Koonce Securities LLC
Business Continuity Plan 2017/2018
Emergency Contact Persons:
Laura Murphy
301-897-9700
F. Scott Koonce
301-897-9700
301-704-2748
Each of the contact persons are registered principals of Koonce Securities, Inc. These names will be updated in the event of a material change, and our Executive Representative will review them at the end of each quarter.
Firm Policy:
Koonce Securities' policy for responding to a Significant Business Disruption ("SBD") is: safeguarding employees’ lives and firm property; making an immediate & complete financial and operational assessment; quickly recovering and resuming operations; protecting the firm’s books and records, and restoring systems to allow our firm to transact business. In the event the firm determines we are unable to continue our business, we will notify all regulatory agencies.
Laura Murphy, a registered principal, is responsible for maintaining the Business Continuity Plan ("BCP"). F. Scott Koonce will conduct the required annual review and has the authority to execute this BCP.
Copies of the firm BCP, and records of the annual review will be maintained by the firm’s compliance officer, Laura Murphy. Additionally, an electronic copy will be on the firm’s main server in the word file of L. Murphy.
Current Business Plan:
Koonce Securities, LLC sponsors applicants hoping to receive approval from DTC on submitted applications for DTC eligibility services.
Office Location:
Our sole business location is: 6229 Executive Blvd. Rockville MD 20852
Phone #’s: 301-897-9700 Employees travel to this location by car/bus or bicycle.
Alternative Location:
In the event of SBD, an alternative location for employees will be:
7002 Exfair Rd Bethesda MD 20814
Ph#: 301-704-2748
A back up terminal, printers, land line phones, & cell phones will be available at this site to maintain business operations. Emergency phones numbers, internet sites, firm forms and contact names are also available at this back-up location to enhance and enable the firm’s ability to maintain ongoing daily business operations.
Employees will be asked to travel to this location by car.
Regulators & Regulatory Reporting:
We are currently members of FINRA, and in the event of a business disruption, we will continue to use all current methods of contact with our regulators, being: phone, fax, e-mail, or in person. We will assess the best alternatives based on the nature of the disruption and its effects. We will also continue to file all required reports and determine the best method of filing based on the nature of the disruption in compliance with FINRA Rule 3510 (c)(8).
Customers’ Access to Funds & Securities:
N/A - Koonce currently does not maintain custody of client funds or securities.
Data Back-up and Recovery:
Koonce maintains its primary hard copy books and records and its primary electronic records at its primary address
The individuals responsible for maintenance of these records include:
F. Scott Koonce, Laura Murphy
Koonce Securities makes a daily copy of all records input into the oracle system which includes client transactions from previous years.
Copies of all DTC applications are kept Hard copies in Koonce files & online in a DTC File database.
Koonce keeps older account files (paper copies) in archive storage offsite (Iron Mountain storage) .
Backup and disaster recovery:
The Koonce server is being backed hourly from 8am until 6pm. At 6pm one backup is being uploaded offsite to a Nauticon datacenter. That datacenter has a redundant copy on the east coast and west coast (in case of some major incident). The type of backup is "image" based which means if anything should happen to Koonce’s actual server, the backup device itself can stand in and become Koonce’s server indefinitely.
Firewall:
Koonce installed a Cisco Meraki firewall which has monitoring and alerts(e.g. intrusion detection, stateful packet inspection, denial of service attacks)
Anti-virus:
This is centrally managed by Nauticon and is updated via Nauticon’s remote monitoring tools and it's based on the Bit Defender product.
Cloud-based DNS filtering:
Koonce uses a product from Cisco that has proven to be highly effective against ransomware. In the event an infected file gets past Koonce’s spam filter, firewall, and anti-virus -- this product then stops it from contacting the "command and control" server in order to prevent receiving instructions on how to attack the Koonce IT environment.
Passwords
Koonce implemented a password policy that requires 7 characters and a combination of lower/upper case, symbols, and numbers. Additionally, Koonce employees maintain passwords for various internal programs and log in sites.
Encryption/E-mails
Koonce maintains a firm policy to limit sensitive data being electronically transmitted. When sensitive information is required to be transmitted via e-mail, Koonce utilizes the Citrix Share File program providing end to end encryption of transmissions and attachments. All e-mail attachments are stored within the Share File cloud archival system, which keeps these documents encrypted at all times. Employees are instructed to utilize the Citrix encryption software when sending transmissions including sensitive client data which includes, but is not limited to:
bank account numbers, social security/tax ID numbers, addresses, passwords, financial &/or personal data, copies of account statements, tax filings or sensitive client profile information.
Before sending e-mails, it will be the responsibility of Koonceemployees to review & determine if encryption is needed prior to sending (*noting all e-mails are reviewed by Laura Murphy to ensure correspondence adheres to firm policies).
The Citrix Share File program also allows clients to return e-mails to Koonce employees in encrypted format, as well as notifyingKoonce employees when their encrypted emails are received and opened.
Financial & Operational Assessments:
In the event of an SBD, management (F. S. Koonce, or L, Murphy) will immediately assess and identify what means will permit us to communicate with, employees and critical business constituents, critical banks, counter-parties and regulators. Although the effects of an SBD will determine the means of alternative communication, the communications options we will employ include our web site ( land line telephones, cell phones, secure e-mail, and if possible. the option of physically coming to the backup site to meet with available personal.
*In the event of a large scale/ pandemic attack, the firm’s president and/or compliance officer will be responsible for posting notices in all available modes of communication (ie: website, phones, mailings, or if possible at the firm’s regular office and/or back-up location) found to be available and reliable. These notices will address how to best attempt contact with representatives of the firm. Attempts will also be made in such an event to check with regulatory officials as to necessary steps to take regarding the pandemic event.
Financial and Credit Risk
CURRENTLY KOONCE CARRIES NO CLIENT ACCOUNTS.
If Koonce Securities LLC had client accounts/assets:
In the event of an SBD, management will assess and determine the value and liquidity of our investments and other assets to evaluate our ability to continue to fund our operations and remain in capital compliance. We will contact our critical banks to apprise them of our financial status. If we determine we may be unable to meet our obligations, or otherwise continue to fund our operations, we will request additional financing from our bank or other sources to fulfill our obligations to our customers and clients. If we cannot remedy a capital deficiency, we will file appropriate notices with our regulators and follow all regulatory procedures for such matters.
Employees:
The backup site, as well as the firm’s officers maintain a listing of all employees’ home phone numbers. The employees will be contacted in the event of an emergency. If necessary, employees have been informed of the back-up site, and can report to that location.
Additionally, employees can look for information to be posted to the firm’s web site, if available, to get updates on matters related to the business disruption.
Mission Critical Systems
Our firm’s “mission critical systems” are those that ensure prompt and accurate processing of transactions, the maintenance of prior customer accounts, access to prior customer accounts,. More specifically, these systems include:
Oracle Proprietary software utilized for maintaining records relating to all clients, trades, & bookkeeping records.
- PC Web – utilized to transmit & receive trade data with DTC/NSCC
- DTC/NSCC – Notices
- Lakeside Bank/ Bank of America/ – banking facilities for firm
We back up our records and keep them at a remote location. Our back up site is set up to maintain functioning of all business systems in the event of an emergency. The manner in which we complete the daily operations, , will be the same format used at the back up site. If a particular system becomes unavailable, we will post alternate information on the web site for clients and business contacts to inform them when regular service can be expected to resume. We may utilize Wachtel & Co. if necessary, to perform some specific brokerage services as an alternate, if they cannot be executed from the firm’s back up site.
We can also request that mission critical associations we maintain in order to complete day to day operations, provide us with verifications of their business continuity plans in order to provide us with successful alternatives in the event of a significant business disruption.
Disclosure of BCP:
We post information related to the BCP on the KSI web site.
Updates and Annual Reviews:
Koonce Securities, LLC will have this Business Continuity Plan reviewed annually by the President of the firm. It will be documented by the President’s signature on this document. It may be updated from time to time, as deemed necessary by changes in operations, business structure or facility locations, or as required by regulators.
KSI Business Continuity Testing
Nauticon, our 3rd party provider handling Koonce back-ups, does a full review of our IT systems at least once annually in an on-site meeting with Laura Murphy and Franklin Koonce in addition to their day to day monitoring.