Financial Update (Fourth Quarter 2002)
Careful Contingency Planning Can Save the Day
By Lynn Woosley, senior financial analyst
isasters come in varying shapes and sizes. Very few will be as devastating and far-reaching as the events of Sept. 11, 2001. Every financial institution, though, needs to be prepared for crisis management through careful contingency planning. A financial institution that can’t resume operations promptly in the event of a disaster may suffer damage to its reputation and customer recognition from failure to maintain customer services, protect the company assets, or meet legal or regulatory requirements. Quite simply, failure to make appropriate continuity plans puts an institution at risk.
In addition, some institutions underestimated the effects of geographic and market concentrations when planning redundancies for some of their vendors. Telecommunications backup was one such area. Many backups did not perform well because the alternate providers and routings traveled through common switching stations. And even institutions located far from New York discovered operational problems at their vendors and counterparties.
Many institutions found that their resumption plans were outdated, incomplete or inadequate. Some plans ignored the need to recover noncomputerized records. Some firms with sophisticated data backup routines had trouble with software or hardware incompatibility or inadequate systems or telecommunications. In some cases, managers did not have off-site copies of their recovery plans.
The best-laid plans
Business continuity planning is not a “one-size-fits-all” endeavor. Smaller, less complex institutions may not need or be able to follow all of the best practices. Larger and more critical institutions may be held to a higher standard (see sidebar). The past year, however, has shown the need for all financial institutions to understand their business continuity needs and plan accordingly.
Practices That Keep the System Bouncing Back
he Board of Governors of the Federal Reserve System, along with other federal financial agencies, in August issued a draft white paper, “Sound Practices to Strengthen the Resilience of the U.S. Financial System.” The paper presents business continuity best practices for core clearing and settlement organizations and other firms that play significant roles in critical wholesale financial markets and large-value payment systems. Public comments on the paper were due in October.
As discussed in the paper, core clearing and settlement organizations are the large-value payment system operators and market utilities such as Fedwire, Bank of New York and JPMorgan Chase. For such firms, which play significant roles in critical financial markets, failure to perform critical activities by day’s end would pose a systemic risk to the financial system because of the firms’ size and volume of activities. The regulatory agencies believe these firms should meet a higher standard for continuity planning.
The paper identifies four sound practices to address the risks of wide-scale disruptions: (1) identifying all critical activities in support of critical markets; (2) determining recovery and resumption time objectives; (3) having backup arrangements with sufficient out-of-region staff, equipment and data to meet the objectives; and (4) routinely testing or using the backup arrangements.
The critical activities mentioned in the paper include completing pending large-value payment instructions; clearing and settling material pending transactions; meeting material end-of-day funding and collateral obligations; managing material open-firm and customer-risk positions; communicating customer and firm positions, reconciling the day’s records and safeguarding firm and customer assets; and performing all support and related functions integral to the above activities.
To help ensure the financial system’s continuing strong performance, core clearing and settlement organizations need to recover and resume critical activities within two hours in most instances. Firms that play significant roles in critical markets should meet recovery and resumption time targets of four hours. Recently, the New York Stock Exchange and the National Association of Securities Dealers Inc. proposed similar rules requiring their member organizations to develop and maintain contingency plans.
See the complete text of the paper at www.federalreserve.gov/boarddocs/press/bcreg/2002/20020830/default.htm.