Skip to main content

The place for all things credit union™
Log in
Business continuity

The evolution of business continuity: From recovery to resilience

business continuity

You arrive at your credit union one morning to get ready to open for the day, only to discover your core processing environment is offline. What do you do?

I’m guessing that your answer today may be significantly different from one you would have given, say, fifteen years ago. A lot has changed in our world. Technology has improved, infrastructure is more robust, internet speeds and bandwidth have increased and—as a result—outages have become far more rare events.

Our human behaviors also have changed. Because technology has become ubiquitous and reliable in our work and everyday life, we are less used to dealing with disruptions and less (likely far less) ready to respond effectively when they occur. Fifteen years ago, when presented with this scenario, many credit unions and their staff had significant experience in conducting business without technology, paper transaction slips and hand-written receipts were close at hand, a paper copy of last night’s full trial balance report was in the building, and most of the team had experienced one or more outages. You knew exactly what you needed to do to continue to seamlessly serve members.

When I first entered the financial services industry (and I won’t say when that was), most of the focus and energy to plan for and respond to disruptive events was purely focused on technology and had a different name than what we call Business Continuity today: Disaster Recovery (DR). Credit unions created DR plans to document the processes and resources to needed restore critical applications and infrastructure following an interruption.

Y2K: The tipping point

The pivotal moment that caused the shift from DR to Business Continuity revolved around something as innocuous as a date on the calendar: January 1, 2000, and an equally innocuous decision in the early days of computing to save limited system memory space by making the year field in a date entry two digits instead of four. This decision meant that computer systems would treat January 1, 2000, as January 1, 1900, potentially causing massive system crashes and world-wide disruptions.

Dubbed Y2K, the remediation effort involved years of effort by governments and organizations around the world and hundreds of billions of dollars to rectify. Because of that immense effort, the actual date change became mostly a non-event with few major errors occurring.

At that moment in time at my organization, it was decided that the information gathering and contingency planning on the business side of the organization could be applied to other potential disruption events, and our Business Continuity program was born.

The impacts of a pandemic on business continuity

Another pivotal event, the COVID pandemic, caused organizations and credit unions to develop options for disbursing staff and remote work, along with creative ways to conduct business when they must close lobbies. Business Continuity strategies that came out of the COVID pandemic include:

  • Greater adoption of technologies that reduce or eliminate the need for in-person transactions (Remote Deposit Capture, DocuSign, digital banking, and more).
  • Increased germ control measures (reducing touchpoints in lobbies, providing hand sanitizer, implementing more frequent and more robust cleaning/sanitizing measures, adding physical barriers at the teller line and in member-facing offices, using disposable pens, having temperature checks, masking, etc.).
  • Identification of business functions and staff members that can switch to remote work when needed, and implementation of technologies to support this activity (remote desktop, virtual desktop, and voice over IP phone systems).
  • Development/implementation of increased security measures to reduce the risk of bad actors gaining access to critical systems or member data (Multi-Factor Authentication, transaction limits/controls, security training for staff, and education/awareness building for members).

The current state of business continuity

Today, it’s very common for a significant portion of credit union staff to be younger and have little to no experience with a core system outage or how to conduct business manually. Physical copies of trial balance reports are virtually non-existent, and most full reports are only run weekly. We have become both more adept with technology and more helpless without it.

Over time, Business Continuity planning has evolved to incorporate more redundancies to lessen the risk (and impacts) of an outage. Where a credit union may have had a single connection to a core provider that was then shared with their other branches, they likely now have both a backup connection option and direct connections to multiple or all branches.

Single branch credit unions who previously may have only identified a reciprocal credit union from where they could set up a teller spot and establish connectivity to their core processor, have likely worked with both their own and the host credit union’s technology services provider to establish options for network and server recovery. They have also likely had staff log in to the host systems, confirm core environment access, and worked through logistics for cash management, check scanning, supplies and plan documentation storage, and communication templates for informing members of alternate site and alternate service delivery options (such as Shared Branching, the ATM network, digital banking, Remote Deposit Capture, and more).

An evolution to resilience planning

Today, we see the overall discipline shifting from Continuity—our ability to continue operating and providing service to our members, to Resilience—creating capacity to withstand or adapt to disruptive events or industry shifts. The ways in which that shift manifests involves technology, business processes, and people. There are many strategies that credit unions can put into use today when approaching their business resiliency planning:

  • Expand the planning effort from management and supervisors to all levels, including frontline staff.
  • Increase the testing and exercising of plans while incorporating more robust testing methodologies.
  • Achieve a better understanding of partner/service provider preparedness and response efforts.
  • Build greater awareness and understanding of the planning efforts with members.
  • Take published plan documentation to a more granular level (business area, team, etc.).
  • Provide staff with training and quick reference guides while including them in exercises to build awareness and confidence.
  • Work with your technology partners and service providers to better understand the planning they have in place and what their response processes look like will help inform your own planning efforts.

Collectively, these steps demonstrate your commitment to service while increasing staff and member knowledge and confidence in the credit union if and when an event occurs.

Conclusion

Disaster Recovery was a technology effort. Business Continuity was an organizational effort. Resiliency is a community effort that involves your technology, your credit union organization, your partners/service providers, and your members.

Bill Ashland
Bill Ashland

Synergent

With business continuity experience dating back to the Y2K era, Bill is a recognized innovator and thought leader in the preparedness industry. His fifteen years with Synergent also includes overseeing the vendor management program for the organization. He works closely with dozens of client credit unions, facilitating their business continuity planning efforts and providing business continuity planning and vendor management subject-matter expertise and support.

Daily Credit Union News – Straight to Your Inbox

Join thousands of credit union industry professionals who start their day with the latest news, events and technology supporting the credit union industry.

Contact Synergent

Interested in learning more?

Get in touch

Recommended for you