Eventually, We Have to Go Back – BCP Post-Mortem

We don’t know when, but at some point we will have to put on shoes, get a haircut and return to the office. As compliance professionals, we are trained to look ahead and should be planning our action steps for when we return.

Gather Firm Records and Other Property. You should have a good sense of any records removed from the office, as well as any new records generated by your employees while working remotely.  Obviously, this is a bigger challenge if your firm is traditionally paper-intensive. Further, determine if there are any electronic records that have been created and stored on an employee’s personal computer or email account. We suggest a review of your records retention policy to identify required records and their location throughout the cycle.

With respect to other property, such as computers, monitors and other hardware, determine whether such items were inventoried prior to being deployed and ensure that they are checked back in. Consider an attestation for employees to certify that all firm records and property have been returned.

Conduct a Post-Mortem Review of the BCP. Firms of all sizes quickly implemented a work from home model with little time to plan. Even if your business continuity plan contemplated a pandemic response, it’s never been deployed like it is now. Gather representation from across the organization and assess what worked, what didn’t and what changes should be made to the BCP. Some things to consider:

From this review, identify and prioritize your action items.  Finally, consider engaging a third-party to update your BCP or provide an independent post-mortem review.

Review Policies and Procedures. Chances are you bent a policy or modified a procedure or two while the team was working remotely. Review your policies and procedures to identify those exceptions and make sure that they are properly documented, as well as any effort to mitigate the impact of the exception. It’s also likely that you found a better way of doing some things that you may want to keep doing, or that ongoing social distancing requirements will continue to impact your business. To the extent that you modify your policies and procedures going forward, make sure you memorialize those changes and note their effective date.

Let CSS’s team of compliance and regulatory experts assist in developing and updating business continuity and cybersecurity plans. Email us at: info@cssregtech.com for an assessment and retrospective on your firm’s current BCP plan.


Subscribe to CSS Blog

CSS frequently publishes blog posts which are written by our team from their observations in the field, at conferences and through experiences with compliance professionals. These posts are designed to further knowledge and share industry best practices. Topics run the gamut, including Form ADV, cybersecurity, MiFID II, position limit monitoring, technology challenges and more. Complete and submit the brief form below to receive notifications when we publish new content.

Latest Content

From One CCO to Another: Don’t Lie to the SEC

Every once in a while, I think it’s important to get back to the basics. Since the adoption of the compliance rules in 2004, the Securities and Exchange Commission staff has repeatedly stated that the intent of the rules were not to hunt CCOs. Great pains have been made to enlist CCOs support in ensuring … Continued

BME Partners with CSS to Strengthen its Regulatory Service Suite

BME to offer financial services firms in Spain and Portugal a multi-regulation reporting platform Partnership brings a unique combination of local market presence and global coverage BME has partnered with Compliance Solutions Strategies (CSS), a leading RegTech platform provider, to offer a global regulatory reporting solution in Spain and Portugal. The combination of BME’s local … Continued

Compliance Solutions Strategies Acquires AMFINE

Combination Creates First Fully End-To-End Compliance Reporting Platform NEW YORK, September 10, 2020 – Compliance Solutions Strategies (“CSS”), a leading RegTech platform providing technology-driven solutions which enable financial services firms to meet mandatory regulatory compliance requirements, today announced the acquisition of AMFINE (“AMFINE”), a provider of SaaS-based regulatory reporting services to European asset managers, asset … Continued