Finance 500, Inc. Business Continuity Plan (BCP)
I. Emergency Contact Persons
Our firm’s two primary emergency contact persons are:
Ann DiGiorgio, Chief Financial Officer, email@example.com (949) 253-4000 ext. 6822
Bryan Bennett, President, firstname.lastname@example.org (949) 253-4000, ext. 6902.
Both individuals operate out of the firm’s Irvine main office.
These names will be updated in the event of a material change, and our Executive Representative will review them and update if necessary annually in January.
II. Firm Policy
Our firm’s policy is to respond to a Significant Business Disruption (SBD) by safeguarding employees’ lives and firm property, making a financial and operational assessment, quickly recovering and resuming operations, protecting all of the firm’s books and records, and allowing our customers to transact business. In the event that we determine we are unable to continue our business, we will assure customers prompt access to their funds and securities. Bryan Bennett has the authority to execute this plan. The plan will be provided to all employees via email and will be stored on the firm’s shared network.
A. Significant Business Disruptions (SBDs)
Our plan anticipates two kinds of SBDs, internal and external. Internal SBDs affect only our firm’s ability to communicate and do business, such as a fire in our building. External SBDs prevent the operation of the securities markets or a number of firms, such as a terrorist attack, an earthquake, or a wide-scale, regional disruption. Our response to an external SBD relies more heavily on other organizations and systems, especially on the capabilities of our clearing firm, RBC Correspondent Services “RBC”.
B. Approval and Execution Authority
Bryan Bennett, President, a registered principal, is responsible for approving the plan and for conducting the required annual review. Bryan Bennett has the authority to execute this BCP.
C. Plan Location and Access
Our firm will maintain copies of its BCP plan and the annual reviews, and the changes that have been made to it for inspection. An electronic copy of our plan is located on the firm’s main shared server.
III. Business Description
Finance 500 is one of the nation’s leading underwriters of Brokered Certificates of Deposit (bank CD’s). The firm has institutional customers only.
Finance 500 has a fully disclosed clearing arrangement with RBC Correspondent Services, a division of RBC Capital Markets LLC.
IV. Office Locations
The Main Office is located at:
Irvine, CA 92618
Toll Free (800) 477-6266
Phone (949) 253-4000
Facsimile (949) 851-5188
Our employees may travel to that office by means of car, train and bus. We engage in order taking and entry at this location.
V. Customers’ Access to Funds and Securities
Our firm does not maintain custody of customers’ funds or securities, which are maintained at our clearing firm. In the event of an internal or external SBD, if telephone service is available, our registered persons will take customer orders or instructions and contact our clearing firms, on their behalf, and if our Web access is available, our firm will post on our Web site that customers may access their funds and securities by contacting the clearing firm directly. The firm will make this information available to customers through its disclosure policy.
If SIPC determines that we are unable to meet our obligations to our customers or if our liabilities exceed our assets in violation of Securities Exchange Act Rule 15c3-1, SIPC may seek to appoint a trustee to disburse our assets to customers. We will assist SIPC and the trustee by providing our books and records identifying customer accounts subject to SIPC regulation.
VI. Data Back-Up, Recovery and Protection
Our firm maintains its primary hard copy books and records and its electronic records at the Main Office in Irvine, CA. .
The firm backs up its electronic records daily on removable media which is taken offsite at scheduled intervals. .
A. Cyber Concerns:
Any type of customer info that can be accessed via branch computer system (i.e. customer account info and order entry) is accessed via a secured encrypted connection. Customer data cannot be accessed unless a username and password is used. All data is stored on the Firm’s server which has firewall protection as well as intrusion detection software that monitors to detect malicious or unapproved activity. In addition, the data stored on servers has software to detect any failed log in attempts.
B. Technology Viruses:
All of the Firm’s systems are protected by the latest antivirus software and definitions as well as malware protection software. The Firm also deploys specialized logic to eliminate potential threats that can come via email by a series of rules and checks various Real-time Black Lists (RBL).
Targeted account intrusions, external/internal system intrusions, denial of service attacks and other cyber attacks:
The Firm has implemented a variety of technologies to battle against threats listed above.
At all given times the Firm has several firewalls deployed that allow very limited access externally and internally.
The Firm also utilizes a DMZ for any server that is publicly accessible.
The Firm has also deployed an intrusion detection system that monitors and analyzes all traffic.
The Firm runs several network monitoring systems that allow IT personnel to check all aspects of the Firm’s network at a glance. The check consists of network utilization analysis, process loads and temperatures. Any activity that falls out of range will immediately generate real-time alerts to IT personnel.
VIII. Financial and Operational Assessments
A. Operational Risk
In the event of an SBD, we will immediately identify what means will permit us to communicate with our customers, employees, critical business constituents, critical banks, critical counter-parties, and regulators. Although the effects of an SBD will determine the means of alternative communication, the communications options we will employ will include our Web site, telephone voice mail, secure e-mail and facsimile. In addition, we will retrieve our key activity records as described in the section above, Data Back-Up and Recovery.
B. Financial and Credit Risk
In the event of an SBD, we will determine the value and liquidity of our investments and other assets to evaluate our ability to continue to fund our operations and remain in capital compliance. We will contact our clearing firm, critical banks, and investors to apprise them of our financial status. If we determine that we may be unable to meet our obligations to those counter-parties or otherwise continue to fund our operations, we will request additional financing from our bank or other credit sources to fulfill our obligations to our customers.
C. Mission Critical Systems
Our firm’s “mission critical systems” are those that ensure prompt and accurate processing of securities transactions, including order taking, entry, execution, comparison, allocation, clearance and settlement of securities transactions, the maintenance of customer accounts, access to customer accounts, and the delivery of funds and securities. The firm’s mission critical systems are its clearing firm RBC.
We have primary responsibility for establishing and maintaining our business relationships with our customers and have sole responsibility for our mission critical functions of order taking, entry and execution. Our clearing firms provide, through contract, the execution, comparison, allocation, clearance and settlement of securities transactions, the maintenance of customer accounts, access to customer accounts, and the delivery of funds and securities. RBC is utilized only for clearing Institutional CD transactions.
Our clearing firm contract provides that they will maintain a business continuity plan and the capacity to execute that plan. Our clearing firm maintains our business and has presented us with an executive summary of their plans. In the event our clearing firm executes its plan, it represents that it will notify us of such execution and provide us equal access to services as its other customers. If we reasonably determine that our clearing firm has not or cannot put its plan in place quickly enough to meet our needs, or is otherwise unable to provide access to such services, our clearing firm represents that it will assist us in seeking services from an alternative source.
Our clearing firm represents that they back up our records at a remote site. Our clearing firm represents that they operates a back-up operating facility in a geographically separate area with the capability to conduct the same volume of business as its primary site. Our clearing firm has also confirmed the effectiveness of their back-up arrangements to recover from a wide scale disruption by testing.
Recovery-time objectives provide concrete goals to plan for and test against. They are not, however, hard and fast deadlines that must be met in every emergency situation, and various external factors surrounding a disruption, such as time of day, scope of disruption, and status of critical infrastructure— particularly telecommunications—can affect actual recovery times. Recovery refers to the restoration of clearing and settlement activities after a wide-scale disruption; resumption refers to the capacity to accept and process new transactions and payments after a wide-scale disruption.
RBC maintains each primary computer center with a corresponding back-up/disaster recovery site that is established away from the RBC’s primary facilities. RBC’s computer centers are equipped with stand- alone electrical power and cooling capabilities sufficient to run for several weeks without relying on utility power. In an effort to ensure that applications are restored within a period of time acceptable to the business, applications have been prioritized, and their recovery requirements are based off of that prioritization.
Our firm relies, by contract, on our clearing firm RBC to provide order execution, order comparison, order allocation, and the maintenance of customer accounts, delivery of funds and securities, and access to customer accounts.
IX. Alternate Communications Between the Firm and Customers, Employees, and Regulators
We communicate with our customers using the telephone, e-mail, our Web site, fax, U.S. mail, and in person visits at our firm or at the other’s location. In the event of an SBD, we will assess which means of communication are still available to us, and use the means closest in speed and form (written or oral) to the means that we have used in the past to communicate with the other party. For example, if we have communicated with a party by e-mail but the Internet is unavailable, we will call them on the telephone and follow up where a record is needed with paper copy in the U.S. mail.
We communicate with our employees using the telephone, e-mail, facsimile and in person. In the event of an SBD, we will assess which means of communication are still available to us, and use the means closest in speed and form (written or oral) to the means that we have used in the past to communicate with the other party. We will also employ a call tree so that senior management can reach all employees quickly during an SBD.
We are currently members of the following SROs: FINRA, MSRB and the SEC. We communicate with our regulators using the telephone, e-mail, fax, U.S. mail, and in person. In the event of an SBD, we will assess which means of communication are still available to us, and use the means closest in speed and form (written or oral) to the means that we have used in the past to communicate with the other party.
X. Critical Business Constituents, Banks, and Counter-Parties
A. Business constituents
We have contacted our critical business constituents (businesses with which we have an ongoing commercial relationship in support of our operating activities, such as vendors providing us critical services), and determined the extent to which we can continue our business relationship with them in light of the internal or external SBD. We will quickly establish alternative arrangements if a business constituent can no longer provide the needed goods or services when we need them because of a SBD to them or our firm. The firm’s main critical business providers are the clearing firm RBC Correspondent Services.
We have contacted our critical counter-parties, such as other broker-dealers or institutional customers, to determine if we will be able to carry out our transactions with them in light of the internal or external SBD. Where the transactions cannot be completed, we will work with our clearing firm or contact those counter- parties directly to make alternative arrangements to complete those transactions as soon as possible.
XI. Regulatory Reporting
Our firm is subject to regulation by: FINRA, Securities and Exchange Commission, and the state securities divisions of the states that the firm is registered in. We now file reports with our regulators using paper copies in the U.S. mail, and electronically using fax, e-mail, and the Internet. In the event of an SBD, we will check with the SEC, FINRA, and other regulators to determine which means of filing are still available to us, and use the means closest in speed and form (written or oral) to our previous filing
method. In the event that we cannot contact our regulators, we will continue to file required reports using the communication means available to us.
The following is a list the regulatory agencies that oversee Finance 500, Inc.
FINRA District 2, Los Angeles
300 South Grand Avenue, Suite 1600 Los Angeles, CA 90071
Securities and Exchange Commission
Pacific Regional Office
444 South Flower Street #900 Los Angeles, CA 90071
e-mail: email@example.com www.sec.gov
Please visit the following URL for a list of state securities agencies contact information: www.nasaa.org.
XII. Updates and Annual Review
Our firm will update this plan whenever we have a material change to our operations, structure, business or location or to those of our clearing firm. In addition, our firm will review this BCP annually, in January of each year, to modify it for any changes in our operations, structure, business, or location or those of our clearing firm. We will update any changes as they become necessary.