Business Continuity Plan

Introduction

In order to protect the interests of our clients, Conning and subsidiaries, Conning Inc. and Conning Investment Products Inc. (“Conning”), have developed a Business Continuity Plan (the “Plan”) that provides an alternate work facility for Conning to transact business in the event of a significant business disruption, defined as any unplanned event that denies access to Conning’s primary facility in Hartford, Connecticut for a period of 24 hours or longer. The location of the alternate facility is within the State of Massachusetts. In the event of an emergency, this facility can accommodate key personnel within 24 hours of an emergency declaration. In addition to the Plan, Conning has Operational Risk Management Policies and Procedures wherein operational, financial, and credit risk exposures have been recognized and mitigation strategies are identified.

Plan Specifics

  • Upon notification of a significant business disruption, the Massachusetts facility will suspend all planned activities and be converted to a disaster recovery site within 24 hours.
  • All electrical and communications infrastructure have been installed to accept the additional equipment and personnel. Conning has a separate network infrastructure located at the Massachusetts facility that provides back-up storage for the information resident on the principal server located at Conning’s headquarters. With regard to back up of hard copy documents, all client and third-party contracts and other essential business records have been electronically stored.
  • Because Conning Investment Products, Inc. acts only as a finder of securities investors for other broker-dealers, provisions regarding client access to funds and securities are not relevant to the Plan.
  • Conning believes that enough data processing equipment is installed in the Massachusetts facility to fulfill all mission critical business needs, including any necessary regulatory reporting or communications with regulators and business constituents.
  • The Plan is tested twice per year:
    • A soft test in the late spring of all mission critical systems by the IT staff to ensure connection of mission critical communications and functionality of systems.
    • A hard test in the late fall of all mission critical systems by business professionals who actually conduct business from Massachusetts to ensure true operability.
  • At the end of each test, a list of follow-up issues for correction is generated. All issues are monitored until completed.
  • An Emergency Management Group has been established. This is the governing management entity that decides when an emergency is declared and how long the emergency will last.
  • A Plan development and implementation group has been created, which meets periodically to evaluate whether the Plan needs to be updated or revised to ensure that:
    • It matches the changing business need.
    • Personnel lists and assignments are current.
    • New technology is accommodated to satisfy business need.
    • Facility and infrastructure changes are incorporated.
  • An Operational Risk Management professional has been assigned the task of custodian of the Plan and implementing any changes to keep it current.
  • At least annually, all mission critical systems are reevaluated to ensure that they are:
    • The proper systems required to support the business.
    • Their functionality satisfies the business need.
  • Our Chief Compliance Officer has conducted an annual review of, and approved, the Plan.