Disaster Recovery Revisited: 5 Things You May Not Have Considered (for a while)With David Reed
- 1 Video
- 2 PDFs
- 2.0 hrs
ICB Credit: 2.5 CRCM
Your Disaster Recovery Plan is at the heart of your business continuity efforts. Now is a great time to blow the dust off of your existing plan and make sure it is fully ready to meet the demands of both your current operations and the current business environment. Don't rest on the fact that your IT department has told you they have backup plan upon backup plan. Even a fully effective IT Disaster Recovery Plan is only a means for keeping your computers functioning. What about the rest of your operations? Will you have a roof over your head, staff in place and the ability to take deposits, make loans and allow access to your customer's finances?
You need to roll your sleeves up and continually revise your plan to make sure it anticipates the threats most likely to affect your operations and provides solutions to make certain those threats do not damage your operations or reputation. Such threats include fire, flooding, hurricane, tornado, sabotage, riots, power failure, fraud, theft, equipment failure, pandemic, and others.
One size does not fit all institutions. Some banks will find their most likely threats are small in scope but have a high probability of causing service disruptions. For example, such mundane issues as computer malfunctions, temporary telecommunications interruptions, delayed currency deliveries, or ATM malfunctions can cause serious issues within your operations. Some will find their biggest threats involve terrorism or location "issues" such as being located only within highly secure federal buildings. Either way, you need to be prepared.
Many plans overlook efficacy and communications in their strategies. Sequencing is vital to consider within your plans. There is a direct link between critical systems and providing vital financial services to customers. Once the critical systems are selected, they should be further prioritized to ensure systems are restored in the sequence of greatest priority and to address any interdependencies.
And, never forget your customers. Effective communications should not be left to chance. Planning is key. A key lesson learned from previous disasters is that focusing on "communication" is essential to successfully prepare for and operate during disaster conditions.
Disaster Recover Plans must also recognize the role of outside parties such as vendors, the government and regulators in working through a disaster. Ideally, within the first 24 hours following a disaster, all significant outside parties will be contacted including your regulator. Does your plan include contact information and assign responsibility for such measures?
When was the last time you tested your plan? Your operations have probably changed dramatically over the last several years. From products to facilities and staff to business environment, you are not living in the same world you were 10 years ago. Best practices are to test disaster preparedness and response plans at least annually. This will help ensure the Disaster Recovery Plan adequately addresses all essential functions. Disaster drills should be created that realistically address threats to the bank and involve staff members from a cross-section of the institution. In the event that a third party is used to perform or facilitate tests, they must be knowledgeable in the institution's critical functions and disaster response goals. You should ensure your vendor agreements keep pace with changes in your asset size, complexity of services, and customer base. Test should always be documented and work papers maintained demonstrating that all critical functions and areas have been tested.
The plan should be treated as a "living document" to be updated as changes occur in systems, services, staffing, vendors, and physical locations. Updates should also be made for new and emerging threats (e.g., pandemic flu) and lessons learned from overcoming disasters. After your bank activates part of its plan, an evaluation should be made to document success and note items to improve. When was the last time you did this?
This session will cover:
- Recent Regulatory and Examination Guidance
- Lessons learned since Katrina
- Updated Threat Inventory and Analysis Techniques
- 5 Things You May Have Overlooked in your Current Plan
Who should attend?
This session is designed for executives, senior managers, branch managers, compliance staff, facilities staff, auditors, risk managers, IT and anyone involved in the business continuity and disaster recovery programs at their institution.
- Audit and Internal Controls
- Branches and Frontline
- Business Continuity
- Compliance Management and Auditing
- Operations Compliance
- Risk Management
Attorney, author, consultant and nationally recognized speaker, David A. Reed is a partner in the law firm of Reed and Jolly, PLLC. Through Reed and Jolly, Mr. Reed provides guidance to financial institutions concerning a variety of matters including the establishment and revision of policies and procedures, organizational compliance, collections, security, contractual agreements, regulatory matters and corporate governance. His engaging speaking style has garnered him status as a regular lecturer nationwide on topics such as regulatory compliance, consumer lending, bankruptcy and collections. He offers facilitation services and a full range of on-site training programs that can be delivered to the Board, executive team, managers or frontline staff.
A former trial attorney and Vice President and General Counsel of a regional financial institution, Mr. Reed is particularly noted as an expert in the areas of financial institution operations, bankruptcy and collections. He has been selected to train federal and state field examination staff on numerous issues including ID Theft Red Flags, S.A.F.E Act, Third Party Contract Management and Bankruptcy. He also serves as editor of several industry manuals.
Mr. Reed received his undergraduate degree from Virginia Tech in 1986 and his Juris Doctorate from George Mason University School of Law in 1989. He is a Certified Compliance Officer and resides in Fairfax, Virginia with his wife Diane and their twin daughters.