LogoLadd & Co.
Request an Introduction

Business Continuity Plan

Effective Date: April 2026

This Business Continuity Plan ("BCP" or "Plan") summarises the framework Ladd & Co. has established to ensure the continued delivery of services to its clients, the safety of its personnel, and the integrity of its data and systems in the event of a significant business disruption.

This summary is provided for the information of clients, professional intermediaries, and counterparties. It is not a comprehensive description of the firm's internal procedures, which are maintained in confidence for security reasons.

1. Purpose and Scope

The objectives of the firm's BCP are to:

  • safeguard the safety and welfare of personnel and clients;
  • maintain the firm's ability to communicate with clients, counterparties, and professional intermediaries during a disruption;
  • preserve the integrity, security, and availability of client data, working files, and firm records;
  • ensure continuity of advisory mandates, transaction processes, and other live engagements;
  • meet the firm's professional, legal, and regulatory obligations during and following a disruption;
  • enable the orderly resumption of normal operations as quickly as practicable.

The BCP applies to all offices and personnel of Ladd & Co. across the jurisdictions in which the firm operates.

2. Categories of Disruption Addressed

The Plan is designed to respond to a range of disruption scenarios, including:

  • physical events affecting one or more of the firm's offices, including fires, floods, severe weather, and damage to premises;
  • regional events, including extended power outages, civil disturbance, transport disruption, and pandemic or public health emergencies;
  • technology and cyber events, including system outages, data loss, cyberattacks, ransomware, denial-of-service attacks, and disruption to critical service providers;
  • personnel events, including loss of key personnel, illness, or inability of personnel to access the firm's systems;
  • third-party events, including failures of cloud providers, communications platforms, document management systems, financial institutions, or other critical service providers;
  • regulatory or governmental events, including sanctions, jurisdictional restrictions, and unanticipated regulatory action.

3. Distributed Operating Model

The firm's operating model is, by design, distributed across multiple jurisdictions. The firm maintains operational presence across nine offices spanning North America, the Caribbean, Europe, the Middle East, and Asia-Pacific. Personnel are equipped to operate remotely and to coordinate across geographies as a matter of ordinary business.

This distributed structure is itself a primary continuity mechanism: a disruption affecting any single office, region, or jurisdiction does not, in itself, materially impair the firm's overall capacity to serve clients. Active engagements can be transitioned to alternate offices and personnel where required.

4. Technology and Data Resilience

The firm's core systems and data are hosted on enterprise-grade cloud infrastructure with built-in redundancy, geographic replication, and disaster recovery capabilities. Specifically:

  • the firm operates a cloud-first technology environment, avoiding reliance on physical office-based infrastructure;
  • client data, transaction records, and working files are stored in encrypted form on systems that are continuously backed up and replicated across multiple regions;
  • communications are conducted through enterprise-grade email and collaboration platforms with multi-factor authentication, conditional access, and centralised security management;
  • the firm's website, client portal, and internal applications are deployed on resilient infrastructure with geographic distribution and automated failover;
  • access to firm systems is governed by role-based access controls, conditional access policies, and continuous monitoring.

In the event of the unavailability of a primary system or service provider, alternate channels and providers are identified within the firm's continuity procedures, and personnel are equipped to transition to those channels.

5. Communications During a Disruption

In the event of a significant business disruption, the firm will use reasonable efforts to:

  • continue to receive and respond to client communications through email at office@laddco.com and through the firm's website at laddco.com, both of which are hosted on resilient external infrastructure;
  • proactively contact clients with active engagements where the disruption affects the firm's ability to deliver services in accordance with the engagement timetable;
  • coordinate with counterparties, professional intermediaries, and other parties involved in live transactions to manage execution risk.

If clients are unable to reach their usual point of contact at the firm, they should:

  1. send an email to office@laddco.com with a brief description of the matter and the urgency;
  2. consult laddco.com for any continuity notice the firm may publish; and
  3. if appropriate, contact other professional advisors connected to the matter (such as transaction counsel) to coordinate next steps.

The firm will publish a continuity notice on its Website where a disruption is sufficiently material to warrant external notification.

6. Cybersecurity and Data Protection

The firm's BCP operates in conjunction with the firm's information security programme, which addresses the prevention, detection, and response to cybersecurity events. Key elements include:

  • network and endpoint security controls;
  • multi-factor authentication and identity management;
  • encryption of data in transit and at rest;
  • regular review of access permissions;
  • security training for personnel;
  • incident response procedures, including notification protocols where personal data may be affected, in accordance with applicable data protection laws.

In the event of a cyber incident affecting personal data, the firm will respond in accordance with its obligations under the Australian Privacy Act 1988, the EU GDPR, the UK GDPR, and other applicable data protection legislation, including timely notification to affected individuals and to relevant supervisory authorities where required.

7. Personnel and Key Person Risk

The firm's structure does not concentrate operational responsibility in any single individual to a degree that would prevent continuity of services in the event of the temporary or permanent absence of any one person. Engagement responsibilities, working files, and institutional knowledge are documented and accessible to authorised personnel.

In the event of the loss of a key person, the firm will identify an alternate point of contact for affected clients and matters as promptly as practicable.

8. Service Provider and Third-Party Risk

The firm relies on a limited number of carefully selected third-party service providers for critical functions, including cloud hosting, communications, document management, document execution, identity verification, and certain compliance services. The firm assesses the resilience and continuity arrangements of its critical providers as part of its onboarding and ongoing monitoring of those relationships.

In the event of a disruption affecting a critical provider, the firm will assess the impact on its operations, deploy alternate providers or workarounds where available, and communicate with affected clients as appropriate.

9. Regulatory and Professional Coordination

In the event of a disruption that may affect the firm's compliance with legal, regulatory, or professional obligations, the firm will engage with relevant authorities, professional advisors, and counterparties as required, and will document the disruption and the firm's response in accordance with its record-keeping obligations.

10. Testing, Review, and Maintenance

The BCP is reviewed periodically and updated to reflect changes in the firm's operations, technology, regulatory environment, and risk profile. The firm conducts testing and tabletop exercises as appropriate to validate the effectiveness of the Plan and the readiness of personnel to execute it.

11. Limitations

The BCP is designed to mitigate, but cannot eliminate, the impact of disruptions on the firm's operations. The duration and severity of any disruption may affect the firm's ability to deliver services within ordinary timeframes, and certain extreme scenarios (including widespread infrastructure failures or geopolitical events affecting multiple jurisdictions simultaneously) may exceed the firm's continuity planning assumptions.

This summary is provided for general information only and does not constitute a contractual commitment by the firm in respect of the operation of any client engagement, which remains governed exclusively by the relevant engagement agreement.

12. Contact

For questions regarding the firm's continuity arrangements, please contact:

Ladd & Co. Email: office@laddco.com Website: laddco.com

© 2026 Ladd & Co. All rights reserved.

© 2026 Ladd & Co. All rights reserved.

Request an Introduction