Rule 446. Business Continuity and Contingency Plans
This rule is no longer applicable effective November 11, 2008.
(a) Members and member organizations must develop and maintain a written business continuity and contingency plan establishing procedures relating to an emergency or significant business disruption. Such procedures must be reasonably designed to enable members and member organizations to meet their existing obligations to customers. In addition, such procedures must address their existing relationships with other broker-dealers, and counter-parties. Members and member organizations must make such plan available to the Exchange upon request.
(b) Members and member organizations must conduct, at a minimum, a yearly review of their business continuity and contingency plan to determine whether any modifications are necessary in light of changes to the member's or member organization's operations, structure, business or location. In the event of a material change to a member's or member organization's operations, structure, business or location, the member or member organization must promptly update its business continuity and contingency plan.
(c) The elements that comprise a business continuity and contingency plan shall be tailored to the size and needs of a member or member organization. Each plan, however, must, at a minimum, address, if applicable:
(1) books and records back-up and recovery (hard copy and electronic);
(2) identification of all mission critical systems and back-up for such systems;
(3) financial and operational risk assessments;
(4) alternate communications between customers and the firm;
(5) alternate communications between the firm and its employees;
(6) alternate physical location of employees;
(7) critical business constituent, bank and counter-party impact;
(8) regulatory reporting;
(9) communications with regulators; and
(10) how the member or member organization will assure customers prompt access to their funds and securities in the event the member or member organization determines it is unable to continue its business.
To the extent that any of the above items is not applicable, the member's or member organization's business continuity and contingency plan must specify the item(s) and state the rationale for not including each such item(s) in its plan. If a member or member organization relies on another entity for any of the above-listed categories or any mission critical system, the member's or member organization's business continuity and contingency plan must address this relationship.
(d) Each member or member organization must disclose to its customers how its business continuity and contingency plan addresses the possibility of a future significant business disruption and how the member or member organization plans to respond to events of varying scope. At a minimum, such disclosure must be made in writing to customers at account opening, posted on the Internet website of the member or member organization (if applicable) and mailed to customers upon request.
(e) The term "mission critical system," for purposes of this Rule, means any system that is necessary, depending on the nature of a member's or member organization's business, to ensure prompt and accurate processing of securities transactions, including order taking, entry, execution, comparison, allocation, clearance and settlement of securities transactions, the maintenance of customer accounts, access to customer accounts and the delivery of funds and securities.
(f) The term "financial and operational risk assessments," for purposes of this Rule, means a set of written procedures that allow members and member organizations to identify changes in their operational, financial, and credit risk exposure.
(g) Members and member organizations must designate a senior officer, as defined in Rule 351(e), to approve the Plan, who shall also be responsible for the required annual review, as well as an Emergency Contact Person(s). Such individuals must be identified to the Exchange (by name, title, mailing address, e-mail address, telephone number, and facsimile number). Prompt notification must be given to the Exchange of any change in such designations.
|
Adopted: April 7, 2004 (NYSE-2002-35). Amended: Deleted by SR-FINRA-2008-036 eff. Nov. 11, 2008. Selected Notice: 08-64. |