Ncontracts’ Business Continuity Planning Resources for Banks and Credit Unions
You need a business continuity plan BEFORE you need a plan – one that outlines the steps to help your organization recover quickly and get back to work serving your community, and also helps you avoid compounding the initial incident with unforeseen costs and confusion.
When you are building your business continuity plan (BCP) for your bank or credit union, the resources on this page will act as valuable reference points. We want to help you plan for the events everyone hopes will never happen, so if they do, you can return to ‘business as usual’ as quickly as possible.
Is Your Vendor Prepared for Disaster?
The only thing worse than having a critical system go down is having a critical system go down and having no idea when and in what condition it will come back up. Many pages of regulatory guidance have been written…
9 Steps to an Effective Tabletop BCP Test
Testing your business continuity plan is like changing the batteries in your smoke alarm–doing it regularly will keep it accurate and in good working order.. Here are 9 steps to test your BCP without having to expend significant amounts of time or money.
How One Construction Crew Ruined the Summer Season
The word disaster conjures up images of tornadoes, hurricanes, and terrorist attacks, but sometimes it starts with a construction crew. That’s what the people of Ocracoke and Hatteras islands in North Carolina learned this summer when workers building a new bridge…
3 Ways to Keep Your Business Continuity Plan Current
The other day my friend’s basement flooded. It was a rainy night, the kind where television programs are interrupted by an emergency alert warning of a flash flood, but he wasn’t worried. He was in for the night…
Business Continuity Plan: Where to Start?
There’s no shortage of information about BCP, but having lots of information is different from having the right information. A BCP is only effective when it’s customized to cover the specific nuances of your institution. That includes…
Why Business Continuity is Critical for FI’s
Effective business continuity plans (BCPs) are essential for any business but especially critical for financial institutions. Though they vary from bank-to-bank (or credit union), the fundamentals of retail banking are the same – ensure the continuity of vital business operations, mitigate…
There is no specific regulation addressing business continuity planning (BCP) or disaster recovery planning (DRP). It is the responsibility of the financial institutions (FI) to have a plan for disasters based on the guidance provided from various agencies.
A review of guidance published across the various regulatory entities finds that all bodies refer to the FFIEC IT Handbook and the section addressing business continuity (“Business Continuity Planning” booklet). All published guidance at some point also refers to the basic elements of a BCP/DRP to include:
- Business Impact Analysis
- Risk Assessment
- Risk Management
- Risk Monitoring and Testing
We have linked to the relevant guidance.
OCC BCP Guidance
OCC BULLETIN 2015-9 – Description: Strengthening the Resilience of Outsourced Technology Services, New Appendix for Business Continuity Planning Booklet
OCC BULLETIN 2012-28 – Description: Supervisory Guidance on Natural Disasters and Other Emergency Conditions
This OCC published guidance replaced and rescinded all previous guidance (2008 and prior) on the topic of responding to natural disasters.
NCUA BCP Guidance
LETTER NO.: 09-CU-13 – SUBJ: Hurricane Preparedness and Pandemic Planning
Published in 2009 the NCUA through this Letter to Credit Unions instructed Credit Unions to update their Business Continuity and Disaster Recovery Plans to include content related to Hurricanes and the Pandemic Flu.
LETTER NO.: 01-CU-21 – SUBJ: Disaster Recovery and Business Resumption Contingency Plans
Published in 2001 the NCUA through this letter outlined elements of a BCP /DRP
LETTER NO.: 08-CU-07 – SUBJ: FFIEC Release of Updated Business Continuity Planning Examination Handbook
Published in 2008 the NCUA through this letter announced an update to examiners, credit unions, and technology service providers to identify business continuity risks, evaluate controls, and implement risk management practices for effective business continuity planning. NOTE: The guidance is an update to the original “Business Continuity Planning Booklet” which was issued in March 2003.
Letter to Corporate Credit Unions
2004-05- SUBJ: Business Continuity Planning and Business Critical Processes
Published in 2009 the OCCU (Office of Corporate Credit Union) through this letter an explanation of the basic elements of a BCP/DRP was provided.
FDIC BCP Guidance
FIL-9-2015 – Business Continuity Planning Booklet Appendix J Update to FFIEC IT Examination Handbook Series
Published in 2015 this letter provided notice to all FDIC regulated entities about the FFIEC issued appendix to the BCP booklet of the FFIEC handbook. The appendix was entitled “Strengthening the Resilience of Outsourced Technology Services.”
The Federal Financial Institutions Examination Council (FFIEC) has issued an appendix to the Business Continuity Planning (BCP) booklet of the FFIEC Information Technology Examination Handbook entitled “Strengthening the Resilience of Outsourced Technology Services.” The booklet is part of the IT Examination Handbook series and provides guidance to assist examiners in evaluating the risk management processes of financial institutions and service providers to ensure the availability of critical financial services.
FIL-40-2003 – SUBJ: New Guidance for Examiners and Financial Institutions on Business Continuity Planning and Supervision of Technology Service Providers
On May 20, 2003, the Federal Financial Institutions Examination Council (FFIEC) issued revised guidance for examiners and financial institutions to use in evaluating risk- management processes to ensure the availability of critical financial services. This guidance – The Business Continuity Planning Booklet – is the second in a series of updates to the 1996 FFIEC Information Systems Examination Handbook.
The FDIC published a work program questionnaire addressing the various examination questions an FDIC Examiner may use when addressing Business Continuity and Disaster Recovery.