Global Business Continuity Planning
THE ESPOSITO SECURITIES, LLC BUSINESS CONTINUITY
PROGRAM FOR DISASTER RECOVERY: OVERVIEW
Business continuity for disaster recovery is a high priority for Esposito Securities LLC. The Firm’s goal is to ensure our continued ability to serve our clients, their respective needs along with protecting our employees, assets and the services we provide. Our Business Continuity Program (BCP) has been developed to provide reasonable assurance of business continuity in the event there are disruptions of normal operations at the firm’s establish business location.
The firm has established a comprehensive, structured approach designed to ensure that the firm is prepared should a significant business disruption (SBD) occur. This approach addresses business disruptions of varying scope and size including, but not limited to: Esposito Securities, LLC-specific business disruptions, events involving the disruption of business, systems processing, and displaced personnel or a significant reduction in our workforce due to illness, injury or death. Our plans include leveraging resources and infrastructure through relocating the impacted business unit to a designated and tested business recovery site, as well as using critical data and applications which are replicated among dispersed data centers. For example, if a local storm were to render our primary business location inoperable, employees could perform critical functions at another off-site location with minimal disruption, and if a problem occurred in one of our data centers, effectively shutting down our servers, we could carry on processing from another facility.
We periodically test systems and processing failover to a remote, business recovery site. Our plan also considers the potential need for our business operations to be supported by staff operating from non-Esposito Securities, LLC locations, including their homes, should an incident occur which requires personnel to be dispersed. Potential scenarios include not only severe weather but also the potential exposure to a biological or chemical HAZMAT “event” in or near a location in which the firm does business.
No contingency plan can be failsafe or provide absolute assurance that an interruption in business will not occur or that negative consequences will not ensue from a crisis or event. Because natural and other disruptions are generally unpredictable and can change over time, no plan when originally designed or even if later modified, can anticipate every contingency or need. That said, Esposito Securities LLC is committed to ensuring that its program is comprehensive and up-to-date, particularly as new information, techniques, and technologies become available. We may alter, modify, or eliminate specific aspects of the program as we determine appropriate for the protection of all concerned parties. We will keep both our clients and our own personnel informed of pertinent changes.
The Esposito Securities, LLC Business Continuity Program
We have a team of professionals responsible for training and education, creating and maintaining the BCP, and implementing and managing the firm’s preparedness. The program is comprised of 5 essential elements: Crisis Management, Business Recovery, Systems and Data Recovery, Personnel Recovery Facilities, and Process Improvement.
- Crisis Management
Crisis Management encompasses the communication processes and response procedures by which the firm manages a business disruption, as well as the tools, training, and exercises we use to help prepare the firm and our employees for possible disruptions. Because the first two hours following a disruption are often the most critical, the firm has established a multi-pronged, rapid response capability that includes:
- The firm’s senior management has identified and trained to support the assessment, escalation, and decision making processes in a business disruption.
- Communication plans are in place for employees, customers and regulators to facilitate information flow and coordination of responses.
- Processes and communication tools are available to notify personnel quickly at the onset of a disruption.
- Each employee has tested, from a remote location, their ability to maintain full connectivity in regards to their job functions.
The firm’s Crisis Management responses are periodically tested at offsite locations during business hours. These pro-active, real world contingency implementations allow the firm to study and improve its program and processes.
- Business Recovery
Business Recovery focuses on protecting client assets and assuring that the firm is able to continue business operations in the event of a business disruption.
Central to the firm’s business recovery efforts is that the firm develops, tests, and maintains recovery plans for its core functions. As part of these plans, the firm identifies critical risks and puts in place the appropriate level of business controls and functionality necessary to mitigate those risks. The resultant plans document the functional requirements — equipment, applications, vital records and regulatory reports, relocation sites, and recovery teams and tasks — needed to re-establish essential business operations. The plans also assess the impact of a business disruption on the firm’s critical business constituents, banks, and counter-parties.
- Systems and Data Recovery
Systems and Data Recovery focuses on restoring the firm’s core infrastructure, including networking, applications, market-data feeds, and other shared technologies to ensure the continuation of critical business systems processing. Applications are prioritized based on their criticality to the business. Recovery requirements and the frequency of application testing are then established based on those priorities.
In addition, to maintaining replicated data at our main office, our third party data center, which has been established away from our primary facility to support recovery of critical systems and data, also performs data backup.
- Employee Relocation Facilities
The employee relocation facility focuses on ensuring that our employees can quickly get back to productive work when the primary office facility is not operating or accessible.
This offsite facility has been established to ensure business continuity. It is has the capability to office employees so as to carry on business in emergency situations. The site is contractually maintained to ensure operational readiness.
Additionally, the firm is able to support critical functions by staff to work from their homes, or from other non-Esposito Securities LLC locations through secure remote access connections.
- BCP Process Improvement
Process Improvement assesses and tests the firm’s state of readiness for foreseeable business disruptions, including:
- Periodic testing of plans.
- Continually reassessing risk, including operational and financial risks, and integrating new risk scenarios into the program, as applicable.
- Updating business requirements and integrating them into the program.
- Reviewing new strategies and technologies as they become available.
- Undertaking periodic review and refinement of the program.
Client Communications and Questions
This document provides an overview of the firm’s Business Continuity Program. If you have additional questions, please contact the firm’s Chief Compliance Officer at (214) 855-2162. Please bear in mind that we will not respond to specific questions about the program that could compromise our security.
Pertinent updates to this Overview will be available on the Esposito Securities LLC Web site (http://www.espositosecurities.com).
In the Event of a Business Disruption
Should there be a significant business disruption, clients are encouraged to visit the Esposito Securities, LLC Web site (http://www.espositosecurities.com) for additional information.
This Overview is designed to satisfy disclosure requirements under FINRA Rule 4370 requiring the creation, maintenance and customer disclosure of a Business Continuity Plan.
Last Certified: November 2017