At Northern Trust Securities, Inc. (NTSI) we recognize how heavily our clients rely on our systems and services. We also recognize that the unexpected can and does occur—from simple situations to major outages. NTSI has successfully supported critical business activities during snowstorms, tornadoes, flooding, and other natural and man-made disasters.
Prior events clearly have tested our readiness across virtually all dimensions: safety, systems and telecommunications, physical space, policy, process and procedures. NTSI dedicates significant resources to our contingency planning and disaster recovery program. Components of our plans are tested periodically to ensure effectiveness. NTSI considers contingency planning to be an ongoing process, requiring periodic review, to assess various risks and appropriate responses.
NTSI Planning Guidelines
NTSI's plans include the ability to recover from situations including, but not limited to, unplanned evacuations, power outages, major water leaks, fire, loss of water, severe weather, and any facilities failures that may cause a significant business interruption. Plans are designed to account for business interruptions of various lengths and scope and require that NTSI business units are able to recover critical functions according to their time criticality.
Key features of NTSI's disaster recovery planning include annual reviews of the following:
- Mission critical systems and the backup and recovery process for such systems
- Financial and operational risks
- Alternate communications between NTSI and our clients
- Employee safety strategies and communications
- Systems and telecommunications accessibility
- Alternate physical site location and preparedness
A Northern Trust corporate business continuity team articulates corporate planning guidelines and coordinates response and event management across all Northern Trust companies. Each Northern Trust business unit has dedicated business contingency planners to prepare and test its specific plan. NTSI follows enterprise-wide guidelines for contingency planning and disaster recovery from various scenarios. NTSI's guidelines, which incorporate general industry best practices, include:
- Business Impact Analysis—NTSI is required to identify the time criticality of each business function, as well as the necessary resources to successfully recover. Additionally, NTSI must review annually the time criticality of all business functions.
- Business Contingency Plan— NTSI's contingency plans include event management procedures, employee communication strategies, alternate site requirements, procedures for notifying clients, recovery management, and alternate site preparation checklists.
- Employee Training and Awareness—NTSI's contingency plans also address promoting employee awareness with regard to event management and emergency communication tools, drilling evacuation procedures, communicating to employees the criticality ratings for the functions they perform, and identifying employees' roles in a contingency event. Because clear communication during an outage is vital, NTSI has developed a calling tree and protocol for employees who support key functions.
- Alternate Site Recovery Validation—Alternate sites are tested periodically each calendar year. Tests are designed to validate accessibility to critical systems, phones, records, and supplies. Our alternate site is at a distant location and is not on the same power and telecommunications grid as our primary location.
Employee Safety—NTSI and the Northern Trust Corporation place an emphasis on employee safety. We conduct regular employee training about how to respond during an emergency event as well as the business contingency plan. Periodic evacuation drills are led by trained floor wardens and supervised by on-site security personnel.
- Separate Sites—NTSI critical personnel are housed in three primary locations in the same city. NTSI has additional offices for certain order entry and support functions in order to provide backup for certain critical functions if needed. There are pre-established, tested processes for rerouting of critical hotline numbers including client service, relationship management, broker, and product support. In the event of a site outage, plans are in place to cover critical business functions and phone hotlines. There are pre-established, tested processes for rerouting of critical hotline numbers including client service, relationship management, and product support.
- Contingencies for Inclement Weather—If there is a forecasted weather emergency, hotel rooms are obtained for essential personnel. If the weather emergency could result in an inability to access the primary site, the alternate site would be prepared for use and personnel would be sent there prior to the event. A number of personnel have remote access so they can work from home. Employees can access phone mail and e-mail messages remotely.
- Notification to Clients—Procedures for notifying intermediary clients have been established for relationship managers and client service managers to follow in the event of an outage. Notification will include information regarding length of outage, instructions for contacting client services and relationship management, and support information (e.g., where to send faxes, issues pertaining to data transmissions and communications).
- Regulatory Reporting—NTSI's business contingency plans are designed to ensure that regardless of the length of an outage at a primary location, NTSI's ability to continue to meet regulatory requirements, as mandated by the Securities and Exchange Commission and the NASD, would not be impacted.
- Communications with Regulators—NTSI will communicate with its regulatory authorities regarding the nature and extent of any significant outage at a primary location, as required by applicable law and regulation.
Clearing Firm Contingency Planning and Business Recovery
NTSI has a clearing agreement with National Financial Services (NFS) which provides trade clearance, margin, money movement, and other operational services for its accounts. As a registered broker/dealer, NFS is subject to the rules and regulations of the Securities and Exchange Commission (SEC), the New York Stock Exchange (NYSE), the National Association of Securities Dealers (NASD), and other exchanges of which NFS is a member. These regulatory organizations each have certain rules and regulations that NFS must follow to safeguard your assets. Compliance is strictly enforced by regulatory agencies and reviewed each year during the annual audit, which is performed by an independent public accounting firm. NFS is also subject to examinations by the SEC, NYSE, NASD, and other organizations to ensure that their regulations are met. NFS mitigates risks to reduce potential issues and impact. In the event of an outage, NFS has tested plans to support recovery of its critical business functions.
We hope this Contingency Planning Statement helps address any questions you may have about NTSI's preparedness in the event of an outage or other disaster. We are committed to safeguarding your assets and, while some disasters may be unavoidable, a rigorous contingency plan can often reduce the financial risk. To that end, we recognize that contingency planning demands not only consistency, but also a continued willingness to listen and improve. If you are already an NTSI client and have questions, please contact your relationship manager. If you are not a client, please contact our Investor Services Center at (800) 621-4482.