ARTICLE
22 November 2019

FFIEC Emphasizes Expanded Role Of Information Technology In Updated Business Continuity Guidance

CW
Cadwalader, Wickersham & Taft LLP

Contributor

Cadwalader, established in 1792, serves a diverse client base, including many of the world's leading financial institutions, funds and corporations. With offices in the United States and Europe, Cadwalader offers legal representation in antitrust, banking, corporate finance, corporate governance, executive compensation, financial restructuring, intellectual property, litigation, mergers and acquisitions, private equity, private wealth, real estate, regulation, securitization, structured finance, tax and white collar defense.
The Federal Financial Institutions Examination Council ("FFIEC") issued updated guidance to assist examiners in evaluations of business continuity governance at FDIC-supervised financial institutions.
United States Finance and Banking

The Federal Financial Institutions Examination Council ("FFIEC") issued updated guidance to assist examiners in evaluations of business continuity governance at FDIC-supervised financial institutions. The new booklet, titled Business Continuity Management, replaces the Business Continuity Planning booklet issued in February 2015. The new guidance provides a heightened emphasis on the expanding role of information technology ("IT") in financial institutions' business operations.

In a Financial Institution Letter, the FDIC noted that no new requirements are imposed on regulated entities as a result of the updated booklet. However, the FDIC did point out the significance of the booklet's title change from Business Continuity Planning to Business Continuity Management. According to the FDIC, this title change is designed to reflect developments in both customer and industry expectations for financial institutions' resilience of operations, as well as the important function of IT in meeting these expectations.

The booklet provides guidance on examining an entity through an enterprise risk management ("ERM") perspective and covers (i) technology, (ii) business operations, (iii) communication strategies, (iv) training, (v) testing, (vi) maintenance, and (vii) improvement. Additionally, the booklet states that the "degree of maturity, integration and documentation" between the business continuity management and ERM processes of a regulated entity should be evaluated by examiners with consideration to the entity's size, complexity and risk profile.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More