DISASTER RECOVERY AND BUSINESS CONTINUITY PLAN DISCLOSURE
Cultivate Capital Group LLC (“Cultivate Capital” or the “Firm”) is committed to safeguarding the interests of our clients and customers in the event of a disaster, an emergency or a significant business disruption. This Disaster Recovery and Business Continuity Plan Disclosure summarizes Cultivate Capital’s effort to mitigate risks inherent with unforeseen business interruptions. Cultivate Capital’s comprehensive business continuity strategy is designed to enable us to meet our existing obligations to our clients and customers even in such an event. This Disaster Recovery and Business Continuity Plan Disclosure is intended to comply with the rules promulgated by the New York Stock Exchange (“NYSE”) and the Financial Industry Regulatory Authority (“FINRA”).
Cultivate Capital’s Disaster Recovery and Business Continuity Plan is designed to enable us to meet our existing obligations to our clients and customers even in the event of an emergency or significant business disruption; however it is not infallible. The Plan is designed to work in many different emergency situations; but these events are, by their nature, unpredictable and it is impossible to anticipate every scenario that could cause a business disruption. Furthermore, although we are confident in our own preparedness, Cultivate Capital has no control over the various entities that we must rely upon in the event of an emergency. Our Plan is tested periodically to ensure readiness; yet such tests may not be able to replicate the actual conditions we experience in a real emergency. This Plan is subject to change without notice. In the event that this Plan is modified, customers may obtain an updated hard copy of the Plan upon request and will be provided annually thereafter. The information contained in this disclosure is provided by Cultivate Capital for informational purposes only. Nothing contained herein shall be construed to amend, supplement or otherwise modify any of the terms and conditions set forth in any agreement between you and Cultivate Capital.
Our Plan:
Section 1 – Overview
Disaster recovery and business continuity plans are designed to provide for prompt responses and recovery from any significant business disruption (“SBD”) such as loss of critical service, loss of building access or physical facility catastrophe due to a natural disaster, terrorist strike or any other emergency event.
Section 2 – Business Continuity Plan
In the event of an SBD, Cultivate Capital will exercise the business continuity procedures set forth below (the “Plan”). This Plan has been designed to enable the Firm to continue operating or to reestablish its operations as soon as practicable, as applicable, with minimal disruption to its investment activities and operations in the event of an SBD. Cultivate Capital has designated the Operations Manager as the Firm’s Disaster Recovery Coordinator (“DRC”) who is vested with the authority to declare an SBD.
- Disaster Recovery Coordinator Contact Information
Annually, at a minimum, the Compliance Department shall distribute via e-mail relevant contact information for Cultivate Capital’s DRC and back-up DRC to all personnel. Each notice shall include the DRC’s and back-up DRC’s:
- name;
- business address, phone number and e-mail address;
- home address and phone number;
- cell phone number; and
- alternative e-mail address (if available).
- Communication Protocol
The DRC shall be responsible for declaring the occurrence of an SBD, whereupon the Plan will be promptly invoked. The DRC shall also be responsible for coordinating and implementing the response of the Firm in the event of an SBD. After an SBD has been declared, the DRC shall first contact police or fire units or other first responders, as needed, and shall then contact designated essential executive personnel. At the direction of the DRC, such essential executive personnel shall contact any remaining non-essential personnel, and any or all other brokers, banks, administrators, counterparties, portfolio managers, accountants, lawyers, vendors and service providers, as appropriate. Clients may also be contacted if the DRC reasonably believes that the SBD has the potential to materially impact open client purchase or sale orders. All such communications shall be conducted either personally by, or at the direction of, the DRC.
III. Back-Up Facilities, Systems and Personnel
- Available Back-Up Facilities
If Cultivate Capital’s main office is not accessible, or if the business of the Firm cannot for any reason be conducted from its main office, arrangements have been made to conduct the Firm’s trading and critical business operations from employee home residences. If necessary, and in the discretion of the DRC, Cultivate Capital also may conduct certain activities any location that offers secured internet access. The DRC shall also determine if it is necessary to designate other alternate facilities (based on such additional factors as whether such additional location is in a reasonably separate geographic location from the Firm’s primary or back-up facilities, systems and personnel and is serviced by different power grids and different telecommunication vendors than the Firm’s primary or back-up facilities). The DRC shall notify relevant personnel if they are to report to any such back-up facilities.
- Critical Back-Up Systems
All data critical to Cultivate Capital’s operation, including the Firm’s general ledger and primary accounting records, client account information, trading records and other information related to the Cultivate Capital’s purchase and sale transactions, are maintained on a computer hard drive at the Firm’s main office. All such information is backed up and separately stored in the Firm’s cloud storage platforms. Certain information is also maintained by Cultivate Capital’s service providers such as brokers, administrators, attorneys and accountants.
- Back-Up of Essential Documents
All electronic bank and broker statements, trading records and client account information is maintained at the Firm’s main office. Such information is backed up to the extent such information is maintained on the Cultivate Capital’s computer system. Essential hard copy documents shall be scanned, stored and backed up in similar fashion. In the event of an SBD that results in a loss of the primary source of critical documentation or information (or the ability to access such documentation or information), Cultivate Capital personnel will generally be able to access such documentation from duplicate data that is stored at the separate locations that are described above.
- Implementation and Maintenance of the Plan
- Implementation
The Plan will be distributed to all Cultivate Capital personnel as part of this document. All such personnel are required to familiarize themselves with the contents of the Plan so that they are able to respond effectively to an SBD in the event that one occurs. Furthermore, from time to time as appropriate, designated essential executive personnel will be informed with respect to their roles in contacting other employees, clients, customers, vendors, brokers and financial institutions in the event of an SBD and other responsibilities that stem from the declaration of an SBD. The DRC shall communicate the essential components of the Plan to all employees and will be available to answer any questions employees may have with respect to any aspect of the Plan.
- Maintenance and Ongoing Review of the Plan
The DRC shall update the Plan as necessary to respond to any material changes in Cultivate Capital’s business operations or activities. The DRC shall also annually review the Plan to ensure that its protocols continue to reasonably provide for an effective recovery from an SBD. The DRC shall promptly distribute all changes or updates to the Plan to all personnel. The DRC shall ensure that the CEO annually certifies to the adequacy and effectiveness of the Plan and shall retain all annual review-related documents in accordance with Firm recordkeeping policy.
- Third-Party Disruptions
Cultivate Capital engages third-party service providers (e.g., accountants, lawyers, consultants) to perform certain administrative functions and these engagements often require the Firm to grant providers with access to its books, records and systems. Prior to granting such access, the Operations Manager shall reasonably ensure that such providers maintain sufficient policies and procedures to provide for business continuity and disaster recovery by requiring that each provider either submit an acknowledgement that certifies that the vendor has developed and implemented such policies and procedures or that the relevant service contract contains such representations. The Operations Manager shall retain all such acknowledgements in accordance with Firm recordkeeping policy.