|Business Continuity Planning|
|Business Continuity Planning||Business Continuity Process||Matters to Consider|
The board of directors, along with senior management, is responsible for a bank’s business continuity plan (BCP). The board and management determine provisions for the identification, assessment, prioritization and management of the bank in the event of uncontrollable, non-specific risks (in other words, random events). They also establish polices that set how the bank will manage these risks and develop training programs to ensure that employees understand their roles and responsibilities under the bank’s BCP. Additionally, they subject the business continuity process to independent review by internal and external audit. They periodically test the plan to determine its adequacy and to ascertain gaps that need to be fixed, and periodically review the plan and update it for changes in the bank’s operating environment.
The business continuity process of a bank is no different than the processes to control or mitigate other risks. The words may be different, but the process boils down to:
Why Do Banks Have Business Continuity Plans?
Your bank should have a business continuity plan and implement the basic components of the business continuity process to ensure resiliency from uncontrolled, nonspecific events. These events include:
The primary focus of BCP is to restore a bank to normal operations following an unpredicted random event. Consequently, attention is directed toward minimizing the impact of the event on your personnel, facilities, utilities, vital records access, hardware/software accessibility, etc., rather than addressing the cause.
For example, weather conditions that can lead to a tornado are well known. However, the old adage, “everyone talks about the weather, but nobody does anything about it,” is particularly relevant here. A bank has no ability to change the factors that can lead to a tornado. Instead, the bank can instead minimize the tornado’s effects on its operations with a good BCP.