Institutional asset managers have fine-tuned disaster recovery plans based on lessons learned from the Sept. 11 terrorist attack on the World Trade Center, but haven't made significant financial commitments to new technology.
Money managers and financial services companies say they had systems in place before the attack and believe current disaster recovery technology is sufficient to withstand a similar disaster. Industry insiders said little has changed technologically in the past year.
But once the dust settled in downtown Manhattan, many found that even the best emergency planning and practices had some flaws in the face of a disaster of last September's magnitude.
In the past year, the industry has been tweaking disaster recovery and emergency preparedness. The attack drove home the need for redundancy of systems and emergency backup storage. It also showed holes in prior plans, such as transportation requirements and the need for additional telecommunications lines, said Rob Hegarty, director of investment management at the Tower Group, a Needham, Mass.-based consulting firm that has closely monitored the impact of the attack on the financial services industry.
Rather than making major changes, he said, money managers are addressing needs brought to light by actual events. For example, he said, telephone lines from various carriers routed through a central exchange in lower Manhattan were out for an extended period. Now, he said, companies are selecting more "geographically and technically distributed" telecommunications lines that will function if others are disabled.
Other firms are re-evaluating transportation requirements - how to move key people to secure locations or central facilities. "They are looking at their key people and thinking about how to get them where they are needed," he said.
"(Money managers) seem to be taking disaster recovery more seriously now," said Mr. Hegarty. "Before, disaster recovery may have been an afterthought. There has been an organizational change at many firms which is moving DR higher up in the organization."
Alan Brown, chief investment officer at State Street Global Advisors, Boston, said SSgA officials "learned a great deal" about how to function in the hours and weeks after the attack. For example, he said, traders in the SSgA disaster recovery site found they had telephone numbers for the primary sites of broker-dealers but not the numbers at the brokers' disaster recovery site, where many had moved following the attacks. In addition, the SSgA emergency plan called for certain key executives to travel from its Montreal office to Boston, which was disrupted by the domestic airline shutdown after the attack.
He said SSgA has addressed those issues as part of "detail changes" in its disaster recovery operations and did not have to make costly "fundamental" changes. He claimed the SSgA disaster recovery and emergency contingency plans worked and will be improved with "minor modifications."
The Internet was one comforting constant in the midst of all the chaos and uncertainty. Despite problems with phone lines, air transportation and physical damage to some hubs in Manhattan, the Internet provided communication throughout the crisis, said Mr. Hegarty.
"Throughout all of this, the Internet kept working," agreed Mr. Brown. "We were able to communicate and issue instructions" via the Internet.
M.D. Sass, chairman and chief executive officer of M.D. Sass Investors Services Inc., New York, said his firm relocated its downtown New York disaster recovery site to New Jersey. Sass also has built a secondary recovery site in the "mountains of Colorado," he said.
Mr. Sass said his firm's investment in disaster recovery is part of a "sustained and ongoing" expense as it is with other investment businesses.
Barclays Global Investors, San Francisco, began making its systems fully redundant following a 1989 earthquake in the San Francisco area, according to Craig Squires, global head of information technology infrastructure. Although the company did not experience a major data loss at the time, Mr. Squires said it was evident the company needed to back up its systems. Barclays has a fully redundant internal network housed in Sacramento, Calif.
Following Sept. 11, Barclays did make some more changes. Barclays lost its infrastructure for SWIFT (a communications system for financial institutions), and some of its external data feeds. Telephone calls also were rerouted through the company's data network after some calls proved difficult to make on Sept. 11. All three problems were handled quickly, said Mr. Squires. Communications problems also led the company to install a public address system in all of its California offices.
Jim Wallace, chief information officer of Frank Russell Co., Tacoma, Wash., said his firm hasn't "done anything in particular different since Sept. 11." Russell was in the process of outsourcing its wide-area network and web-hosting capabilities before Sept. 11. And only weeks before the terrorist attacks, Russell had begun outsourcing its entire technology infrastructure - a move made to cut costs and concentrate on core businesses, he said. However, he does acknowledge that disaster preparedness is important. Information technology "is 15% of a disaster recovery environment," said Mr. Wallace.
"The good news from all this," said Mr. Hegarty of Tower Group, "is that the industry was prepared and that people now realize that disaster recovery plans on the shelf are of little value. Financial services companies are better off today, but there is still work that needs to be done.
"There is some work needed on industrywide testing and procedures to handle circumstances such as when a stock exchange goes down or if something happens to the clearing operations," he said. "But generally, financial services companies are better off today than they were."