issues/BusinessContinuity/.

David L. Lawrence is a practice efficiency consultant and is president of David Lawrence and Associates (DLA), a practice-consulting firm based in Tampa, Fla. DLA publishes a monthly subscription newsletter, The Efficient Practice, which focuses on operational efficiency (www.efficientpractice.com). David is a much-sought-after public speaker on a variety of leadership, financial and technical topics. For details, visit www.davidlawrencespeaks.com.