Are you suffering from unnecessary headaches?

How would your life be affected if...?

Why not use other Backup Solutions?

Reasons to Outsource Data Protection...

Download Free Trial
Bandwidth Calculator

Wall Street pressed on disaster plans

Lucas Mearian, FRAMINGHAM

Brokerages and other financial services firms are facing increased pressure from the federal government and regulators within the industry itself to clearly define and test their IT disaster recovery plans.

Wall Street firms are also being being pushed to consider moving their backup data centres farther away from their primary computing facilities, according to IT managers.

Steve Randich, CIO at Nasdaq Stock Market in New York, last week said that a combination of "peer pressure and regulatory pressure" is prodding companies to ensure that their systems will keep running if a disaster occurs.

For example, the US Securities and Exchange Commission last month approved rules proposed by the National Association of Securities Dealers and New York Stock Exchange that require firms to submit business continuity plans detailing how they will provide ongoing access to systems during an emergency. The plans are due by August 5 for NYSE members. The NASD set deadlines of August 11 for firms that clear stock trades and September 10 for brokerages that initiate transactions.

In addition, the Securities Industry Association next week plans to conduct a business continuity tabletop exercise in conjunction with the Bond Market Association. The SIA said government regulators will be present at the event, in which participants will walk through the process of responding to an emergency and coordinate their disaster recovery plans.

Nasdaq announced two weeks ago that it had run tests at its two data centres to check the disaster recovery capabilities of member companies. The tests involved more than 50 brokerages and were conducted at the exchange's primary data centre in Connecticut in February and at its backup facility in Maryland last month.

"It's not that the regulators are mandating to see test results, although internal and external auditors and the SEC have collected records on the outcome of our tests," Randich said. "It's just short of a mandate, but that's enough to encourage people to ensure this all works seamlessly."

Randich said there was no system downtime at Nasdaq or the participating firms during the tests. "What we didn't know for certain was our market participants' ability to run (transactions) out of their backup sites," he said. "This was the first time outside of a disaster scenario where we were able to validate that their operations were good."

Peter Poulos, director and head of the business continuity group for the Americas at Credit Suisse First Boston in New York, said he thinks "every major securities firm on the Street" is facing the challenge of showing that its disaster recovery strategies are in order.

Poulos, who is also chairman of the SIA's Business Continuity Planning Committee, said Credit Suisse's systems worked smoothly during Nasdaq's tests. But its disaster recovery plan still has some kinks that need to be worked out, he added. Poulos wouldn't disclose further details but noted that more pressure is being put on firms to increase the resiliency of their systems beyond the capabilities they have already built.

Large financial services firms also face an April 2006 deadline for meeting new federal guidelines on increased resiliency for trade clearance and settlement activities. The SEC, the Federal Reserve Board and the US Treasury Department's Office of the Comptroller of the Currency set the guidelines in a white paper last spring.

Complying with the guidelines "means having people in place at another location that's not in a commutable distance to the primary site," Poulos said. Many firms may move their backup data centres to other parts of the New York metropolitan area or to more remote locations, he added.

Howard Sprow, director of business continuity planning at the SIA, said the new rules shouldn't have a big impact on large firms that have been improving their disaster recovery architectures since the September 11, 2001, terrorist attacks. The NASD and NYSE are simply looking to "formalize the process," he said.

"All the firms have robust backup sites that are some distance from their primary sites," Sprow noted. "But they are looking at ways to add additional sites or to increase the separation."