SEC, CFTC and FINRA Demand Upgraded BCP/DR
The SEC’s Office of Compliance Inspections and Examinations has joined with the CFTC and FINRA to issue a joint statement advising firms to enhance their business continuity plans and disaster recovery procedures. The joint advises the following: (i) use back-up facilities outside the same geographic region; (ii) ensure that staff has transportation to offsite back-up facilities; (iii) assess staffing for critical functions; (iv) examine the generator capacity at the alternative site; (v) ensure vendors have adequate BCPs; (vi) engage multiple telecommunications vendors to ensure redundancy; (vii) provide contact information to customers; (ix) plan for time-sensitive regulatory information; (x) conduct BCP tests; and (xi) train employees. The guidance arose from inquiries made after Hurricane Sandy.
OUR TAKE: In other words, the regulators don’t care if you were hit with a storm, flood, power outage, military action, or the Four Horsemen of the Apocalypse, because you should have thought of every contingency in your BCP.