Our firm’s policy is to respond to a Significant Business Disruption (SBD) by safeguarding employees’ health and safety and firm property, making a financial and operational assessment, quickly recovering and resuming operations, protecting all of the firm’s books and records, and allowing our customers to transact business.
Our strategy is to manage an approved corporate-wide Business Continuity Program (BCP) to maintain the policy and standards while providing a comprehensive education and implementation process. The objective is to create, document, test and maintain departmental business continuity plans to recover critical functions. At least annually, departments with critical business processes test their plans to ensure that they are workable, in compliance and that staff are aware of their roles in a business interruption. A corporate communication and management process exists to ensure critical business functions resume quickly, thereby reducing financial risk.
We provide in writing this BCP disclosure statement or an updated version to customers upon request. Our firm creates and documents BCP plans based on the potential risks of disruption to our employees, workspace and/or technology in each of our critical locations. Our firm provides this through incident response plans and business resumption plans at the department level, location-level and enterprise-level.
Significant Business Disruptions
Our plan anticipates two kinds of SBDs, internal and external. Internal SBDs affect only our firm’s ability to communicate and do business, such as a fire in our building. External SBDs disrupt the operations of the securities markets or a number of firms, such as a terrorist attack, a city flood, or a wide-scale, regional disruption. Our response to an external SBD relies more heavily on other organizations and external systems.
Plan Location and Access
Our firm will maintain copies of its BCP plan, including the annual reviews, and any changes that have been made to it for inspection. An electronic copy of our plan is located on the Fusion Risk Management Platform with historical copies maintained on the Envestnet network shared drive within the Business Continuity directory. Additionally, hard copies are kept in each office and safely at BCP leaders’ homes.
Envestnet Retirement Solutions (ERS), a subsidiary of Envestnet (ENV), Inc. (NYSE: ENV), brings investment management and analysis, along with advanced integrated technology to retirement plans. Our mission is to enhance retirement outcomes for the benefit of plan participants by empowering the advisors and the enterprises that serve them. ERS has developed an open-architecture technology solution which combines the proven investment tools, processes, and analytics to meet the specialized needs of each retirement stakeholder.
ERS senior management understands the importance of the services we provide to our clients and that any interruption in service has the potential of severe repercussions to our business partners. As a result of the environment we live and work in, management teams' face increasing regulation and liability surrounding resiliency during any event that can disrupt the business. We aim to identify potential impacts that threaten our organization on an enterprise-level and provide a continuity framework to our employees. The purpose of this framework is building resilience and capability for an effective response mechanism that safeguards the interests of our key stakeholders; reputation; brand; and value creating activities. Business disruptions can range from temporary power interruptions or severe weather to earthquakes, cyber threats, or internal attacks. Whatever the potential disruption, we must be prepared to safeguard our employees, our business and our stakeholders.
Our firm headquarters is located in Chicago, IL and our firm has offices in Boston, MA; Raleigh, NC; Sunnyvale, CA; and Trivandrum, India.
Alternative Physical Location(s) of Employees
In the event of an SBD, operational recovery for critical business processes is accomplished via remote work along with process redundancy to perform critical functions at multiple locations within the company.
Data Backup and Recovery (Hard Copy and Electronic)
Our firm maintains its primary copy of books and records and its electronic records at its headquarters in Chicago, IL. Our firm maintains the documents required by Advisors Act Section 204, Advisors Act Rules 275.204-2.
In the event of an internal or external SBD that causes the loss of our paper records, we will access electronic versions of these records in our various systems and platforms. If our primary site is inoperable, we will continue operations from our backup site or an alternate location. For the loss of electronic records, we will recover the electronic data from our backup records stored third party vendor’s site
Financial and Operational Assessments
Our firm recognizes that operational risk includes the firm’s ability to maintain communications with customers and to retrieve key activity records through its mission critical systems. In the event of an SBD, we will immediately identify what means will permit us to communicate with our customers, employees, critical business constituents, critical banks, critical counter-parties, and regulators. Although the effects of an SBD will determine the means of alternative communication, the communications options we will employ will include our web site, telephone, voice mail and secure email. In addition, we will retrieve our key activity records as described in the section above, Data Backup and Recovery (Hard Copy and Electronic).
Financial and Credit Risk
In the event of an SBD, we will determine the value and liquidity of assets to evaluate our ability to continue to fund our operations and remain in capital compliance. To the extent that we have financing requirements at the time of an SBD, we will request additional financing from our bank or other credit sources in order to remain in compliance with any applicable capital requirements. If we cannot remedy a capital deficiency, we will file appropriate notices with our regulators and immediately take the appropriate steps.
Mission Critical Systems
ERS key applications are those that ensure prompt and accurate reporting of securities holdings and the processing of reconciliation. More specifically, these systems include the custom platforms that support our core business offerings for the ERS Technology Platform and the ERS Fiduciary Solutions Offerings. In addition our mission critical systems include any corporate applications that support our communication needs surrounding internet, phone and email.
We have primary responsibility for establishing and maintaining our business relationships with our customers and have sole responsibility for our mission critical functions.
Mission Critical Systems Provided by Our Strategic Partners
Our firm relies, by contract, on Strategic Partners to provide technology for our platform offering. These strategic partners maintain their own business continuity plan and the capacity to execute that plan. The partners represent that they will advise us of any material changes to the plans that might affect our ability to maintain our business and they have presented ERS with an Executive Summary of their plans. In the event that any of our strategic partners execute their plan, the firms represent that they will notify us of such execution and provide equal access to services as its other customers. If we reasonably determine that the firm has not or cannot put its plan in place quickly enough to meet our needs, or is otherwise unable to provide access to such services, the clearing firm represents that it will assist us in seeking services from an alternative source.
The firms represent that backup of our records are taken at a remote site. Each firm represents that it operates a backup operating facility in a geographically separate area with the capability to conduct the same volume of business as its primary site. Each firm has also confirmed the effectiveness of its back-up arrangements to recover from a wide scale disruption by testing.
Recovery time objectives provide concrete goals to plan for and test against. They are not, however, hard and fast deadlines that must be met in every emergency situation, and various external factors surrounding a disruption, such as time of day, scope of disruption, and status of critical infrastructure— particularly telecommunications—can affect actual recovery times. Recovery refers to the restoration of clearing and settlement activities after a wide-scale disruption; resumption refers to the capacity to accept and process new transactions and payments after a wide scale disruption.
Alternate Communications between the Firm and Customers, Employees, and Regulators
We communicate with our customers using the telephone, email, our Web site, fax, U.S. mail, and in person visits at our firm or at the other locations. In the event of an SBD, we will assess which means of communication are still available to us, and use the means closest in speed and form (written or oral) to the means that we have used in the past to communicate with the other party. For example, if we have communicated with a party by email, but the Internet is unavailable, we will call them on the telephone and follow up where a record is needed with paper copy in the U.S. mail.
We communicate with our employees using the telephone, email, and in person. In the event of an SBD, we will assess which means of communication are still available to us, and use the means closest in speed and form (written or oral) to the means that we have used in the past to communicate with the other party. We will also employ a call tree and/or our automated notification system so that senior management can reach all employees quickly during an SBD.
We communicate with our regulators using the telephone, email, fax, and U.S. mail. In the event of an SBD, we will assess which means of communication are still available to us, and use the communication closest to those we have used before the disruption.
Critical Business Constituents and Counter‐Parties
We have contacted our critical business constituents defined as those businesses with which we have an ongoing commercial relationship in support of our operating activities, such as vendors providing us critical services and have determined the extent to which we can continue our business relationship with them in light of the internal or external SBD. We will quickly establish alternative arrangements if a business constituent can no longer provide the needed goods or services when we need them because of an SBD to them or our firm.
Our firm is subject to regulation by: SEC. We file reports with our regulators using paper copies through the U.S. mail and electronically using fax, email, and the Internet. In the event of an SBD, we will check with the SEC to determine which means of filing are still available to us and will use the means closest in speed and form (written or oral) to our previous filing method. In the event that we cannot contact our regulators, we will continue to file required reports using the communication means available to us.
Updates and Annual Review
Our firm will update this plan whenever we have a material change to our operations, structure, business or location or to those of our clearing firms. In addition, our firm will review the BCP annually to modify or update it to account for any changes in our operations, structure, business, or location.
Senior Manager Approval
I have approved this Summary BCP Disclosure as reasonably designed to enable our firm to meet its obligations to customers in the event of a significant business disruption.
By: Babu Sivadasan
Title: Group President, Envestnet | Retirement Solutions
Date: January 22, 2016
*original signature on file in main office