Federal Financial Institutions Examination Council
|For Immediate Release||March 19, 2008|
FINANCIAL REGULATORS RELEASE UPDATED BUSINESS CONTINUITY PLANNING BOOKLET
The Federal Financial Institutions Examination Council (FFIEC) today issued updated guidance for examiners, financial institutions, and technology service providers to identify business continuity risks and evaluate controls and risk management practices for effective business continuity planning. The guidance is an update to the "Business Continuity Planning Booklet," which was issued in March 2003.
The revised booklet includes enhancements to the business impact analysis and testing discussions and addresses emerging threats and lessons learned in recent years. The booklet also stresses the responsibilities of each institution's board and management to address business continuity planning with an enterprise-wide perspective by considering technology, business operations, communications, and testing strategies for the entire institution.
Key elements of the FFIEC's December 2007 Interagency Statement on Pandemic Planning have been added to the booklet. A pandemic outbreak would present unique business continuity challenges. The methodologies detailed in the booklet provide a framework for financial institutions to develop or update their pandemic preparedness plans. All financial institutions should have plans that address how the institution will function during a pandemic event.
Other changes in the booklet highlight the importance of business continuity planning for all financial institutions, regardless of whether their systems are provided in-house or through third-party service providers, as well as the lessons learned from financial institutions that suffered damage from hurricanes Katrina and Rita. Electronic versions of the Business Continuity Planning Booklet and other IT Examination Handbook booklets are available at http://ithandbook.ffiec.gov/.
The FFIEC IT Examination Handbook is a collaborative effort of the FFIEC's Information Technology Subcommittee of the Task Force on Supervision. The Information Technology Subcommittee promotes uniform and effective information technology policies and supervisory programs for financial institutions and their service providers.
The FFIEC was established in March 1979 to prescribe uniform principles, standards, and report forms and to promote uniformity in the supervision of financial institutions. The Council has six voting members: the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency, the Office of Thrift Supervision, and the State Liaison Committee. The Council's activities are supported by interagency task forces and by an advisory State Liaison Committee, comprised of five representatives of state agencies that supervise financial institutions.