X hits on this document

66 views

0 shares

0 downloads

0 comments

14 / 36

14

Business Continuity, Homeland Security and Corporate Governance

By Joe D. Whitley

With terrorist threats increasingly frequent and well-publicized, directors and ocers will have a hard time claiming that corporate risk management did not need to include emergency preparedness.

O n a Sunday afternoon in August 2004, Homeland Security Secretary Tom Ridge held a press conference to announce that the alert level on the

Joe D. Whitley

Homeland Security Advisory System had

been raised to “orange,” the second highest level. Unusually specific information from reliable sources, confirmed by multiple intelligence streams, suggested that terrorists were plotting a strike against financial centers in New York City, northern New Jersey, and Washington D.C. Wall Street increased security to unprecedented levels, leaving some to wonder if the police outnumbered the floor traders. Similar measures were taken in Washington, a city already bristling with barriers and patrols.

For companies and executives who are in the bull’s-eye of the terrorist threat, the warning brought home the importance of security and business continuity planning for financial markets.1 For America’s premier financial service providers— the members of the New York Stock Exchange (NYSE) and the National Association of Securities Dealers (NASD)—business continuity (BC) is no longer an option or just the domain of the corporate security department. It is a critical component of corporate governance and market stability.

1

As an aside natural disasters like Katrina and

Rita present very similar concerns to corporations and

businesses.

Self-regulation and Business Continuity

Both the NYSE and the NASD are self- regulating organizations that require compliance with practices, standards, and policies as a prerequisite for membership. In response to 9/11, the NYSE and the NASD began formulating new business continuity requirements for broker-dealer members. Rule 446 for NYSE members and Rules 3510 and 3520 for NASD members address business continuity and contingency planning and are very similar in substance. The new rules recognize that there is no cookie-cutter approach to planning and therefore account for flexibility in business continuity design and implementation. But these rules require that, at a minimum, each firm’s plan contain ten elements:

  • Data back-up and recovery (hard copy and electronic)

  • Mission-critical systems

  • Financial and operational risk assessments

  • Alternate communications between customers and member

  • Alternate communications between the member and employees

  • Alternate physical location of

employees

  • Critical constituent, bank and

counter-party impact

  • Regulatory reporting

  • Communications with regulators

  • A plan to assure customers’ prompt access to their funds and securities in the event that the member determines that it is unable to continue its business elements.

Members of the NYSE and NASD must also publicly disclose the general configuration of their business continuity plan. Pursuant to its statutory authority, the Securities and Exchange Commission approved the NYSE’s and the NASD’s business continuity rules on April 7, 2004.2

At least in concept, forcing business continuity into the open serves as a de facto incentive to take the rules—and homeland security preparedness—seriously. There is an implicit reliance on market forces: it is assumed that if the public can compare business continuity plans, rational consumers will prefer to do business with those members whose plans are the strongest. Equally rational business leaders, in an attempt to capture competitive advantage, will establish robust plans. Considering that e-commerce

  • Securities and Exchange Act Release No. 34-49537

(April 7, 004), 69 FR 19586. April 13, 004. See also NYSE Information Memo 04-4 as well as NASD Notice to members 04-37. May 004

Boardroom Brieng: Business Continuity and Disaster Recovery

Document info
Document views66
Page views66
Page last viewedSun Dec 04 02:27:56 UTC 2016
Pages36
Paragraphs1010
Words15791

Comments