Financial regulators revise Business Continuity Management booklet to stress to examiners the value of resilience to avoid disruptions to operations
ARLINGTON, VA (November 14, 2019) — The members of the Federal Financial Institutions Examination Council (FFIEC) today emphasized that examiners understand how management of banks and other regulated entities, including depository financial institutions, nonbank financial institutions, bank holding companies, and third-party service providers, have prepared their operations to avoid disruptions and to recover services.
The updated Business Continuity Management booklet focuses on enterprise-wide approaches that address technology, business operations, testing, and communication strategies critical to the continuity of the business. The booklet describes principles and practices for information technology (IT) and operations designed to achieve safety and soundness, consumer financial protection, and compliance with applicable laws, regulations, and rules.
As the booklet makes clear, business continuity focuses on more than just the planning process to recover operations after an event. Business continuity also includes the continued maintenance of systems and controls for the resilience and continuity of operations. Business continuity is an integral part of the risk management life cycle of an entity’s systems, processes, and operations.
The Business Continuity Management booklet describes principles to help examiners determine whether management addresses risks related to the availability of critical financial products and services. The booklet uses common terms and builds on widely used standards to facilitate effective supervision. The updated examination procedures will also help examiners assess the adequacy of an entity’s overall business continuity management program.
The Business Continuity Management booklet is part of the FFIEC Information Technology Examination Handbook (IT Handbook) and replaces the Business Continuity Planning booklet issued in February 2015.
The IT Handbook is available at http://ithandbook.ffiec.gov/.
The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. The Council has six voting members: the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, the National Credit Union Administration, the Consumer Financial Protection Bureau, and the State Liaison Committee. The Council’s activities are supported by interagency task forces and by an advisory State Liaison Committee, comprised of five representatives of state agencies that supervise financial institutions.