More Business Continuity Questions

I keep getting asked over and over from multiple sources about business continuity . This question was specifically around banking branch offices. My response may be helpful for you as well.

Yes there is a lot of movement here but it just isn’t focused on branch. Legislation moves slowly however I believe we should see something in the next year after the dual factor authentication madness passes. The focus here is Business Continuity, Risk Avoidance and Disaster Recovery. In the wake of all of the natural disasters, pandemic issues (e.g., bird flu in Asia) and man made mistakes (poor IT planning) the government is stepping in. There are several branches of the government looking at this. However there is a task force looking at this.

The Financial Services Sector Coordinating Council (FSSCC) goal is to coordinate with the appropriate members of the regulatory agencies, coordinate efforts to improve the reliability and security of financial information infrastructure. Below is a high level communication chart.

Members include:

  • Commodity Futures Trading Commission
  • Conference of State Bank Supervisors
  • Department of the Treasury
  • Farm Credit Administration
  • Federal Deposit Insurance Corporation
  • Federal Housing Finance Board
  • Federal Reserve Bank of New York

FFIBIC Members Include:

  • Federal Reserve Board
  • National Association of Insurance Commissioners
  • National Association of State Credit Union Supervisors
  • National Credit Union Administration
  • North American Securities Administrators Association
  • Office of the Comptroller of the Currency
  • Office of Federal Housing Enterprise Oversight
  • Office of Thrift Supervision
  • Securities and Exchange Commission
  • Securities Investor Protection Corporation

In the standards arena there are many emerging working groups within standards bodies as well around BC. Those include:

  • BITS
  • FSTC
  • ISO
  • IFX
  • Carnegie Mellon
  • CERT

Also look at the FFIEC guidance as well:
https://www.ffiec.gov/ffiecinfobase/booklets/bcp/bps_02_bcp_process.html

The OCC has been ratcheting up the pressure on business continuity in a very general sense by issuing advisories, such as this https://www.occ.treas.gov/ftp/bulletin/2006-12a.pdf

This FDIC study discusses some of the branch connectivity problems resulting from Katrina for branches that were wholly network-dependent.https://www.fdic.gov/regulations/examinations/supervisory/insights/sisum06/article02_hurricanes.html.  However, the study  contains the caveat that “this article is not a regulatory guide to business continuity planning.”