• Terms and Conditions
• Privacy Policy
• Business Continuity

Looking for BlackRock capabilities and product information?

Visit your local site

BlackRock views Business Continuity Management (“BCM”) as a critical and fundamental part of its ability to fulfill its fiduciary responsibilities to clients.  As such, significant resources and effort are dedicated to the program.

BlackRock maintains business continuity and disaster response plans to facilitate the continuity of business in the event of a significant business disruption. BlackRock’s executive management is responsible for oversight of the firm’s BCM program, supported by the Business Continuity Management group, which manages the program.

BlackRock’s business continuity program has several key elements, including:

• Planning
• Training and Awareness
• Testing
  
  

Planning

There are four main areas of focus that comprise the BCM planning that BlackRock performs:

1. Business Impact Analysis: BlackRock’s Business Impact Analysis (BIA) program is designed to ensure that the firm’s BCPs continue to address all critical business functions and underlying technology services. Each department periodically reviews and updates their business continuity needs through a formal Business Impact Analysis program managed by the Business Continuity Management group. Recovery Time Objectives (RTOs) are created for all critical business functions and services as part of BlackRock’s BIA program.
   
   The results of this program are used to perform a “gap analysis” to identify potential areas of improvement for the BCPs. The appropriate groups address any significant gaps and revise the BCPs.
2. Business Continuity Planning: Business Continuity Plans (“BCPs”) are procedures designed to accordingly assure continuity of operations in the event of a business disruption. These include recovery strategies for personnel, data, communications, information processing, and facilities. The BCPs are updated annually, or more often if conditions warrant.
   
3. Response Planning: In addition to department-level planning, BlackRock has a program devoted to response planning which includes a full-featured Crisis Management framework.  BlackRock recognizes that communication is crucial for effective Crisis Management, and has implemented the following tools:
   • Crisis Management Call Lists that include key global and regional business heads;
   • An automated crisis notification system that can broadcast messages to designated staff in the event of a crisis. The notifications are sent via email, work and personal phones, and SMS;
   • Employee Status Lines and Emergency Websites to provide staff updates;
   • Employee emergency pocket cards that contain procedures for employee evacuation, assembly, check-in and communication;
   
4. Third-Party Resiliency: One of the key components of the BCM planning process is our supplier management framework, which includes periodic reviews of the business continuity programs for key service providers. Risk assessments are used to determine the criticality of each service provider.  For the most critical service providers, BlackRock conducts targeted reviews and evaluations of BCM plans and, where appropriate, on-site visits.

Training and Awareness

BlackRock uses several methods to keep employees aware of the critical role that they play in preparing for and responding to potential business disruptions. Primary methods used include mandatory annual on-line Business Continuity training, BCM tests, fire drills, emergency pocket cards, and periodic educational intranet articles and periodic e-mails.

Testing

BlackRock tests its plans to ensure the procedures for recovering business operations are appropriate and to help ensure continued familiarity by key personnel with the procedures.  The testing program includes:

• Recovery and business process walk-throughs, simulating various scenarios;
• Alternative location (e.g., work area recovery);
• System fail-over testing, including external vendors where appropriate;
• Evacuation drills, notification system tests and periodic generator tests.

Test results are documented and reviewed with all involved participants following each exercise.  Recommendations for improvements to the recovery process are identified, required corrective action clearly defined and assigned to the appropriate personnel.  These actions are tracked, completed and documented as appropriate.

Last revised: July 2010