Business Plan - Best Practices, LLC

advertisement
National Association of Securites Dealers, Inc.
Year 2000 Program
Presentation to
Global Benchmarking Council
March 3-5, 1999
NASD Confidential
Y2K Executive Steering Committee
YEAR 2 0 0 0
YEAR
Presentation Overview

Program Overview and Structure

1998 Milestones and Lessons Learned

1999 Focus: Communications

Business Continuity Planning

NASD Regulation Membership
 Broker/Dealer Education
 Membership and Industry Preparedness
 Broker/Dealer Testing

NASD, NASD Regulation & Nasdaq Testing
 Integration Testing
 Industry Testing

March 4, 1999
Investor Education and Public Confidence Program
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
2
YEAR 2 0 0 0
YEAR
NASD Year 2000 Program

NASD and it’s subsidiaries formed joint Year 2000 Program in early
1996

Decentralized business line execution with centralized oversight and
reporting

Governance provided by Year 2000 Executive Steering Committee

Senior management participation; formal policies and procedures;
reporting and communications mechanisms

Inventory includes more than 11 million lines of code in mainframe
systems, mid-range and desk-top platforms

Total estimated NASD Year 2000 costs: $36 million

Ongoing reviews and audits from internal and external review
organizations
March 4, 1999
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
3
YEAR 2 0 0 0
YEAR
Program Scope
Y2K Program Office
Certification & Contingency
Planning
• Inventory Control and Analysis
• Software/System Renovation
• Computing Infrastructure
• Facilities Renovation
• 3rd Party Applications/Vendor
Management
• End User Computing
• Metrics Capture & Reporting
• Contingency Planning
• Contingency Plan Tests
Contact: Bill Sickenberger
Year 2000 Testing
• Integration Testing
• Business Systems
• Computing Infrastructure
• Facilities Related Systems
• Recertification of Renovated Soft/Sys.
• Industry Test Execution/Coordination
• External Testing
• Test Scenarios
• Execution and Reporting
• External Contact Management
• Metrics Capture & Reporting
Contact: Bill Sickenberger
• Policies & Procedures
• Industry Best Practices
• Industry Liaison
• Program Success
• Risk Analysis
• Management/Board Reporting
• Major Issue Management
• Key Process Management
• Program Financials
• Business Contingency Planning
• Staff Retention & Compensation
Assessment
Audit & Program Review
• Participate & Respond to Audits
by Internal Review, external
auditors, and industry regulators
• Insurance Analysis
• Industry Legal & Regulatory
Participation
• Management & Audit Committee
Reporting
Contact: Bill Bone
Contact: Bill Bone
Communications Center
• Management Reporting (Board, ESC,
IAC, SEC, GAO)
• Year 2000 Articles for Nasdaq, NASD
& NASD Regulation publications
• External publication articles
• Brochures, flyers, notices, media
• Library Management
• Third Party & Vendor Response Letters
• Y2K Web Site Content Management
• Investor Education Program
• Internal Awareness & Education
Membership Support Services
• Member Firm Awareness and Education
• Member Information Collection &
Disclosure
• Member Analysis
• District Examination Support
• Joint Management of Regulatory
Functions with the SEC, AMEX, NYSE
• International Firm Management
Contact: Lyn Kelly
Contact: Martha Manco
March 4, 1999
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
4
YEAR 2 0 0 0
YEAR
1998 Milestones
Remediation, Replacement & Certification

NASD, NASD Regulation, Nasdaq Application Remediation:
100% Complete
 Total number modules remediated: 14,010

End User Computing (Mission Critical): 100% Compliant

Facilities - 95 Components: 96.8% Compliant

Vendor Hardware Products (64): 100% Compliant

Vendor Software Packages (159): 92.5% Compliant
March 4, 1999
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
5
YEAR 2 0 0 0
YEAR
1998 Lessons Learned
Remediation, Replacement & Certification


Requires a fundamental strategy: Planning, Baseline Schedule,
Track/Measure against the Baseline Schedule
Third Party Vendors

Approach early and often - vendor/product status may change
 Test when available
 Establish contingencies for mission critical - know the trigger points
 Work closely with vendors - help them where possible

Benefits

Documentation of all systems and methods
 Provided enterprise view of systems & interfaces



March 4, 1999
Accurate inventory of all internal & external applications
Cleaned house of applications taking space but not in use
Opportunity for replacing/upgrading - selection of best product for
replacement
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
6
YEAR 2 0 0 0
YEAR
1998 Milestones
Membership Support Services

Education & Awareness Activities



Workshops & Seminars Conducted: 80
Year 2000 Publications to Members: 40
Call Center - Member Assistance, Information & Analysis

Incoming Call Volume: Peak - 350 per day; Non-peak - 30 per day
 Outgoing Calls to Members: 5,594 total calls made in 1998

Member Analysis - Ready for 2000?

Clearing Firms: 100%
 Market Makers: 100%
 Introducing Firms: Top 20%
 Member Reports Received, Processed & Filed: 11,000
March 4, 1999
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
7
YEAR 2 0 0 0
YEAR
1998 Milestones
Communications & Administration

Education & Awareness Activities


Workshops & Seminars Conducted: 84
Year 2000 Publications: 124




Members: 40
Investors: 20
Internal / External: 26
Reports: 38

Program Office & Membership Support Services Library Files
Maintained: 30,000

Responses to Compliance Inquiries: 2,616 Letters Mailed

1998 Audits Completed: 5
March 4, 1999
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
8
YEAR 2 0 0 0
YEAR
1999 Focus - Business Continuity Planning
Business Continuity Planning Program

Mission


To provide the program organization and processes to ensure
continuity of critical business functions and services which may be
lost because of failures induced by Year 2000 date-related
malfunctions. This mission is in support of NASD, its subsidiaries,
member firms, the SEC, and other industry participants.
Scope

March 4, 1999
Applies to the conduct of Year 2000 Business Continuity Planning
and Operations by the NASD corporate staff and NASD companies.
It includes establishing and managing relationships with government
and industry entities.
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
9
YEAR 2 0 0 0
YEAR
1999 Focus - Business Continuity Planning
Business Continuity Plan Definition

Business Continuity Planning provides solutions which will be
automated, manual, or a combination of both and will not involve
failed system components.

Technology Disaster Recovery Plans and Business Continuity
Plans are complimentary and must be fully coordinated.

Technology Disaster Recovery Plans are aimed at restoring
systems to their intended function in priority order.

Business Continuity Plans should not assume that Disaster
Recovery was successful.
March 4, 1999
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
10
YEAR 2 0 0 0
YEAR
1999 Focus - Business Continuity Planning
Organization & Governance
Year 2000
Executive Steering Committee (ESC)
Bill Bone
Year 2000 Program Officer
Bill Sickenberger
Director, Business Continuity Planning
Policy Guidance and Reporting
Officers and Managers
from each Company
Business Continuity Planning Committee
NASDAQ
Business Continuity
Planning Teams
NASD
Business Continuity
Planning Teams
NASDR
Business Continuity
Planning Teams
AMEX
Business Continuity
Planning Teams
Michelle Conner
Business Continuity Planning
Project Director
March 4, 1999
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
11
YEAR 2 0 0 0
YEAR
1999 Focus - Business Continuity Planning
Strategy

SEC/SRO agreement on high-level event responses

Coordination of high-level event responses with SIA

Decentralized business unit planning; central Program Management
oversight and reporting

Separate Business Continuity plans and test plans (dress rehearsal)

Plan for hierarchy of Command Center Structure

Technology and support services integral to business directed
planning team

Each Business Unit Business Continuity Plan will include:
 Business Continuity Readiness kits
 Business Continuity Events/Scenarios Plans
March 4, 1999

Ownership for planning cannot be outsourced

Use worst case scenarios

Employ SWAT Teams (internal/external), if applicable
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
12
YEAR 2 0 0 0
YEAR
1999 Focus - Business Continuity Planning
PROCESSES
Reports, Requests
Strategy
Year 2000
Program Office
Corporate Governance
Decisions
Centralized Program
Management and Reporting (Year
2000 Program Management Office)

Decentralized planning and
execution chaired by business units
and co-led with Technology
Services. This includes participation
by Production Services and
Administrative Services

Business Line
Continuity
Planning
Teams
Technology Business
Services
Experts
Rep.
March 4, 1999
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
13
YEAR 2 0 0 0
YEAR
1999 Focus - Business Continuity Planning
Business Continuity Management & Planning
Roles & Responsibilities
• Policy and Guidance
• Process Management
• Program Plan
• Template for Business Units
• Committee Coordination
• Training
• Industry Liaison
• Consultation (internal/external)
• Testing
• Budget
• Issues Management
• Progress Reporting
• Business Continuity Operations
Planning
•
•
•
•
•
•
•
•
•
•
•
•
•
Program Office
March 4, 1999
Business Continuity Planning Committees
Business Continuity Planning Teams
Business Continuity Planning
Metrics/Reporting
Mission Critical List
(Applications, Services, Facilities)
Risk Analysis
Cost Estimation
Establishment of Controls
Recovery Operations
Business Continuity Planning Training
Test Plans
Testing
Company Level Command Center
Each Company
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
14
YEAR 2 0 0 0
YEAR
1999 Focus - Business Continuity Planning
I finished the BCP ! Aren't I finished?
7
Business
Continuity
Plan Document
Conduct Business
Continuity Operations
7 January 2000
Assure Facilities & People
in Place
Define Recovery Solutions
6
6
Establish Controls
5
5
Conduct BC Training
Conduct Risk Analysis
4
4
Test BC Plans (dress
rehearsal)
Create BCP Team
3
3
Review Priorities/Complete
Mission Critical List
2
Set-up Business Continuity
Planning Committee
Create Test Plan
2
No, you're not finished! You are just
getting started!
1
1
March 4, 1999
Update BC Plan
Business
Continuity
Plan Document
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
15
YEAR 2 0 0 0
YEAR
1999 Focus - Business Continuity Planning
Operations in the Year 2000
Concepts

Corporate Command Center Structure
 Assured communication with NASD Companies, Industry, and
Government
 Representatives from business, technology and support organizations

Each company will operate a Response Center reporting to the
Corporate Command Center

Additional Company Subordinate Response Centers if required

SWAT Teams managed at company level; current status reported
to Corporate

All failures and outages managed by Company Response Centers;
reported to Corporate Command Center

March 4, 1999
Media contacts are managed at the Corporate Command Center
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
16
YEAR 2 0 0 0
YEAR
1999 Focus - Business Continuity Planning
Command Center Structure
President’s Council On Year 2000
Operations in
Year 2000
SEC Command Center
NASD Representative
NASD, Nasdaq Amex, NASDR
Corporate Command Center
SIA
Command Center
Staff
Business
Operations
Technology
Regulation
Logistics
Media
Relations
Other
FRB
Communication Desks
Nasdaq
Desk
Nasdaq Response
Center
Issuer Services
Field Response Ctrs.
March 4, 1999
AMEX
Desk
Amex Response
Center
Nasdaq International
Response Center
NASDR
Desk
SIPC
NASDR Response
Center
District
Response Ctrs.
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
17
YEAR 2 0 0 0
YEAR
1999 Focus - Business Continuity Planning
Lessons Learned







March 4, 1999
Business Continuity Planning must be top-down supported
Financial and human resources must be allocated
Business units must drive the planning process - technology
provides support
Must become a priority activity for each business unit - cannot be
“oh by the way, let’s put some plans in place “
Specialized facilitation must be provided to business units - they
know their business, but not necessarily how to plan for
contingencies
Centralized oversite for consistent approach and integrated plans
Plans must be tested - dress rehearsals conducted
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
18
YEAR 2 0 0 0
YEAR
1999 Focus - Membership Readiness
The NASD Regulation Membership Support Services
Program is designed to assist members in preparing for
the Year 2000

Education and Awareness

Publications
 Education Workshops

Membership Information Collection and Disclosure

Membership Reports
 Examinations

Membership Analysis


Other Activities

March 4, 1999
100% Clearing Firms, Market Makers & 20% Composite of
Introducing Firms
District Coordination and Industry Participation and Leadership
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
19
YEAR 2 0 0 0
YEAR
1999 Focus - Membership Readiness
EDUCATION AND AWARENESS
Education Workshops
Best Practices - Planning
Educational Topics - NTM
SEC Reports
Q&A
Fall Securities
Conference
SIA
Conference
Spr. Securities
Conference
SIA
Conference
Fall Securities
Conference
Reg - Tech
Symposium
SIA
Conference
SIA
Conference
Publications: NTM, RCA (Monthly) and CRD (Quarterly)
Mandatory
Education
Best Practices SEC Reports
Legal, Contingency Planning, End User
Q&A
MEMBERSHIP INFORMATION COLLECTION AND DISCLOSURE
4 Membership Reports
NASD
Survey
SEC BD-Y2K
Report #1
Exam Module
Exam Procedure
Web Disclosure
SEC BD-Y2K
Report #2
& New Member Application
Mandatory
Testing
Y2K Readiness Exams of Identified Firms
Onsite Reviews & Interviews
MEMBERSHIP ANALYSIS
100% Clearing Firms, 100% Market Makers & 20% Composite of Introducing Firms
OTHER ACTIVITIES
District Coordination
&
Industry Participation and Leadership
Contingency Planning
Business
Scenario Define SWAT Perform
Finalize Day Conduct
Execute
Awareness Development Teams
Simulations Zero Strategies Rehearsals Strategies
1Q
1998
2Q
3Q
4Q
1Q
2Q
3Q
4Q
1999
G:\Depts\Y2K\Common\Y2K Communications\Membership Support Services\NASDR Strategy cht-Jan.99. Updated1/28/99
March 4, 1999
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
20
YEAR 2 0 0 0
YEAR
1999 Focus - Membership Readiness
Year 2000 Membership Support Services
1999 Education & Awareness Program
Quarter 1
Quarter 2
Upcoming requirments (Testing/BDY2K) &
helpful hints on contingency planning, legal
issues and end user news
Investor Communication, Status of NASD
Testing, Contingency Planning, Exchanges
& Utilities, and Risk Management
Quarter 3
Where they should be, Regulatory
News, Investor/Client Focus
Quarter 4
Wrap up of the year, Analysis, Legal
Risk, Beyond 1/3/00
Proposed MSS- NTM Articles
Mandatory Testing, Year 2000 Legal and
End User Issues
BDY2K Helpful Hints and Best Practices in
completing forms. Possible enforcement
actions and regulatory requirements
March 4, 1999
Best Practices and Helpful HintsInvestor Communication for member
firms
State of the Industry and where you
should be. Checklist and the
Upcoming Certification Process
Looking at categories of member
Mandatory Testing and BDY2K, where is firms- common complications and
the NASD Membership
hurdles as the Year 2000 gets closer
Internal Testing and Contingency
Planning
Investor Article
Real time Contingency Planning
Testing - Helpful Hints and
Checklist
A year of efforts in review- what
worked and what didn't.
Contingency planning windows
Year 2000 - Day Zero
preparations.
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
21
YEAR 2 0 0 0
YEAR
1999 Focus - Membership Readiness
Proposed MSS- 1999 Virtual Workshops
Mandatory Testing
Investor Communication Best Practices
Risk Management and the
Broker/Dealer
State of the Industry- National
and Global View
Contingency Planning - large firms
Internal Testing
Contingency Planning - The view
for 1999 and firms of all sizes
State of the Utiltities and other
critical services
Contingency Planning - small firms
Peer Review of Best Practices
Investor Relations
Legal Review
Legal Workshop
State of the Utiltities and other critical
services
Operational Guidelines for all Firms
Beyond Year 2000
BDY2K for Small firms
Audit, Agreed Upon Procedures and
Examinations
BDY2K for Large firms
Exchanges and Utililies Update
Contingency Strategies for Clearing
Firms
Mandatory Testing
Contingency Strategies for
Introducing Firms
Certification of Y2K Compliance
MSS-On-site Education Workshops
Y2K Overview Part 1:BDY2K review
Y2K Overview Part 2: Contingency
Planning
Conference Participation/ MSS Speaking Engagements
NASDR Sprig Securities Conference
Fall NASDR Securities Conference
SIA Conference
March 4, 1999
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
22
YEAR 2 0 0 0
YEAR
1999 Focus - Membership Readiness
Member Analysis
Ongoing
Routine District Exams with Year 2000 Module
If Exceptions
Q1-Q4
Clearing, Mark et M ak e rs and
Gov't Firm s
Formal Review
Cause Exams
Q3-Q4
(Clearing & Carrying)
Q4 1999Q1 2000
If Red continue
Joint Exam Process w / SEC
Enforcement Actions
If Red continue
Firm Business Reduction
or Closing
If Red
When not Red
When not Red
Q1-Q4
Clearing, Market Makers, Government & Top 20% Introducing Firms
Informal Review and Monitoring (Yellow and Green)
March 4, 1999
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
23
YEAR 2 0 0 0
YEAR
1999 Focus - Membership Readiness
Mandatory Testing
1999
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sept
Oct
Nov
Dec
Virtual Workshops
SIA Industry Cycle
Seminar
Education
MandatoryTesting
Special Notice to Members
Mandate
Industry Nasdaq
RTC
Cycle
Mandate Mandate
Amex
Integration
Testing
Nasdaq Point-to-Point Testing
Nasdaq Regulation Point-to-Point Testing
Industry Cycle Test
Industry Cycle Testing
Reporting
Define
Metrics
Weekly Reporting
Point-to-Point Testing
Determine
Metrics
Enforcement
Bi Weekly Reporting
Industry Cycle Tests
Point-to-Point Testing
March 4, 1999
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
24
YEAR 2 0 0 0
YEAR

1999 Focus - Testing
January 1999 - April 1999

Continue preparation for industry-wide testing
 Perform industry-wide test
 Continue external testing with customers
 Internal re-certification

May 1999 - December 1999

Internal re-certification
 Continue customer unit testing
 Market data vendor testing

Quarterly Integration testing

Dedicated environment
 System dates changed on all platforms
 Full regression testing
 Date specific for newly certified apps
March 4, 1999
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
25
YEAR 2 0 0 0
YEAR
INPUT
1999 Focus - Testing
TESTS
QC IV +V
3rd Party
Custom
Applications
OUTPUT
Nasdaq External
Test Center
 Recertification
 Certification
Rockville External
Test Center
Members
Data Vendors
March 4, 1999




Integration
External
Mandatory
Industry Cycle




Certification
Recertification
Integration
Industry Cycle
OUTPUT
Metrics
Participants
List, Report to
SEC, P.O.
Metrics
Amex Production
Metrics
 External
 Mandatory
 Industry Cycle
Rockville Internal
Y2K Test Centers
Amex Y2K Test
Center
NSCC
DTC
Data
Vendors
 Recertification
 Certification
Data Vendors
Members
NSCC
DTC etc.
TESTS
Metrics
 3rd Party Custom
Applications
Nasdaq Y2K
Internal Test Center
INPUT
 Y2K Certification for
Hardware & Utility
Software
Nasdaq Production
Environment
Metrics/
Reporting to
P.O
Metrics
 Y2K Certification for
Hardware & Utility
Software
Rockville
Production
Environment
Metrics
Participants
List
Metrics/
Reporting to
P.O.
Metrics
 Y2K Certification for
Hardware & Utility
Software
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
26
1999 Focus - Testing
YEAR 2 0 0 0
YEAR
INDUSTRYWIDE TEST TRANSACTION FLOW
P
A
R
T
I
C
I
P
A
N
T
S
March 4, 1999
MARKETS
EQUITIES
CORPORATE BONDS
MUNICIPAL BONDS
OPTIONS
NYSE
AMEX
NASDAQ
CBOE
CSE
BSE
CHX
PCX
PHLX
OPTIONS
OCC
TRADES
EXECUTED
NSCC
UITs
MUTUAL FUNDS
TRADES
CONFIRMED AND CLEARED
EXERCISE
EQUITY
OPTIONS
DTC
NASD Year 2000 Program
TRADES
SETTLED
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
27
1999 Focus - Testing
YEAR 2 0 0 0
YEAR
•Orders/Executions
•Merged Order Logs
•Limit Order Rec.
Street-Side Process Flow
for
Industry-Wide Testing
NYSE
•Orders/Executions
AMEX
•Merged Order Logs
•Limit Order Rec.
•Option Contracts
•Orders/Executions
NASDAQ
•Trade RECAPS
MEMBER
FIRMS
• Fixed Income, QSR,
• Correspondent Clring
• Index Products, OTC,
• Mutual Funds
NSCC
Direct Submission
•Equity Contracts - NYSE, Amex
& OTC
• Data Service
• Risk Reporting
• SAR Reports
•Orders/Executions
•Fixed Income Contracts, Corps,
OCC
Munis & UITs
•Index Products
•Settlement
•Institutional Delivery
•MMI Processing
•Regional (RIO) &
CBOE, PHLX, CHX
PCX, CSE, BSE
•End of Day Files
Prime Broker ID
•Correspondent Clearing
•CNS Settlement Activity
Reporting
•Prime Broker ID
DTC
March 4, 1999
DTC
NSCC/SIAC
•Mutual Funds
NASD Year 2000 Program
“This document is a Year 2000 disclosure within the meaning of the Year 2000 Information and Readiness Disclosure Act.”
28
Download