Business Continuity Strategy: 3 Events To Plan For

By Sarah Sutton

Represents the many FINRA regulations

Business Continuity Plans (BCPs) are put in place so that your firm can provide critical business functions to your clients and employees during service outages.  Having a continuity strategy in pace ahead of time will help ensure the safety of your employees, continuity of your business and uninterrupted service to your clients.

Disasters can come in many forms and with varying risk levels, from extended outages, unusable workspace, cybersecurity attacks or unexpected loss of a key team member. When your firm is faced with a disruptive event, a strong, tailored Business Continuity Plan is a necessity that you will be relieved to have in place.

While it is impossible to plan for every event, there are common vulnerabilities that you can identify and plan for. 

Natural Disasters – The Physical Work Space

Pandemics, power outages, fire and flooding are just a few examples of situations that can make your office inaccessible. With your office structure and locations, can you easily set up a working environment for your employees elsewhere?  Are your records safe? Can your clients reach you and still receive critical services from you? Physical working space is an important consideration in any well-defined Business Continuity Plan, but one that is often overlooked or not thought through. In addition to plans to continue operations, consider how you will notify your employees and customers. Who will make these decisions? Who will disseminate the information, and how?


Cybersecurity attacks continue at great monetary and reputational cost. You should have a plan to mitigate and manage external and internal cybersecurity risks as well as recovery strategy. From ineffective passwords, theft, malicious misuse of information or a targeted attack, a strong cybersecurity policy and regular training can help. When policies aren’t enough, have a plan of action that includes a process for quick notification, containment of the situation and steps to notify appropriate agencies. Other points to consider:

  • Do you have the right technology partner and platforms to provide the support needed in the event of a cyber breach?
  • Are your cybersecurity policies strong, up to date and understood by your employees?
  • Are you testing often enough?

Additional Cybersecurity Resources

Cybersecurity: Tactics for Mitigating Internal and External Threats

Cyber Risk Management: Insights for CCOs

5 Key Cybersecurity Measures to Protect Your Firm

Loss of Key Person

These plans require specific analysis, time to develop, and will change over time. Considering Key Person replacement is a constantly evolving piece of a Business Continuity Plan. Key Person replacement plans should be revisited annually to ensure your plan is still effective, reasonable and attainable These decisions should be made with careful consideration—not in a time of crisis.

Business Continuity and Disaster Recovery Plans

Oyster professionals have first-hand experience as firm leaders in business continuity management, business continuity plan design, development and implementation, incident/event management, technology infrastructure resilience and recovery, and operations management. Oyster can provide a risk assessment to identify your vulnerabilities, help identify and prioritize activities, and mitigate the impacts of business disruptions. Oyster understands how to help identify and prioritize critical activities and deliver testing plans to mitigate the impacts of business disruptions. Our solutions are practical and tailored to your firm’s business model.

About The Author
Photo of Sarah Sutton

Sarah Sutton

Sarah Sutton has over 20 years of experience in the financial services industry on both the revenue and compliance sides of the business. Her expertise includes compliance supervision, leading firm and regulatory examinations, regional and retail branch management, brokerage and clearing operations, developing and implementing advisor best practices along with technology training, financial planning delivery and implementation, advisor and firm transition management to new firms and channels, and project management for advisor and client solutions.