Wall Street pressed on disaster plans

Brokerages and other financial services firms are facing increased pressure from the federal government and regulators within the industry itself to clearly define and test their IT disaster recovery plans.

Wall Street firms are also being being pushed to consider moving their backup data centers farther away from their primary computing facilities, according to IT managers.

Steve Randich, CIO at Nasdaq Stock Market Inc. in New York, last week said that a combination of "peer pressure and regulatory pressure" is prodding companies to ensure that their systems will keep running if a disaster occurs.

For example, the U.S. Securities and Exchange Commission last month approved rules proposed by the National Association of Securities Dealers Inc. and New York Stock Exchange Inc. that require firms to submit business continuity plans detailing how they will provide ongoing access to systems during an emergency. The plans are due by Aug. 5 for NYSE members. The NASD set deadlines of Aug. 11 for firms that clear stock trades and Sept. 10 for brokerages that initiate transactions.

In addition, the Securities Industry Association next week plans to conduct a business continuity tabletop exercise in conjunction with the Bond Market Association. The SIA said government regulators will be present at the event, in which participants will walk through the process of responding to an emergency and coordinate their disaster recovery plans.

Nasdaq announced two weeks ago that it had run tests at its two data centers to check the disaster recovery capabilities of member companies. The tests involved more than 50 brokerages and were conducted at the exchange's primary data center in Connecticut in February and at its backup facility in Maryland last month.

"It's not that the regulators are mandating to see test results, although internal and external auditors and the SEC have collected records on the outcome of our tests," Randich said. "It's just short of a mandate, but that's enough to encourage people to ensure this all works seamlessly."

Randich said there was no system downtime at Nasdaq or the participating firms during the tests. "What we didn't know for certain was our market participants' ability to run (transactions) out of their backup sites," he said. "This was the first time outside of a disaster scenario where we were able to validate that their operations were good."

Peter Poulos, director and head of the business continuity group for the Americas at Credit Suisse First Boston LLC in New York, said he thinks "every major securities firm on the Street" is facing the challenge of showing that its disaster recovery strategies are in order.

Poulos, who is also chairman of the SIA's Business Continuity Planning Committee, said Credit Suisse's systems worked smoothly during Nasdaq's tests. But its disaster recovery plan still has some kinks that need to be worked out, he added. Poulos wouldn't disclose further details but noted that more pressure is being put on firms to increase the resiliency of their systems beyond the capabilities they have already built.

Large financial services firms also face an April 2006 deadline for meeting new federal guidelines on increased resiliency for trade clearance and settlement activities. The SEC, the Federal Reserve Board and the U.S. Treasury Department's Office of the Comptroller of the Currency set the guidelines in a white paper last spring.

Complying with the guidelines "means having people in place at another location that's not in a commutable distance to the primary site," Poulos said. Many firms may move their backup data centers to other parts of the New York metropolitan area or to more remote locations, he added.

Howard Sprow, director of business continuity planning at the SIA, said the new rules shouldn't have a big impact on large firms that have been improving their disaster recovery architectures since the Sept. 11, 2001, terrorist attacks. The NASD and NYSE are simply looking to "formalize the process," he said.

"All the firms have robust backup sites that are some distance from their primary sites," Sprow noted. "But they are looking at ways to add additional sites or to increase the separation."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Credit SuisseCredit Suisse First BostonNYSESECSecurities and Exchange CommissionSecurities DealersSecurities Industry AssociationSIAWall Street

Show Comments