Morgan Stanley 2009 Annual Report Download - page 115

Download and view the complete annual report

Please find page 115 of the 2009 Morgan Stanley annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 260

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260

Business Continuity Management is an ongoing program of analysis and planning that helps ensure a recovery
strategy and required resources for the resumption of critical business functions following a disaster or other
business interruption. Disaster recovery plans are in place for critical facilities and resources on a company-wide
basis, and redundancies are built into the systems as deemed appropriate. The key components of the Company’s
disaster recovery plans include: crisis management; business recovery plans; applications/data recovery; work
area recovery; and other elements addressing management, analysis, training and testing.
The Company maintains an information security program that coordinates the management of information
security risks and satisfies regulatory requirements. Information security procedures are designed to protect the
Company’s information assets against unauthorized disclosure, modification or misuse. These procedures cover a
broad range of areas, including: application entitlements, data protection, incident response, Internet and
electronic communications, remote access and portable devices. The Company has also established policies,
procedures and technologies to protect its computers and other assets from unauthorized access.
The Company utilizes the services of external vendors in connection with the Company’s ongoing operations.
These may include, for example, outsourced processing and support functions and consulting and other
professional services. The Company manages its exposures to the quality of these services through a variety of
means, including service level and other contractual agreements, service and quality reviews, and ongoing
monitoring of the vendors’ performance. It is anticipated that the use of these services will continue and possibly
increase in the future.
Legal Risk.
Legal risk includes the risk of non-compliance with applicable legal and regulatory requirements and standards.
Legal risk also includes contractual and commercial risk such as the risk that a counterparty’s performance
obligations will be unenforceable. The Company is generally subject to extensive regulation in the different
jurisdictions in which it conducts its business (see “Business—Supervision and Regulation” in Part I, Item 1).
The Company has established procedures based on legal and regulatory requirements on a worldwide basis that
are designed to foster compliance with applicable statutory and regulatory requirements. The Company,
principally through the Legal and Compliance Division, also has established procedures that are designed to
require that the Company’s policies relating to conduct, ethics and business practices are followed globally. In
connection with its businesses, the Company has and continuously develops various procedures addressing issues
such as regulatory capital requirements, sales and trading practices, new products, potential conflicts of interest,
structured transactions, use and safekeeping of customer funds and securities, credit granting, money laundering,
privacy and recordkeeping. In addition, the Company has established procedures to mitigate the risk that a
counterparty’s performance obligations will be unenforceable, including consideration of counterparty legal
authority and capacity, adequacy of legal documentation, the permissibility of a transaction under applicable law
and whether applicable bankruptcy or insolvency laws limit or alter contractual remedies. The legal and
regulatory focus on the financial services industry presents a continuing business challenge for the Company.
111