Investment advisers owe a fiduciary duty to their clients to have disaster recovery plans in place in the event of a natural disaster, accident, death, or other event that would disrupt the normal business flow of the adviser and the services it provides to its clients.
A disaster recovery plan must detail the steps that an adviser and each of its Associated Persons will take in the event of a disaster. This plan, including all contact information for clients, Associated Persons, regulators, custodians, and service providers, should be updated regularly and each revision should be communicated to Associated Persons as applicable.
Policies and Procedures
The Company’s Disaster Recovery Plan is an essential part of its operations. All Associated Persons are responsible for understanding their role in the event of a disaster or major disruption. The CCO (“Primary Disaster Recovery Coordinator”) has the overall responsibility for the firm’s response to a major disruption, is responsible for ensuring that the Company’s Disaster Recovery Plan is tested annually and is updated when regulatory or operational changes occur. The Primary Disaster Recovery Coordinator may designate one or more persons to assist with their duties.
A disaster is any event that renders the Company unable to provide its usual level of service without immediate recovery (a “major disruption”). The physical location of the Company may or may not be affected.
If the major disruption does not affect the physical location of the business, meaning the business can continue to operate from that location, the Primary Disaster Recovery Coordinator, or designee, will determine the steps necessary to resolve the disruption. If the disruption is systems related, this may include contacting the Company’s offsite data storage provider, Google Suite, Amazon, Microsoft, to determine next steps and expected length of time for resolution. The Company’s Email Retention provider, Google, may also be contacted. In the event the disruption does not prevent Associated Persons from working remotely, Associated Persons may be required to use these systems and/or to travel to the designated offsite location as named below as deemed necessary. The below list is not exhaustive. Specifically, if the location listed below is not available, Associated Persons may be asked to work remotely from alternate locations.
If the major disruption affects the physical location of the business and Associated Persons either cannot get into the building or must evacuate the building, the Primary Disaster Recovery Coordinator will determine the steps necessary to resolve the service disruption. This may include contacting the Company’s offsite data storage provider and email retention provider. The Primary Disaster Recovery Coordinator and/or designee will notify all critical Associated Persons of next steps and provide direction to each Associated Person as to whether or not they will be required to report to the designated offsite location.
In the event of an office building evacuation, all Associated Persons should immediately leave the building. Go immediately to our designated meeting location, so that the Disaster Recovery Coordinator(s) may confirm everyone is safe and accounted for. If a building evacuation occurs and an Associated Person is on the phone, the Associated Person should inform the caller that the building is under mandatory evacuation, you’ll have to reschedule the call for another time, and immediately terminate the call.
Because every building and situation has unique characteristics and circumstances, below are some general guidelines to follow for building evacuation:
- Do not use the elevators.
- Make yourself aware of the closest exit, and go to it.
- Instruct others in your area to also leave the building.
- Sound any alarms, e.g. fire alarms, if needed.
- Proceed to the designated meeting location.
Main Office Number and Website
Main office number: 312-883-2769.
Website address: https://hempelwealth.com. This web site can be updated remotely and will be updated, as needed, to provide direction to clients who wish to contact the Company. Clients may also be contacted directly, via phone or email, if necessary and possible.
Notification of Proper Authorities
After an emergency has been declared, the Primary Disaster Recovery Coordinator, or designee, will notify the proper regulatory authorities of the nature of the emergency, and the temporary location of the firm, and notify the local public utilities, the telephone company, the post office and any other vendor as deemed necessary.
Temporary Operation Location/Recovery Site
Client data is easily accessible at any remote location with Internet access. Client data, including e-mail correspondence and pertinent books and records, is backed up and archived Real-time backups/Daily Snapshots. The archive is maintained away from the Company’s primary business location to allow for retrieval of client records where the primary office location is not accessible.
The Company will maintain a list of all equipment, hardware and software, used by the Company. The list shall provide identifying information for the item, including the serial number, the manufacturers and serial/registration number as applicable. The CCO will notify the Company’s insurance company of any damage.
If the Company’s computer system is deemed unusable for any reason, the Company will procure another computer at that time. Time constraints for the purchase, delivery, and installation of a computer will depend on a number of outside factors such as the retailer, delivery services, and the consultant hired to install the computer, but it is expected that the Company will only be without a computer for a maximum of two business days. Once the new computer is installed, the last backup will be restored to the new system.
If the Company is unable to receive mail at its business office, the Company will either forward mail to an alternate location, or submitting a mail hold request to the post office.
Client Information and Client Trading Records
Original client agreements, contracts, profiles, and other documentation related to each client as well as trading records, brokerage statements and confirmations are maintained at the principal place of business for the appropriate time that is required by law.
Copies of pertinent client information shall be kept at a secure off-site location. If it is not practical to keep paper copies, electronic facsimiles may be kept in a format that is easily retrievable, i.e., pdf, tif, gif, with a vetted cloud provider, etc., and in a timely manner. Periodically, the CCO will review these disaster recovery plans pertaining to client’s records to assure that these records will be adequately maintained in the event of a disaster or emergency.
Copies of certain client records are also maintained by the custodian(s) holding the client’s assets. The Company can access client records from the custodian as needed. If a client needed immediate access to their account, and for any reason could not contact Company, the client could contact his or her custodian(s) directly.
Contacting Access Persons
Should Associated Persons not be at work when the major disruption occurs, Associated Persons will need to be contacted. The Company maintains a list of its associated persons and contact information as part of human resources records.
The Disaster Recovery Coordinator is responsible for retaining an accessible copy of the most current Associated Persons list as maintained by human resources at a location other than the Company’s primary business office.
In the event Mr. Hempel is unable to perform his duties as an investment advisor client files/information shall be sent to James Andrew Hammond (CRD#: 5049177); address: 9753 Crosspoint Blvd., Indianapolis, IN 46256.
If a disaster occurs that requires client contact, every effort will be made by the Company to contact all clients. This may be done by phone calls, emails, general mailing, posting a message on the Company website, or by other means. A list of all clients is maintained in the Company’s account management system and can also be received by contacting the relevant account custodian.
The Company’s financial information is stored in a financial file that is included in the backup procedures discussed above.
Updates and Annual Review
The Company will update this plan whenever there is a material change to the Company’s operations, structure, business or location or to those of our custodian (or any other critical service providers). In addition, the Company will test the plan, at least annually, and update the plan as needed, to ensure the plan remains consistent with the Company’s policy and overall business operations.