MorningstarAdvisor.com Archive: There are tools aplenty that advisors can use to keep things running amid a crisis.
In May of this year, Rick Kahler, CFP, president and founder of Kahler Financial Group in Rapid City, S.D., experienced an interruption to his business that every advisor fears. His primary server for nearly all of the firm's services failed, taking out all server-based programs and applications, e-mail, and Internet access. The phone system and the photocopier were the only functional pieces of equipment in the firm for four days.
Through daily updates to Kahler's blog, Financial Awakenings, he chronicled the firm's progress to restore business operations to normal, a process that took nearly 10 days. At the time of the failure, Kahler Financial Group was already testing a migration of its local server to a virtual server supported by an outside IT provider and noted the irony on his blog, writing, "One of the main reasons for going to a virtual server is to prevent what has just happened to us from happening!"
September marks National Preparedness Month supported by the Federal Emergency Management Agency, which makes disaster preparedness resources available at the Ready.gov website. The Ready Business page highlights the following three steps in planning for business continuity and crisis management in the event of a disaster:
* Plan to Stay In Business
* Talk to Your People
* Protect Your Investment
Catastrophic system failures, such as Kahler Financial Group's server crash, and disasters, either man-made or natural, present real risks to the business continuity of wealth-management practices. At a minimum, the SEC requires that all registered investment advisors address business-continuity plans in their written policies and procedures. FINRA rules require member firms to maintain a written business-continuity plan and to conduct an assessment of the plan at least annually.
While regulations don't provide specific elements that need to be included in a business-continuity plan, they do require that plans account for the timely resumption of critical hardware and software systems, backup and recovery of electronic and paper-based information, and alternate arrangements to contact employees and clients of the firm.
Christopher Winn, Managing Principal of Advisor Assist, a Marshfield, Mass.-based compliance consulting firm, advises clients to avoid using template plans sold by third parties that contain boilerplate language. Such plans, he says, are an open invitation for negative comments or even deficiency notices from regulators.
Instead, Winn recommends that advisors think through all of the processes and technology required to run the business in the event of a disruption. He poses the following questions to assess the adequacy of a business continuity plan:
* Do advisors need to sit in the primary office and be present in order to work, or has the firm embraced Internet-based cloud services that can be accessed from anywhere?
* What happens when the firm's hardware systems are inaccessible? How is client data accessed if a server is offline? How is security trading conducted? How are phone calls from clients answered if the phone system is down?
* How is the privacy and security of client data addressed when operating from an alternate location?
Winn also suggests that firms separate continuity plans into two functional sections. The most important section is what he calls "day one" functions, which include all processes that must be restored no later than the end of the first day of a business interruption. According to Winn, day one functions include restoring essential hardware and software systems, executing securities trading and journal requests, and establishing communication with clients and employees.