Reading time: 8 – 12 minutes
An industrial company can have its factories destroyed by fire or war and still recover. However a financial institution rarely can survive the complete destruction of its records.
Destruction of industrial plants, Hessen, Germany, World War II
A large financial institutions has so many records and its accounting activity is so intense, that it would be extremely costly, in time and money, to reconstruct such records, even should the original documents still exist.
On a scale of one to one thousand, the accounting-intensity of a typical industrial operation might be 10, while a commercial bank might be on the order of 100.
However, on the same scale, an active broker-dealer with custodial accounts might have accounting activity on the order of one thousand.
Institutional survival
There are three problems that must be overcome for a broker-dealer to survive destruction of its books and records:
- A source of information: Accounting records cannot be created out of thin air. When all information about the activities of a financial institution has been destroyed, there will be no way to recover.
- Timely recover: Even when documents exist that permit the reconstitution of accounting records, the time it takes to recreate such records is probably too great for the institution to continue in business. If it takes one year to recreate accounting records, the firm is unlikely to be able to stave off bankruptcy for so long, nor are clients likely to stay with the firm after having been denied access to their assets for a year.
Fire can destroy records, making recovery impossible.
- Cost of recovery: Finally, because of the intensity of accounting activity in a broker-dealer, even if information has been preserved that permits recovery, the cost of this work could be so high that an institution, already stressed and without current income, might not survive.
Every broker-dealer, without exception, should have a thorough, detailed disaster recovery plan and this plan must be implemented and constantly audited.
Bad news for investors
Nick Benvenuto of Protiviti Inc in the October 2004 issue of DM Review Magazine, describes the situation post-nine-eleven, based on a NASD survey of broker-dealers:
The NASD surveyed 150 randomly selected member firms and 120 of its largest members to ascertain their ability to respond to such significant disruptions. The association noted that some of the results were encouraging, while others raised concerns.
Among the key findings from the NASD surveys were:
To protect clients, broker-dealers need to have and implement effective disaster recovery plans.
Fewer than half of the randomly selected firms and three-fourths of larger firms had backup facilities in place that had the capacity to handle the same volume of trading as the primary facility. Nearly all member firms performed daily or weekly backup of records.
Nearly 85 percent of larger firms had backup systems to accommodate investor communications, but fewer than half maintained such systems.
The survey suggests that a large share of companies had voluntary continuity planning programs in place, but had not developed or matured some of the more essential steps.
On April 7, 2004, the SEC approved NASD Rules 3510 and 3520 and NYSE Rule 446, which require their respective members to create and maintain business continuity plans.
In other words, all the government has done is to require broker-dealers to “have a business continuity plan” and update this plan yearly.
It does not require that the plan be implemented, or that, if implemented, the plan be independently audited and reported to customers.
The right mindset
It is doubtful that a broker-dealer with top management focused on short-term proprietary trading profits and their own multi-million dollar bonuses will give much thought to a costly, disaster recovery plan that, in the short-run, only serves to reduce company profits.
Japanese troops entering Singapore in February 1942
When I was a management trainee with Citibank in the 1950s, a time when the bank focused on internal controls and client safety, the story circulated of the bank manager in Singapore who, fifteen years earlier, had put the bank records in the back of his car and got out of town, just as the Japanese troops were entering the city in 1942.
Citibankers proudly told of how this legendary manager was able to set up the bank for business and how clients had their accounts intact on the day the Singapore branch reopened at the end of the war.
I tell this story to indicate the kind of management mindset that is necessary to fully protect the assets of clients and that no longer exists in large investment banks today.
The elements of disaster recovery
Financial institutions that take disaster recovery seriously will have at least the following measures implemented:
Iron Mountain: An example of offsite records storage.
- Daily backup of records: Books and records should be backed-up at least daily and stored in a format that can readily be used to continue operations in an emergency.
- Offsite record storage: Backup records should be stored in a location that is separate and distant from the normal operation sites of the financial institution. For example, if an atomic bomb were to fall on New York City, backup records should be stored in a far distant location, like, say, under a mountain in Montana.
- High security for offsite records: The location of offsite record storage should be protected and secure. Protection should take into consider risks such as fire, flood, earthquake, atomic warfare, and electromagnetic pulse (EMP). The site should be strongly guarded and access limited and monitored.
- Offsite recovery data center: When disaster hits the main data center of an institution, both records and equipment may be destroyed. In order to continue operations, the institution should have access to a backup data center that can immediately hook up to the backup records so as to permit immediate continuity of operations.
- Backup recovery staff: To continue operations, an institution needs not only backup records and a recovery data center, but also a backup staff to run the center. The regular operations staff may have been killed or incapacitated by the disaster. The recovery staff should be trained to respond in such emergencies, being on call from the regular duties in case of a disaster.
Successful implementation of such programs requires dedication of top management, seriousness of purpose, and willingness and ability to expend the resources needed to accomplish the task.
Elements of cybersecurity
The fact that almost all broker-dealer records are now in digital form and that many brokers allow clients direct access to their accounts via the Internet, introduces a significant new risk into the system.
Part One: 60 Minutes: Cyber Attack
Without the highest level of cyber security, your account with a broker-dealer is vulnerable to cyber attack and perhaps irretrievable loss of your life savings.
Perpetrators of cyber attacks are of all types: recreational hackers, disgruntled employees, criminals, terrorists, and foreign governments. Only the most sophisticated systems can resist such attacks.
There are many means of entry into a system. Trojans and backdoors may be implanted in software and computer hardware. This may be done in-house or at a foreign manufacturer. Damaging code may lay in wait for years to be triggered during a future cyber war.
An employee with a grievance against the bank may enter malicious code into the system. A careless human resource department, lax in background checks, may hire a terrorist, posing as a computer specialist.
Part Two: 60 Minutes: Cyber Attack
Safety is expensive
Effective cyber security for a major financial institution is extremely expensive.
- Employees must be screened and have through background checks.
- Software should be either developed in-house or only under conditions that afford complete assurance of integrity.
- Internal security audits and systems must be highly sophisticated and always up-to-date.
- Computer equipment should be acquire only from thoroughly reliable sources.
- Backup files and systems should be isolated and distinct from main systems so that bad code and malicious chips do not effect attempts at recovery.
In cyber security, paranoia is a virtue. If management is determined to limit expenditures or willing to accept a certain level of risk, the system is not safe.
Unfortunately, clients have no way of knowing how safe an institutions is against cyber attack — until it is too late.
However, an institution that informs clients of measures being taken and its awareness of the problem — without compromising security — at least indicates concern and attention to the matter. An investment bank that does not tell clients of its plans for disaster recovery and cyber security may be indicating that its systems are indeed weak.
Your comments
Please help other readers by correcting or expanding on this article.
Popular Articles