BUSINESS CONTINUITY PLAN – updated September 9, 2020
BACKGROUND
While it is recognized it is not possible to create a plan to handle every possible eventuality, it is the intent of BBFA to set up a framework to be used in the most likely of scenarios. It is also the intent that this framework provide guidance as to how to respond should an unforeseen situation occur.
BBFA believes that an adviser's fiduciary obligation to its clients includes the obligation to take steps to protect the clients' interests from being placed at risk as a result of BBFA’s inability to provide advisory services after, for example, a natural disaster or, in the case of some smaller firms, the death of the owner or key personnel. The clients of an adviser that is engaged in the active management of their assets would ordinarily be placed at risk if the adviser ceased operations.
BUSINESS DESCRIPTION
BBFA conducts business in equity, fixed income, and other securities; it does not hold customer funds or securities. Transactions are sent to a brokerage firm, which executes its orders, compares them, allocates them, clears and settles them. The custodian maintains its clients’ accounts, grants clients access to them, and delivers funds and securities.
EMERGENCY INFORMATION
FIRM CONTACT PERSONS
BBFA’s two emergency contact persons are:
|
Contact Name |
Phone |
|
Relationship |
|
Deirdre Torres |
(805) 235-4857 |
Chief Compliance Officer; Chief Operating Officer |
|
|
Craig Darnell |
(805) 459-0688 |
Chief Investment Officer |
SUPPORT SERVICES
In the event of an emergency, the following is a list of support services and the methods by which they may be contacted:
- Emergency Services (EMS): 911
- Fire Department: (805) 781-7380
- Police Department: (805) 781-7317
- Internet Service Provider: Digital West - (805) 781-9378 – info@digitalwest.com
- Data Backup Provider: Clever Ducks – (805) 543-1930 – service@cleverducks.com
|
Service Provider |
Company Name |
Contact Name |
Phone |
|
|
Accountant |
Mary K. Pagel, CPA |
Mary Pagel |
(805) 543-5034 |
|
|
Computer technician |
Clever Ducks |
|
(805) 543-1930 |
|
Alternative firm contact in case of death of Key Personnel |
Sam Blakeslee |
(805) 543-4366 |
This information will be updated in the event of a material change, and BBFA’s CCO will review the plan on an annual basis.
FIRM POLICY
BBFA’s policy is to respond to a Significant Business Disruption (SBD) by safeguarding employees’ lives and firm property, making a financial and operational assessment, quickly recovering and resuming operations, protecting the firm’s books and records, and allowing its clients to transact business.
In the event that the CCO determines it is unable to continue its business, it will assure clients prompt access to their funds and securities.
SIGNIFICANT BUSINESS DISRUPTIONS (SBDS)
BBFA’s plan anticipates two kinds of SBDs, internal and external. Internal SBDs affect only BBFA’s ability to communicate and do business, such as a fire in its building or the death of a key member of the firm. External SBDs prevent the operation of the securities markets or a number of firms, such as a terrorist attack, a city flood, or a wide-scale, regional disruption.
BBFA’s response to an external SBD relies more heavily on other organizations and systems, such as the brokerage firm(s) and Internet Service Providers it uses.
PANDEMICS, EPIDEMICS, & OUTBREAKS
BBFA recognizes that pandemics, epidemics, and other types of outbreaks constitute business disruptions of a special nature. These situations impact not only BBFA as a company, but also its personnel, clients, and vendors. Accordingly, BBFA intends to implement the following procedures during such a situation.
GENERAL BUSINESS OPERATIONS
Promptly, and then intermittently thereafter, the CCO will conduct a high-level assessment of the situation’s impact on business and operations. Specifically, the CCO will identify and address:
INFORMATION SECURITY & REMOTE OPERATIONS
The CCO will also alert personnel to the increase likelihood of phishing attempts and client impersonation schemes related to the situation. For example, bad actors may target individual staff members with requests for wire transfers posing as a client, emails related to state or federal work from home updates, changes to healthcare benefits, changes in information security policy related to working from home, software required to install on computers in order to work from home, the latest epidemic statistics, or even discounted offers on items in short supply. Accordingly, the firm will refer personnel to BBFA’s cybersecurity best practices and ensure that those practices are up to date.
If necessary, the CCO will also provide training for its personnel to address (i) potential information security issues commonly associated with remote work and (ii) the importance of protecting non-public client information at all times. In particular, advisory personnel are instructed to:
-
- access the internet only via a virtual private network ("VPN")
- use either a secure Wi-Fi connection or personal hotspot
- refrain using public Wi-Fi networks under all circumstance, which are vulnerable to exploitation
- store any sensitive, non-public information on non-company devices only after taking the proper security protections and obtaining authorization.
If personnel work remotely, then CCO will also:
-
- catalogue systems that cannot be accessed remotely, if any
- shut down non-essential hardware (e.g., computers)
- lock its physical storage (e.g., file cabinets) and all office access
- require that firm personnel continue following advertising guidelines for applicable communications
- ensure electronic cataloguing of communication is still taking place
- continue to document all interactions with clients, regardless of the medium of interaction
- update BBFA’s business continuity plan as needed
THIRD PARTY VENDORS
If appropriate, the CCO will endeavor to discuss with vendors the following:
COMPANY PERSONNEL
If appropriate, the CCO will limit or altogether avoid in-person meeting with clients and advisory personnel and allow or require (as appropriate) personnel to work remotely. Any personnel that is limited in their ability to work remotely, will immediately inform their supervisor. Limitations include but are not limited to:
-
- Inadequate hardware, software, or other systems
- Need to perform caregiving services for children or other persons
- Physical incapacity
If essential personnel are limited in their ability to work remotely, then the firm will determine if alternate or temporary personnel are available to perform necessary functions. Additionally, the CCO will conduct check-ins with advisory personnel no less than weekly regarding remote work conditions.
APPROVAL AND EXECUTION AUTHORITY
The CCO is responsible for approving the plan and for conducting the required annual review. The CCO has the authority to execute this BCP.
PLAN LOCATION AND ACCESS
BBFA maintains copies of its BCP and annual reviews, and all changes that have been made. A physical copy of the BCP is stored with the company’s Written Policies and Procedures Manual, which is kept in the following locations: Hard copy - file cabinet in Deirdre Torres office and in file cabinet behind front desk. Electronic copy – scans(V:)/RIADOCS/BBFADOCS.
Each employee is given a copy of the plan and notified of the location/file within BBFA’s electronic systems to which employees have access. Physical copies need to be returned upon termination of employment with the firm.
BBFA’S CUSTODIAN AND BROKERAGE FIRM CONTACTS
TD Ameritrade Institutional, a division of TD Ameritrade, Inc. Member FINRA/SIPC
200 S 108th Ave
Omaha, NE 68154-263
(800) 934-6124
OFFICE LOCATIONS
BBFA’s primary office address and phone number are:
1101 Marsh St.
San Luis Obispo, CA 93401
United States
(805) 543-366
BBFA engages in client servicing, order taking and entry at this location. BBFA’s branch office addresses
and phone numbers are:
544 12th St.
Paso Robles, CA 93446
United States
(805) 239-388
125 Union Ave, Suite 103
Orcutt , CA 93455
United States
(805) 937-6321
ALTERNATIVE PHYSICAL LOCATION(S) OF EMPLOYEES
In the event of an SBD that makes it impossible or impractical to use any or all of the company offices, the CCO will move its staff from affected offices to the closest of its unaffected office locations.
If none of BBFA‘s other office locations are available, it will move the firm operations to:
1530 Broad Street
San Luis Obispo, CA 93401
United States
CLIENTS’ ACCESS TO FUNDS AND SECURITIES
BBFA does not maintain custody of clients’ funds or securities, which are maintained at its brokerage firm. In the event of an internal or external SBD, if telephone service and internet service are available, BBFA’s investment adviser representatives (IARs) will take customers’ orders or instructions from its alternative locations or phone numbers and contact its brokerage firm on their behalf. If internet access is available, the CCO will post on its website that clients may access their funds and securities by contacting the brokerage firm directly.
DATA BACK-UP AND RECOVERY (HARD COPY AND ELECTRONIC)
BBFA maintains its primary hard copy books and records and its electronic records at its primary office.
The firm’s CCO is responsible for the maintenance of these books and records. BBFA maintains the following document types and forms that are not transmitted to its brokerage firm: Investment Policy Statements, Client Contracts and other related documents.
The firm backs up its electronic records daily with a Backup Protection Appliance (BPA) located onsite. It captures complete backup images of all of BBFA’s servers and stores them on redundant storage protected fault tolerant RAID array. Incremental backup images -- including changes to data from that day -- are captured every night. In addition to onsite back up each incremental image is encrypted and sent offsite to a secure datacenter every night.
In the event of an internal or external SBD that causes the loss of its paper records, BBFA will physically recover them from its back-up site(s). If its primary site is inoperable, BBFA will continue operations
from its back-up site or an alternate location. For the loss of electronic records, it will either physically recover the storage media or electronically recover data from its back-up site(s). BBFA obtains the Business Continuity Plans of its electronic storage partners for access to its records in case of a regional event.
OPERATIONAL ASSESSMENTS
OPERATIONAL RISK
In the event of an SBD, the CCO will immediately identify what means will permit it to communicate with its clients, employees, critical business constituents, and regulators. Although the effects of an SBD will determine the means of alternative communication, the communications options the CCO will employ will include its website, telephone voice mail, secure e-mail, etc. In addition, the CCO will retrieve its key activity records as described in the section above, Data Back-Up and Recovery (Hard Copy and Electronic). Employees will establish contact with the firm’s Emergency Contacts and communicate key firm directives as they apply to operating the business whether it be from a new location, each employee’s residence or an alternative regional location with access to a different power grid from the principal office.
MISSION CRITICAL SYSTEMS
BBFA’s “mission critical systems” are those that ensure client communication, access to client accounts and trading systems. More specifically, these systems include the office computer systems.
BBFA has primary responsibility for establishing and maintaining its business relationships with its clients. BBFA’s brokerage firms/custodians provide the execution, comparison, allocation, clearance and settlement of securities transactions as well as the maintenance of customer accounts, access to customer accounts, and the delivery of funds and securities.
BBFA’s brokerage firm/custodian contracts provide that the brokerage firms/custodians will maintain business continuity plans and the capacity to execute those plans.
BBFA’s brokerage firms/custodians represent that they back up BBFA’s records at remote sites. BBFA’s brokerage firms/custodians represent that they operate back-up operating facilities in geographically separate areas with the capabilities to conduct the same volume of business as their primary sites. They have also confirmed the effectiveness of their back-up arrangements to recover from a wide scale disruption by testing.
Recovery-time objectives provide concrete goals to plan for and test against. They are not, however, hard and fast deadlines that must be met in every emergency situation, and various external factors surrounding a disruption, such as time of day, scope of disruption, and status of critical infrastructure— particularly telecommunications—can affect actual recovery times. Recovery refers to the restoration of clearing and settlement activities after a wide-scale disruption; resumption refers to the capacity to accept and process new transactions and payments after a wide-scale disruption.
TD Ameritrade Institutional, a division of TD Ameritrade, Inc. Member FINRA/SIPC has the following SBD
recovery time objectives: 0 hours for critical, core trading functions and 0 hours for critical, non-core trading functions.
THE FIRM’S MISSION CRITICAL SYSTEMS
TRADING
BBFA uses the electronic order entry system provided by its custodian or another third party to enter trading activity and transactions. If electronic means are not available, BBFA may place orders by fax or telephone, in which case order tickets will still be maintained.
In the event of an internal SBD, BBFA will enter and send records to its brokerage firm by the fastest alternative means available. In the event of an external SBD, BBFA will maintain the order in electronic or paper format, and deliver the order to the brokerage firm by the fastest means available when it resumes operations. In addition, during an internal SBD, BBFA may need to refer its clients to deal directly with its brokerage firm for order entry.
CLIENT ACCOUNT INFORMATION
BBFA currently accesses client account information via its brokerage firm’s website. In the event of an internal SBD, BBFA would access client information via fax correspondence, alternate phone systems, etc. BBFA may relocate to its alternative business location(s) if access to the brokerage firm website can be accomplished.
ALTERNATE COMMUNICATIONS WITH CLIENTS, EMPLOYEES, AND REGULATORS
CLIENTS
BBFA now communicates with its clients using the telephone, e-mail, its Website, fax, U.S. mail, and in person visits at BBFA‘s or at the other’s location. In the event of an SBD, BBFA will assess which means of communication are still available to it, and use the means closest in speed and form (written or oral) to the means that it has used in the past to communicate with the other party. For example, if BBFA has communicated with a party by e-mail but the Internet is unavailable, BBFA will call the party on the telephone and follow up and where a record is needed with paper copy in the U.S. mail. In the event of an anticipated significant regional business disruption, BBFA will communicate to its clients in advance how to establish contact with it and its personnel or brokerage and custodian prior to the disruptive event occurrence.
EMPLOYEES
BBFA now communicates with its employees using the telephone, e-mail, and in person. In the event of an SBD, BBFA will assess which means of communication are still available to it, and use the means closest in speed and form (written or oral) to the means that it has used in the past to communicate with the other party. In the event of key employees being unable to perform their job functions, immediately and for any time period afterwards, the CCO will delegate, if possible, those key functions to other employees.
REGULATORS
BBFA communicates with its regulators using the telephone, e-mail, fax, U.S. mail, and in person. In the event of an SBD, BBFA will assess which means of communication are still available to it, and use the means closest in speed and form (written or oral) to the means that it has used in the past to communicate with the other party.
REGULATORY REPORTING
BBFA is subject to regulation by the SEC and other jurisdictions as applicable. The CCO now files reports with its regulators using the IARD/CRD System. In the event of an SBD, the CCO will check with the SEC and other jurisdictions as applicable to determine which means of filing are still available to it, and use the means closest in speed and form (written or oral) to its previous filing method. In the event that the CCO cannot contact its regulators, it will continue to file required reports using the communication means available to it and forward those reports at the earliest opportunity.
REGULATORY CONTACT:
444 South Flower Street, Suite 900
Los Angeles, CA 90071
Phone: 323-965-3998
E-mail: losangeles@sec.gov
DEATH OF KEY PERSONNEL
The following personnel are identified as “Key Personnel” without which it would be difficult or impossible to continue operating the firm and/or properly service clients:
|
Sam Blakeslee |
President |
|
Craig Darnell |
Chief Investment Officer |
|
Deirdre Torres |
Chief Compliance Officer; Chief Operating Officer |
If some event made it impossible for any person listed above able to continue to service the firm, the CCO or other Key Personnal would implement the following succession plan:
If an event were to make it impossible for any or all of the firm's key personnel to continue operating the firm and serving clients the responsibility for assisting clients would devolve to TD Ameritrade. Clients should be able to obtain similar services from another RIA, and their custodial accounts would not depend on the well-being of the key personnel at this RIA.
In case of death of any key personnel, the following will assume the responsibility to make contact with the clients of the firm in the most efficient manner possible and as soon as possible to allow clients to access their accounts. If a business succession plan is to be implemented, clients will be contacted to obtain consent prior to any assignment of their advisory management contracts with this firm to a successor firm.
|
Deirdre Torres |
Chief Compliance Officer; Chief Operating Officer |
UPDATES AND ANNUAL REVIEW
The CCO will update this plan whenever it has a material change to its operations, structure, business or location or to those of its brokerage firm. In addition, the CCO will review this BCP annually, to modify it for any changes in its operations, structure, business, or location or those of its brokerage firm.
