On August 16, 2013, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations, the Financial Industry Regulatory Authority and the Commodity Futures Trading Commission’s Division of Swap Dealers and Intermediary Oversight jointly issued a staff advisory on business continuity and disaster recovery planning. The SEC, FINRA and CFTC compiled best practices and lessons learned from firms that were impacted by the events surrounding Hurricane Sandy. The staff advisory encourages firms to review their business continuity plans (BCPs) and suggests effective practices in the following areas:
- Preparation for widespread disruption, including remote access capabilities;
- Planning for alternative locations;
- Evaluating the risk of critical vendor relationships and examining whether such vendors have adequate BCPs;
- Telecommunications services and technology;
- Communication plans with customers, other external parties and staff;
- Regulatory and compliance considerations, such as updating BCPs to include new regulatory and self-regulatory organization requirements; and
- BCP reviewing and testing.
The staff advisory is available here.