Nothing Special   »   [go: up one dir, main page]
Apex Fintech Solutions Logo
Quick Links

Legal

Apex Clearing Business Continuity Plan

LAST UPDATED: November 8, 2023

Introduction

Federal regulations state, and internal corporate policies require, that APEX Clearing Corporation (APEX) develop Business Continuity Planning and Disaster Recovery Programs. These programs must be continually reviewed and updated. While developing and maintaining these plans, APEX must consider the organizational, managerial and technical environments in which disaster recovery plans will be implemented and assess the types and likely parameters of disasters most likely to occur and their resultant impacts on the Company’s ability to perform its critical business processes.

APEX Clearing’s Business Continuity Plan is intended to provide a framework to ensure the safety of employees, the reconstructing of vital business operations, and the resumption of time-sensitive operations and services in the event of an emergency. At the same time, it is intended to be a guide to maintain flexibility and not a series of defined instructions. The nature of the interruption will determine how the business continuation plan is applied.

 

Scope of Business Continuity and Disaster Recovery

The goal of these procedures is to restore the firm’s critical functions and essential and necessary systems as quickly as possible, based on priority.

Many of the applications which are critical to maintaining Apex business functions are not hosted by Apex; rather they are hosted by business partners such as Broadridge, DTCC, BONY, and PEAK6. In those cases, our business continuity and disaster recovery responsibilities are to ensure we have connectivity to these parties and the required applications are available.

Apex reviews the BC/DR Plans of its key partners and vendors and participates in their DR exercises when possible to ensure uninterrupted operations if one of them needed to declare a DR event.

Business Continuity Strategy

The Firm employs an ‘always-on’ technology architecture that provides near-seamless continuity in the event of a myriad of failure scenarios. This focus on continuity enables the Firm to be unaffected by the vast majority of potentially catastrophic localized events such as a fire in an office building or data center. To maintain continuity for both our physical infrastructure and software architecture, the Firm maintains multiple data centers that are located in geographic areas separated from the Firm’s primary facility to protect the Firm from the effects of a region wide event. If an event occurs that threatens the Firm’s Business Continuity, any one data center can take over all critical and necessary functions with little or no intervention, as they are always available and highly fault-tolerant. In the event a business continuity event does impact the availability of a critical computing service, the Firm will follow the Disaster Recovery Strategy to restore the impacted service(s).

Disaster Recovery Strategy

In the event of a pandemic, fire, tornado, or any other disaster, the Firm’s immediate concern is for the safety of its employees. Apex reviews and takes under advisement Center for Disease Control and Prevention (CDC) plans describing how to recover from a pandemic wave and proper preparations for any following wave(s). Once steps have been taken to protect its employees, the Firm identifies the scope of the incident. If the emergency appears to affect a primary data center, another critical facility or service, or if access to a critical firm facility is prohibited, a Firm Officer will declare a disaster, which initiates the recovery procedures. Once access to the facility is permitted, a damage assessment is made to determine the estimated length of the outage. If access to the facility is precluded, then the estimate must include the time until the effect of the disaster on the facility can be evaluated.

Alternate Communication

APEX may use a wide range of communication systems to communicate with its customers, employees, counter-parties, and regulators including, but not limited to: telephone; mail; fax; e-mail; instant message; APEX website; vendor systems (such as Bloomberg); and personal meetings. In a disaster scenario where one of the two APEX data centers is unavailable, communication systems exist in the alternate data center.

Alternate Locations

Apex employees are equipped to work from home in the event a damaged facility cannot be entered. Apex maintains office space in Dallas, Chicago, New York and Portland. Employees may be temporarily transported to alternate locations if needed.

Financial and Operational Assessments

Apex has set forth procedures for operational, financial, and credit risk exposures in the event of a significant business disruption. The stated procedures are below:

Operational Risk

In the event of a significant business disruption APEX will evaluate the situation and establish which communication system will be most effective to communicate with customers and critical business constituents.

Responsibility for daily account servicing and operations is shared between APEX Business Operations and Broadridge. Work may be shifted between the entities if one location is temporarily unavailable. Broadridge has a separate Business Continuity Plan in the event their office is unavailable.

Financial and Credit Risk

In the event of a significant business disruption, APEX will review its financial status to determine the appropriate measures. The determination will be based upon:

  • Impact of the disruption to conducting business
  • The ability to satisfy obligations with counter-parties
  • Contacting banks or other counter-parties to secure financing as needed
  • Current state of capital and the ability to support business requirements

A disruption impacting APEX’s ability to conduct business may occur either at APEX itself or at the third party. A critical third party may be in the form of a Business constituent, Bank and/or Counter-party.  APEX will secure business continuity procedures for third parties that are critical to the conduct of APEX’s business. All contracts with critical third parties will include assurances regarding the third party’s disaster recovery plans and a determination will be made as to whether the third party is able to continue providing critical services.

Prompt Access to Funds and Securities

When a customer’s access to funds and securities is impacted by a significant business disruption, customers will be notified by whatever expedient means is available (telephone, e-mail, etc.). If APEX is unable to continue business operations, customers will be notified of an alternative financial institution where they may conduct business and access their funds and securities promptly.

Regulatory Reporting

In the event of a significant business disruption affecting offices responsible for regulatory reporting, regulators will be contacted to determine which means of filing are available under the circumstances to meet filing requirements. In the event APEX cannot contact regulators, required reports will be filed using available communications means.

Plan Testing

Testing the Business Continuity Plan and validating the recovery procedures is an essential element of preparedness. APEX carries out partial tests of individual components and recovery plans of specific functions on a regular basis and performs comprehensive tests of our continuity and recovery capabilities on an annual basis.