What are the FFIEC Guidelines for a Credit Union Disaster Recovery Test?

by Kirk Drake

If you do not work for a credit union, bank or other financial institution than this post probably won’t be much use.  If you work in the financial services industry and want to know what the regulatory requirements for a Disaster Recovery test are – this post is for you.

The FFIEC, or the Federal Financial Institution Examination Council is a group made up of all of the financial industry regulator bodies.  The NCUA, FDIC, OTS and others all sit on the council and work to provide consistent audit guidelines across all agencies.   There are seven key elements that should be part of any Disaster Recovery test according to the FFIEC.

  • Roles and responsibilities should be specifically defined
  • BIA and risk assessment should serve as the foundation of the testing program,
  • Enterprise-wide testing should be conducted at least annually
  • Testing should be viewed as a continuously evolving cycle
  • Mitigation strategies should sustain the business until permanent operations are reestablished
  • The testing program should be reviewed by an independent party
  • Test results are compared against the BCP to identify any gap