![]() |
![]() |
![]() |
![]() |
![]() |
Home > News & Events > Inactive Financial Institution Letters
|
![]() |
|
![]() |
![]() |
Inactive Financial Institution Letters |
FIL-68-97
|
||||||||
The interagency Federal Financial Institutions Examination Council (FFIEC) on
March 26, 1997, adopted a revised policy statement on Corporate Business
Resumption and Contingency Planning. The policy statement is attached.
The revised statement continues to emphasize the importance of business
recovery planning and explains the goals associated with an effective
business resumption and contingency plan. Revisions to the policy
statement acknowledge the increased use of distributed computer
environments and increased reliance on external service providers for
mission-critical bank activities. A financial institution's Board of
Directors is responsible for
ensuring that a comprehensive business resumption and contingency
plan has been implemented.
The revision was conducted as part of the combined agency
Community Development and Regulatory Improvement Act (CDRIA)
effort to streamline agency regulations and written policies
to improve efficiency, reduce unnecessary costs, eliminate
unwarranted constraints on credit availability, and remove
duplicative requirements.
Contingency plans are evaluated by examiners during
regular supervisory reviews of the institution. For
more information, please contact your Division of
Supervision Regional Office.
Attachment (below)
Distribution: FDIC-Supervised
Banks (Commercial and Savings)
NOTE: Paper copies of
FDIC financial
institution letters may
be obtained through the
FDIC's Public
Information Center, 801
17th Street, N.W., Room
100, Washington, D.C.,
20434 ((703) 562-2200 or
800-276-6003).
To:
Chief
Executive
Officers
of
all
Federally
Supervised
Financial
Institutions,
Senior
Management
of
each
FFIEC
Agency,
and
all
Examining
Personnel
PURPOSE
This
statement
emphasizes
to
the
board
of
Directors
and
senior
management
of
each
financial
institution
the
importance
of
corporate
business
resumption
and
information
systems
contingency
planning
functions.
This
includes
planning
for
the
recovery
of
critical
information
systems
processing
and
operations
supported
by
external
service
providers.
This
statement
also
addresses
issues
that
management
should
consider
when
developing
a
viable
contingency
plan.
BACKGROUND
Information
systems
technology
has
evolved
into
a
critical
facet
of
the
corporate
structure
of
financial
institutions.
Transaction
processing
and
business
applications
are
no
longer
restricted
to
mainframe
computer
environments.
The
use
of
distributed
platforms
(including
mid-range
computers,
client/server
technology,
and
local
and
wide
area
networks)
for
mission-critical
business
functions
expands
the
scope
of
contingency
planning.
Corporate
and
customer
services
throughout
financial
institutions
are
now
more
dependent
on
direct
access
to
information
and
accounts.
This
includes
contemporary
financial
delivery
systems
and
services
such
as
PC-banking,
corporate
cash
management,
and
Internet
promotion.
These
services
represent
key
transactional,
strategic,
and
reputational
issues
for
the
financial
institutions.
Often
these
services
depend
on
a
combination
of
internal
and
external
information
processing
services.
Outsourcing
arrangements
and
other
technology
alliances
involve
unique
considerations
which
also
expand
the
boundaries
of
contingency
planning.
Business
recovery
planners
must
recognize
this
new
environment
and
the
risks
it
may
pose
to
the
financial
institution.
The
importance
of
these
operations
and
service
units
requires
effective
business
recovery
planning
from
a
corporate-wide
perspective.
DEFINITION
Contingency
planning
is
the
process
of
identifying
critical
information
systems
and
business
functions
and
developing
plans
to
enable
those
systems
and
functions
to
be
resumed
in
the
event
of
a
disruption.
The
process
includes
testing
the
recovery
plans
to
ensure
they
are
effective.
During
the
testing
process
management
should
also
verify
that
business
unit
plans
complement
the
information
system
plans.
GOALS
The
goal
of
an
effective
contingency
plan
and
recovery
process
is
to
facilitate
and
expedite
the
resumption
of
business
after
a
disruption
of
vital
information
systems
and
operations.
The
principle
objectives
are
to:
It
is
important
for
both
financial
institutions
and
their
service
bureaus
to
regularly
assess
risks
associated
with
the
loss
or
extended
disruption
of
business
operations
and
to
evaluate
their
vulnerability
to
those
risks.
To
achieve
contingency
planning
and
business
resumption
goals
and
objectives,
senior
management
should
ensure
that:
POLICY
The
board
of
Directors
and
senior
management
of
each
financial
institution
is
responsible
for:
Furthermore,
if
the
financial
institution
receives
information
processing
from
a
service
bureau,
senior
management
also
has
a
responsibility
to:
Please
refer
to
the
FFIEC
Information
Systems
Examination
Handbook
for
specific
guidance
on
developing
an
organization-wide
contingency
plan.
|
Last Updated 11/13/2018 | communications@fdic.gov |