Post Top Ad

Your Ad Spot

Tuesday, October 31, 2017

Five Tips for Reviewing Firm Disaster Recovery

By Cory Roberson, Principal at RIA Review and RIA Consults
The last few months provided a real test in disaster recovery measures for some firms located in communities surrounding Houston, Southern Florida, and Northern California areas.  And then, while combined with recent cybersecurity breaches, other advisors across the country experienced more risks to their practices.  SEC compliance

Step 1:  Establish a plan/template
Determine key components of the plan. 
Map office locations for testing, training, and implementing the plan.
Plan communications methods, types, and alternatives.
Prepare an operation manual that addresses emergencies.

Step 2: Establish the team
Assign one leader (and a co-leader if necessary) who understands the critical tasks, logistics, and risks of the firm. 
Delegate roles/responsibilities for the team. 
Maintain procedures in case a team member is unable to fulfill his/her obligations.  This can also be another firm/advisor if you are a sole practitioner with no staff. 
Step 3:  Critical Business Systems/Vendors
Describe essential services (e.g. trading).
Maintain a list of key vendors/business services (e.g. custodian, banks, prime brokers, IT).
Prepare supplies (e.g. emergency first aid kit, food).

Step 4:  Risk Assessment  
Identify risk areas/mitigation processes for Standard Business Disruptions (SBD’s):

Fire: “In the event of a fire, the firm may be unable to use the office and will meet at this location….”

Hurricane: “In the event of a hurricane, the firm may be unable to use all offices, phones, and other standard methods of communication.   We will mitigate this risk through……”
Data Breaches: “In the event of a cybersecurity attack, our firm will….”

Step 5:  Update and/or test with team once a year.

Review the firms business continuity documentation at least annually for making changes. 

**Note: We will develop a Preparedness checklist to help firms to better plan, test, and update disaster recovery measures.  This will be available in our compliance management software for paid users.  State or call us at: 650-305-2688.

Our Mission: “Serving the Investment Community to Make a Social Impact”


FIN Compliance ( is a consortium of compliance services including: RIA Consults-Roberson Consults Group, a compliance consulting firm, RIA Review, a compliance-management software tool (SaaS), RegTech Products is a product notification portal for product offerings in financial service markets.

Business Listings

FIN Community ( is a business listing and network for providers in the Financial Services, FinTech, RegTech, Crypto and Blockchain communities.  We believe in supporting the gig economy through building business opportunities.


SoCap Missions ( provides business support group sessions.  In addition, Cory has volunteered for more than fifteen youth programs in locations such as like S. Korea, China, S. Africa, Thailand, and India.

No comments:

Post a Comment

Post Top Ad

Your Ad Spot