Regulatory News for Financial Institutions in the Seventh Federal Reserve District

March 19, 2008

2008-3
Revised Business Continuity Examination Guidance Issued
As announced in SR 08-3, the Federal Financial Institutions Examination Council (FFIEC) has issued updated guidance for examiners, financial institutions, and technology service providers to identify business continuity risks and evaluate controls and risk management practices for effective business continuity planning. The guidance, which is included in the FFIEC Information Technology Examination Handbook, is an update to the "Business Continuity Planning Booklet," which was issued in March 2003.

The revised booklet includes enhancements to the business impact analysis and testing discussions, and addresses emerging threats and lessons learned in recent years. The booklet also stresses the responsibilities of each institution's board and management to address business continuity planning with an enterprise-wide perspective by considering technology, business operations, communications, and testing strategies for the entire institution.

The FFIEC Guidance on Pandemic Planning (SR 07-18) has been incorporated into the booklet as an appendix. A pandemic outbreak would present unique business continuity challenges, and the methodologies detailed in the booklet provide a framework for financial institutions to develop or update their pandemic plans. All financial institutions should have plans that address how the institution would operate during a pandemic event. Other changes in the booklet highlight the importance of business continuity planning for all financial institutions, regardless of whether their systems are provided in-house or through third-party service providers.

To discuss this topic with a Chicago Fed staff member, please contact: Jonathan McGinn (312) 322-6371