Hartford Investment Management Company ( HIMCO ) April 2015



Similar documents
SPOTLIGHT ON. Advisors Recordkeeping Obligations

Business Continuity. Investment Adviser Association Compliance Conference Arlington, Virginia March 6-7, 2014

Business Continuity Plan

NASAA Recordkeeping Requirements For Investment Advisers Model Rule 203(a)-2 Adopted 9/3/87, amended 5/3/99, 4/18/04, 9/11/05; Amended 9/11/2011

Regulatory Notice 13-25

FS Regulatory Brief. SEC Staff Provides Guidance on the Use of Social Media by Advisers. Introduction

Business Continuity Plan Template for Small Introducing Firms. [Firm Name] Business Continuity Plan (BCP)

Joint Audit Report for South Lakeland District Council. & Eden District Council

Attachment #2. BUSINESS CONTINUITY PLAN Plan Development Guidelines

The PNC Financial Services Group, Inc. Business Continuity Program

JANSSEN PARTNERS, INC. Business Continuity Plan (BCP)

BUSINESS IMPACT ANALYSIS

REMINDER BUSINESS CONTINUITY PLAN IMPLEMENTATION OF ARTICLE 3012

Business Continuity Plan (BCP)

The PNC Financial Services Group, Inc. Business Continuity Program

Operational Risk Publication Date: May Operational Risk... 3

orldox GX3 Cloud for Financial Services Worldox GX3 Cloud Compliance Outline The Best of both Worlds. / Whenever. Wherever.

Business Continuity Plan

Business Continuity Plan Summary

BERNARD HEROLD & CO., INC. BUSINESS CONTINUITY PLAN

Business Unit CONTINGENCY PLAN

NCI-Frederick Safety and Environmental Compliance Manual 03/2013

Mazzone & Associates, Inc.

BUSINESS CONTINUITY AND DISASTER RECOVERY PLAN

Business Continuity. Disaster Recovery Plan

McNally Financial Services Corporation Business Continuity Plan (BCP)

BUSINESS CONTINUITY PLAN

GP Bullhound, Inc. Business Continuity and Disaster Recovery Plan

Business Continuity Plan

LEMLEY, YARLING & CO. LEMLEY, YARLING MANAGEMENT CO. BUSINESS CONTINUITY PLAN

NexTrend Securities, Inc. Business Continuity Plan (BCP)

Disaster Recovery Planning

9.17 Business Continuity Plan

SecureVest Financial Group, Inc. Argentis Advisors Business Continuity Plan (BCP)

Global Statement of Business Continuity

BUSINESS CONTINUITY PLAN (BCP)

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

White Paper: Financial Services Compliance

Business Continuity and Disaster Recovery Plan

Business Continuity Plan (BCP)

NASAA Model Rule on Business Continuity and Succession Planning Model Rule 203(a)-1A or 2002 Rule 411(c)-1A Adopted April 13, 2015

the first step to advisor What to Expect When Transitioning from a Broker Rep to a Registered Financial Advisor

GWM GROUP INC Business Continuity Plan (BCP)

BUSINESS CONTINUITY PLANNING

TABLE OF CONTENTS Information Systems Security Handbook Information Systems Security program elements. 7

BUSINESS CONTINUITY PLANNING FOR REGISTERED INVESTMENT COMPANIES

CyberEdge. Desired Coverages. Application Form. Covers Required. Financial Information. Company or Trading Name: Address: Post Code: Telephone:

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

National Examination Risk Alert

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

RECORDS MANAGEMENT POLICY

Cybercrime and Regulatory Priorities for Cybersecurity

Business Continuity Plan (BCP)

Internal Audit Department NeighborWorks America. Audit Review of the Business Continuity Plan (BCP) Management and Documentation

Broadridge Business Process Outsourcing, LLC Business Continuity Plan Disclosure

Assessment of Hitachi Data Systems (HDS) Hitachi Content Platform (HCP) For Dodd-Frank Compliance

Business Continuity Plan Template for Introducing Brokers. [Firm Name] Business Continuity Plan (BCP)

Client Update SEC Releases Updated Cybersecurity Examination Guidelines

Team Financial Resources, Inc. Business Continuity Plan (BCP)

Business Continuity Plan

Running the Risk: Wisdom Gathered from our Compliance and Risk Verifications

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

MBS Capital Markets, LLC Business Continuity Plan (BCP)

Cybersecurity: Recent CFTC and NFA Activity

OCIE CYBERSECURITY INITIATIVE

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan

Disaster Recovery Plan Documentation for Agencies Instructions

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

DATA RECOVERY SOLUTIONS EXPERT DATA RECOVERY SOLUTIONS FOR ALL DATA LOSS SCENARIOS.

Audit of the Disaster Recovery Plan

REVENUE REGULATIONS NO issued on December 29, 2009 defines the requirements, obligations and responsibilities imposed on taxpayers for the

SECURITIES AND EXCHANGE COMMISSION

Technology Recovery Plan Instructions

NACo RMA LLC and NACo RMA Disaster Recovery and Business Continuity Plan. January, Page 1

Identify and Protect Your Vital Records

GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004

Financial Services Compliance

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

2015 BUSINESS CONTINUITY AND DISASTER RECOVERY PLAN Dated

Consider the cash demands of a financial institution's customers; Anticipate funding needs in late 1999 and early 2000;

BUSINESS CONTINUITY PLANNING GUIDELINES

Business Continuity Planning for Risk Reduction

American Heritage Securities, Inc. Business Continuity Plan (BCP)

Business Continuity Plan (BCP) Updated January 2016

Emergency Contact Person - Firm Policy And Operation

Proposal for Business Continuity Plan and Management Review 6 August 2008

Disaster Recovery and Business Continuity Plan

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Office of Inspector General

Rockwell Financial Group Business Continuity Plan. Emergency Contact Persons Rockwell Financial Group has two emergency contact persons:

Information Technology Internal Audit Report

TFS Derivatives Corp. Business Continuity Plan (BCP)

White Paper on Financial Institution Vendor Management

Firm SBD - Strategic Planning and Implementation

Pursuant to Section 19(b)(1) of the Securities Exchange Act of 1934 ( Act ), 1 and Rule

FFIEC Cybersecurity Assessment Tool

Department of Information Technology Data Center Disaster Recovery Audit Report Final Report. September 2006

New England Capital Business Continuity Plan (BCP)

Transcription:

_ Hartford Investment Management Company ( HIMCO ) Business Resiliency Policy and Procedures April 2015 1

POLICY REVISION AND APPROVAL HISTORY Effective Date Description of Action Approved by Name and Title October 1, 2004 Creation of Policy David Znamierowski, President March 29, 2006 Update of Policy David Znamierowski, President January 31, 2007 Update of Policy David Znamierowski, President August 21, 2008 Update of Policy Barbara Keller, HIMCO Chief Compliance Officer February 9, 2010 Update of Policy Barbara Keller, HIMCO Chief Compliance Officer April 8, 2015 Update of Policy Robert Lewton, HIMCO Chief Compliance Officer POLICY OVERSIGHT Most Recent Evaluation Date Description of Action Reviewed by Policy Owner 3Q 2013 Test of Policy HIMCO Office of Testing Regulatory Compliance April 8, 2015 Assessment of HIMCO Chief Regulatory Compliance Policy Compliance Officer POLICY STATEMENT As a fiduciary, HIMCO has an obligation to its clients to take steps to protect its clients interests from being placed at risk as a result of the adviser s inability to provide advisory services after a business interruption (e.g. natural disaster or the incapacitation of key personnel). The SEC, as well as other regulatory agencies, requires advisers to have written compliance policies and procedures that address business resiliency and disaster recovery. These plans must be reasonably designed to allow the adviser to support the resumption of time-sensitive business operations and functions with minimal disruption. HIMCO has developed and implemented Business Resiliency and Disaster Recovery Plans in order to protect client interests and safeguard business operations, records and personnel during periods of disruptive events. PROCEDURES AND ACCOUNTABILITIES Business Resiliency Plan versus Disaster Recovery Plan Business Resiliency Plans address the business processes needed to support the resumption of advisory services. Disaster Recovery Plans address the technology and infrastructure needs to support the resumption of business activities. These plans provide a comprehensive approach to ensure that HIMCO is able to continue its advisory services during disruptive events and includes procedures for employees to resume business activities quickly and effectively. 2

HIMCO s Business Resiliency Plan addresses the critical business processes, tools, and personnel required to resume business activities. The Business Resiliency Plan includes (at a minimum) procedures that address the following key areas: remote access to our network for all HIMCO employees; ability to execute trades on behalf of The Hartford and 3 rd party clients; ability to monitor changes in financial, operational, and risk exposures; methods to communicate with clients; methods to communicate with employees; critical business and counterparty impact; regulatory reporting; and communications with regulators HIMCO s Disaster Recovery Plan includes (at a minimum) the following information: data back-up and recovery; access to critical systems; and alternative physical locations. HIMCO S FIRST RESPONSE AND BUSINESS RECOVERY TEAMS First Response Team The First Response Team will assess the impact that a particular incident has on the business and based upon the team's assessment, the Business Recovery Team may be engaged. Business Resiliency Coordinator An individual is assigned to work with HIMCO s management team, the First Response Team, and the Business Recovery Team to coordinate all activities related to this policy. This individual is also responsible for facilitating the activities necessary to respond to a business interruption. Business Recovery Team This team consists of senior leaders representing each department within HIMCO. Members of the Business Recovery Team meet with the business resiliency coordinator to represent their departments in Business Resiliency planning, validate the Business Resiliency Plan, and communicate updates to their personnel as appropriate. When a disruptive event occurs, each member will be responsible for assessing the impact to their specific department and determining if their business resiliency plan should be activated. Members of the Business Recovery Team may also be responsible for initiating communication to impacted personnel. HIMCO s Business Resiliency Plan may be accessed through the Disaster & Business Resiliency link on the HIMCO iconnect Home Page. 3

TESTING The Business Recovery Team ensures material updates to the Business Resiliency Plan are made throughout the year to capture organizational and technical changes through interviews with key personnel within the Firm. On at least an annual basis, the Business Resiliency Plan is reviewed and tested. These tests include (but are not limited): 1) communications to employees, 2) accessing the critical applications and tools via VPN/SSL remote access, and 3) resuming critical business activities as outlined in the Business Resiliency Plan. On at least an annual basis, the Disaster Recovery Plan is reviewed and tested. These tests include (but are not limited): 1) confirmation of application, including supporting components, availability in the Disaster Recovery environment, and 2) performing applicable application tests and/or process scenarios as defined in the Disaster Recovery Execution Plan. REPORTING At least annually, the First Response Team is responsible for providing a written report to HIMCO s Governance, Risk, Compliance, and Operations Committee ( GRCO ) and The Hartford s Business Resiliency Office summarizing its activities and test findings. RECORDKEEPING All records related to the Business and Disaster Recovery program (reports, test logs, and other correspondence) will be maintained by the Business Resiliency Coordinator and shall be available to the SEC or any representative of the SEC at any time and from time to time for reasonable periodic, special or other examination, and shall be retained for a period not less than seven years in an easily accessible location, the first three years in HIMCO s principal office. Records that are stored electronically must meet Investment Advisers Act Rule 204-2(g) (Micrographic and Electronic Storage), which allows HIMCO to maintain records on microfilm, microfiche, or any electronic or digital storage medium so long as: (a) the records are arranged and indexed in a way that permits easy location, access, and retrieval; (b) HIMCO is able to promptly provide the SEC with a legible, true, and complete copy of the record in its storage medium; a legible true, and complete printout of the record; and means to access, view, and print the records; and (c) HIMCO separately stores a duplicate copy of the record. In the case of electronic media, HIMCO must have procedures to reasonably safeguard the records from loss, alteration, or destruction; limit access to properly authorized personnel and the SEC; and reasonably ensure that any reproduction of a non-electronic original is complete, legible, and true when received. ASSOCIATED POLICIES AND PROCEDURES Record Retention Policy REGULATORY AUTHORITY Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System, SEC Release no. 34-47638 (April 7, 2003) Investment Advisers Act Release No. 2204 (Dec. 17, 2003) (at n.22 and accompanying text) National Futures Association Rule 2-38 4

SEC, CFTC and FINRA staff advisory on business continuity and disaster recovery planning (Aug 16, 2013) National Exam Program Risk Alert by the Office of Compliance Inspections and Examinations, SEC Examinations of Business Continuity Plans of Certain Advisers Following Operational Disruptions Caused by Weather-Related Events Last Year (Aug. 27, 2013) 5

APPENDIX A ROLES AND RESPONSIBILITIES OUTLINE TASK Disaster Recovery Plan Documentation Business Resiliency Plan Documentation Business Resiliency Plan Test OWNER(S) IT Enterprise Services Enterprise Services POLICY RISK EVALUATION ASSOCIATED RISKS Computer system failures, limit the surveillance/control activities of Compliance (MyCompliance Office, Blackrock, etc ) Failure to have procedures in place to address events that may prevent staff from getting to the North Plaza building. INHERENT RISK LEVEL Medium Medium 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information