This Business Continuity Plan (this “Plan”) for Finalis Securities LLC (“Finalis”, the “Company” or the “Firm”) has been prepared in accordance with FINRA Rule 4370 (“Business Continuity Plans and Emergency Contact Information”). This Plan shall be updated from time to time in the event of any material change to Finalis’ operations, structure, business or location.
FINRA Rule 4370 requires all FINRA broker-dealers to create and maintain a Business Continuity Plan and FINRA Rule 4370 requires that emergency contact information regarding this Plan be provided to FINRA (through FINRA’s Contact System at www.finra.org/ncs.asp). John Cunningham, the Firm’s CCO, is responsible for ensuring that all requirements under Rule 4370 are adhered to and will retain all books and records.
Finalis is committed to devoting adequate time and resources to assess risk management procedures and controls and Finalis’ management team (“Management”) is responsible for assessing the adequacy of the internal controls, minimally on an annual basis. The Firm conducts business in private offerings only, with institutional clients. The Firm does not have brokerage clients, retail clients, or otherwise engage in transactional activities. The Firm has no clearing house because the Firm has no brokerage account clients. Finalis has no customer funds, trade history or current trade activity data to be housed.
The Firm’s broker-dealer records, including due diligence, registered representatives (“RR”) files and institutional client agreements among other records subject to SEC Rule 17a-3 and 17a-4, are maintained on a cloud-based electronic archive system with Amazon Glacier.
The Firm prohibits storage of any firm-related materials on an individual PC or other device that is not subject to its archive and back up protocols. The Firm’s electronic communications are retained by a recognized industry vendor with expertise, relevant user and administrative controls and adequate redundancies. For further details, please refer to the Firm’s Cyber Security Policy and Data Retention Policy.
Financial And Operational Assessments
The following describes procedures for assessing changes in operational, financial, and credit risk exposures in the event of a significant business disruption.
In the event of a significant business disruption, alternative systems will be implemented to communicate with customers, associated persons, critical business constituents (banks, counter-parties, etc.), regulators, and other key parties depending on the nature and impact of the disruption.
Financial And Credit Risk
In the event of a significant business disruption, Finalis’ financial status will be evaluated to determine the need for additional financing or identify capital deficiencies including the following:
a) Review the impact of the disruption on Finalis’ ability to conduct business;
b) Identify inability to satisfy obligations with counter-parties;
c) Contact banks or other counter-parties to secure needed additional financing; and
Notify regulators of capital deficiencies, including to
* Reduce or cease business as may be required due to capital deficiencies or inability to conduct business, and
* Transfer business to other financial institutions until Finalis may resume conducting business.
All Finalis personnel have cell phones to prevent loss of communication capabilities during a power outage or telephone service disruption. All personnel have electronic to all Firm business resources, and therefore can connect from virtually any location. As such, personnel are instructed to first find a safe and secure location that will ensure their personal safety, and, if it is feasible to perform services for the Firm, to utilize customary login credentials to access the Firm’s systems.
Disaster Recovery Plans
If circumstances restrict access to the offices or vital systems fail, the Firm will operate from the remote locations chosen by its personnel, subject to safety considerations as a priority. until alternate facilities can be located.
Data Back-Up And Recovery
Finalis maintains its books and records in electronic format. In the event of an internal or external significant business disruption that causes the loss of Finalis’ records, back-up records will be recovered from the back-up site. Finalis’ back-up system utilizes the Amazon Glacier solution.
Mission Critical Systems
Mission critical systems are systems that are necessary to ensure prompt and accurate processing of securities transactions including order taking, entry, execution, comparison, allocation, clearance and settlement, maintaining customer accounts, and providing access to customer funds and securities.
Business Constituent, Bank, And Counter-Party Impact
This section describes business continuity procedures regarding third parties that are critical to the conduct of Finalis’ business. In most instances, contracts with critical third parties will include assurances regarding the third party’s disaster recovery plans. A disruption impacting Finalis’ ability to conduct business may occur either at Finalis itself or at the third party.
Determine whether the third party is able to continue providing critical services. If not, identify and contact an alternate third party to provide services.
Banks and Other Financial Institutions
Determine whether the bank/financial institution is able to continue providing financing. If not, identify and secure alternative financing.
Determine whether transactions may be completed with counter-parties. If not, contact counter-parties directly to make alternative arrangements to complete transactions.
Customer Access to Funds and Securities
Finalis does not hold any customer funds or securities, and does not open accounts for its customers. Therefore, this section is not applicable.
Finalis is subject to regulation by FINRA, SEC, and state regulatory bodies. The Firm files reports with the regulators using electronic facilities provided by the regulator, or by U.S. mail, electronically, or email. In the event of an emergency, the Firm will check with the appropriate regulatory body to determine which means of filing are still available to us and use the means closest in speed and form to the previous filing method. In the event that the Firm cannot contact the regulators, the Firm will continue to file required reports using the communication means available to it.
Disclosure of Business Continuity Plan
The Firm does not have brokerage customers and, therefore, does not send custody assets or provide account statements. Nevertheless, the Firm will post contact information to facilitate communications in the event of a business disruption. Finalis will also provide this Plan to Registered Representatives upon onboarding, on Finalis’ website, and upon request.
Retention and Location of this Plan
Copies of the current and prior versions of this Plan are retained as follows:
– Copies are dated as of the effective date of the version of this Plan. A current electronic of this Plan is retained by Finalis’ Compliance Department (“Compliance”) with a record of the senior manager’s approval;
– An electronic copy of this Plan is retained at Finalis’ headquarters in San Francisco, California and is available 24/7/365 over Amazon Web Services; and
– Prior versions (including approvals) of this Plan are retained by Compliance.
Implementation of this Plan
This Plan has been designed to be implemented in the event of a disaster that results in a significant business disruption. Whether all or only parts of this Plan are implemented depends on the nature of the disruption. Generally, a significant business disruption would include:
– Destruction of one of Finalis’ offices or facilities, whether by natural causes or by other means;
– Loss of life or major injuries to personnel in an office location that disables that office’s ability to conduct business;
– Disruption of service from a critical service provider; and
– Disruption of service due to wide-ranging regional outages such as a power outage.
Designation of Responsibilities
The following is a list of those responsible for this Plan.
Maintain and update Plan: John Cunningham
Approve Plan and Plan revisions; conduct annual review: John Cunningham
Annual testing of Plan: John Cunningham
Implementation of Plan when a disruption occurs: John Cunningham
Quarterly review of Emergency Contact Persons and report changes to regulators: John Cunningham
Maintain and distribute Emergency Contact List: John Cunningham
Maintain and update Books and Records Chart: John Cunningham
Provide Plan information upon onboarding and request: John Cunningham
Post Plan disclosure on Finalis’ web site and update, as required: John Cunningham
Emergency Contact Information
In accordance with FINRA Rule 4370, this section contains prescribed emergency contact information for two emergency points of contact who are also associated persons. Finalis shall promptly update its emergency contact information in the event of any material change. Each emergency contact person listed herein shall identify, review, and, if necessary, update such designations in the manner prescribed by FINRA Rule 4517.
John Cunningham, CEO, CCO & Registered Principal of Finalis Securities LLC
John Cunningham is a member of senior management, a registered principal of Finalis Securities LLC and CEO and CCO of Finalis Securities LLC. John’s emergency contact details are as follows. John is available 24/7/365.
Mobile Number: +1-813-347-7061
E-mail Address: firstname.lastname@example.org
Donna Bartlett, Registered Principal of Finalis Securities LLC
Donna Bartlett is a registered principal and a Compliance Officer of Finalis Securities. Donna’s emergency contact details are as follows. Donna is available 24/7/365.
Mobile Number: +1-619-300-9518
E-mail Address: email@example.com
Guido Barosio, Chief Technical Officer of Parent (Finalis, Inc.)
Guido Barosio is Chief Technical Officer of Finalis, Inc. and is a senior manager of the business who has knowledge of Finalis’ business operations. Guido’s emergency contact details are as follows. Guido is available 24/7/365.
Mobile Number: +1-415-802-2174
E-mail Address: firstname.lastname@example.org
Federico Baradello, President and Chief Executive Officer of Parent (Finalis, Inc.)
Federico Baradello President and CEO of Finalis, Inc. Federico’s emergency contact details are as follows. Federico is available 24/7/365.
Mobile Number: +1-415-342-0134
E-mail Address: email@example.com
Finalis may use a wide range of communication systems to communicate with its customers, associated persons, counter-parties, and regulators including its proprietary technology, telephone; mail; fax; e-mail; third party vendor systems; and personal meetings. Procedures for instituting alternative communications in the event of a significant business disruption include the following, depending on the nature of the disruption:
– Identify the most expedient remaining means of communication
– Notify associated persons if an off-site command center has been activated
– Notify associated persons of alternative communication systems to be used
– Transfer communications to another firm
Determination of what communication system will be used depends on the nature of the disruption and which communication systems (electronic mail, telephone calls, etc.) are functional and the availability of personnel in the event telephone contact is necessary.
Between Customers And The Firm
In the event of a significant business disruption that disables communications systems, alternative system procedures will be implemented, including the following:
– Identify the most expedient remaining means of communication;
– Notify associated persons regarding how to contact customers; and
– Contact customers about alternative business operations.
Between The Firm And Its Associated Persons
Finalis has also developed a system to enable senior management to contact associated persons in the event of an emergency. The system includes a “call tree” that provides contact initiated at senior management level and pyramiding down to reach affected personnel.
In the event of an emergency, John Cunningham, Finalis’ CCO (the “Call Tree Coordinator”) will activate the call tree. Should John Cunningham be unavailable, Donna Bartlett, a Compliance Officer at Finalis, will be responsible for implementing the phone tree as the Call Tree Coordinator.
The Call Tree Coordinator will call eight designated RRs, who are a group of reliable people who will be responsible for calling and activating the other RRs on the call tree. These eight designated RRs are the “Key Group.” The Key Group, in turn, will be responsible for calling the RRs who fall within their purview. As Finalis’ number of associated RRs grows, so will the number of people that the Key Group will be responsible for calling.
The call should follow the following sequence: (1) Highlight that “this is not a test,” (2) Disaster status, (3) Action to be taken (which will likely be to stand by until contact with further instructions), and (4) Emphasize that the situation should not be publicized. If the person called is not available, the caller should leave a message for the person to return the call. If leaving a message is not possible, the caller should call back every 5 minutes. If the person remains uncontactable for 20 minutes, the caller should call the next person that the unresponsive person is assigned to notify. Thereafter, any uncontactable person should be reported to the Call Tree Coordinator. The Call Tree Coordinator will then complete and file a status report to the company.
For data protection purposes, this phone tree will be a password protected document that shall be stored electronically. The phone tree should only be shared senior managers at Finalis and any out of date copies will be deleted. Any associated RR who leaves Finalis will have their details removed from the phone tree with immediate effect.
Finalis will continue to revise and update these call tree mechanics as appropriate.
Between The Firm And Regulators
Communications with regulators will be conducted using the most expedient available communication system. The designated Response Team person will contact regulators regarding any major business disruption and plans for continuing business.
Updating, Annual Review & Testing
This Plan will be reviewed on at least an annual basis and revised as needed. Each revision to this Plan will be approved by the designated member of Management and copies of the revised Plan distributed to the Emergency Response Team and key associated persons. Some material events require updating this Plan when they occur, including:
– Material changes to Finalis’ business;
– A change in Finalis’ main office location;
– Added office locations; and
– A change in a major service provider.
When this Plan is reviewed, the procedures and any documents incorporated by reference will be reviewed and updated as needed including the:
– Plan itself;
– Emergency Response Team list;
– Emergency Contact List;
– Cyber Security Policy;
– Data Retention Policy;
– Written Supervisory Procedures; and
– Any other information related to this Plan.
A written record of the annual review including the date reviewed and name and signature of the reviewer will be retained by Compliance.