Guide to Business Continuity Planning for Investment Firms

Cyberattacks and natural disasters can throw an investment firm for a loop, but we want to put the power back into your hands.

A business continuity plan (BCP) can help investment firms identify cybersecurity risks before they happen. The best BCP is far more than just a disaster recovery strategy. It’s a comprehensive game plan to create real-world contingencies for every business process, from human resources to business assets. That’s why we created this robust business continuity checklist to help get your firm up and running.

Business Continuity Plan Checklist

Creating a checklist for writing a BCP is almost as important as creating the plan itself — your strategy must be comprehensive.

Consider these six key areas when writing a BCP checklist:

1. Regulatory review: Start with the basics and find out what you need to do to stay compliant with the U.S. Securities and Exchange Commission (SEC). You can begin with Rule 206(4)-4 so that you have a baseline for what you need to do to stay compliant.
2. Business Impacts Analysis (BIA): Consider what each component of your business will cost in an emergency, such as the loss of cash flow and cost of replacing equipment. Calculate each of these factors and start saving for these funds in advance.
3. Strategy and plan development: The Financial Industry Regulatory Authority (FINRA) has specific guidelines for crisis plans for investment firms. Examples include how customers will access their funds, alternate physical locations for employees, and the impact on banks and constituents.
4. Incident Response Plan: This procedure should have carefully written instructions for specific employees on how to carry out their duties in a crisis. Assume their managers won’t be available to provide guidance and ensure everyone’s plans sync up to keep the organization going.
5. Plan testing phase and maintenance: In this step, you should pick specific employees within each department to handle communications. Plan for emergencies where you still have internet access with an automated mass notification system and for situations where you must use other contact methods when power is down.
6. Recovery Status Updates: After the disaster, create a communication plan with milestones to provide consistent updates as you move through recovery. This map can be especially helpful for calming stakeholders’ concerns.

Start Today, Protect Tomorrow

Do you want peace of mind that your data will be safe? We’ve worked through disaster recovery and business continuity plans before and will have your back when the going gets tough. Connect with our IT and cybersecurity teams today. Learn more about our cybersecurity consulting services here.

Give us a ring at 877.780.2446, or send us a message by filling out a quick and convenient contact form today.