Regulators update IT exam guidance on business continuity, with focus on operational resilience

The Business Continuity Management booklet within federal financial institution regulators’ Information Technology Examination Handbook has been revised to emphasize the importance of ensuring financial institutions’ preparedness to avoid disruptions in operations and to recover services.

The revised booklet, announced Thursday by the Federal Financial Institutions Examination Council (FFIEC), focuses on enterprise-wide approaches that address technology, business operations, testing, and communication strategies critical to the continuity of the business. It describes principles and practices for information technology (IT) and operations designed to achieve safety and soundness, consumer financial protection, and compliance with applicable laws, regulations, and rules.

The booklet, regulators noted, “describes principles to help examiners determine whether management addresses risks related to the availability of critical financial products and services” and includes updated examination procedures to help examiners assess the adequacy of an entity’s overall business continuity management program.

The guidance is for examiners of depository institutions (banks, thrifts, and credit unions), nonbank financial institutions, bank holding companies, and third-party service providers; it’s also a tool institutions can use to understand examiners’ expectations.

The Federal Deposit Insurance Corp. (FDIC), Federal Reserve Board, Office of the Comptroller of the Currency (OCC), National Credit Union Administration (NCUA), and Consumer Financial Protection Bureau (CFPB) are all part of the umbrella FFIEC.

Financial Regulators Revise Business Continuity Management Booklet to Stress to Examiners the Value of Resilience to Avoid Disruptions to Operations