The need for business continuity planning (BCP) in the financial services industry is of utmost importance as these institutions need to be well prepared to respond in times of disaster, emergencies, crisis, threats, and other incidents. Clients need to know their finances are safe and financial institutions need to maintain a high reputation of trust to be successful in the industry.

A key reason for BCP is due to the scope of work that financial institutions provide. They need to keep accurate and up-to-date records of clients’ personal and private data, as well as client statements, loans, investments, credit cards and other important files. Another crucial reason is banks need to keep their client’s money free from harm. Third, banks and financial institutions have a complex and detailed infrastructure that needs to be fully operational 24/7 which entails their ATMs, networks, website and phone applications are all up and running. In the event their system goes down, the organization needs risk mitigation and disaster recovery strategies to resolve the issue as quickly as possible. There are also third-party vendors, employees, contractors, and others that are dependent on these institutions and need to have a place in a BCP and recovery plan.

Strategic BCP ResilienceONE provides a complete and concise software solution to exceed the requirements when creating a Business Continuity Plan for financial institutions. It offers risk management to protect the infrastructure, disaster recovery to restore IT assets, risk assessment to keep threats in check and other vital services. In addition, ResilienceONE stands behind the solution 100% with Audit Protection, a contractual assurance on passing audits with external regulators. Under this, we remediate any deficiencies in our work at our cost.

If financial institutions cannot operate, this can be detrimental to the institution and the community. Don’t leave the planning to chance. Create a sound business continuity plan and stay ahead of the competition.

REGULATIONS COVERED:

ASIS SPC 1-2009: American Society for Industrial Security

Basel II

Basel III

BS 25999-2:2007

BCI—Business Continuity Institute: The Good Practice Guidelines, International

CCPA of 1992

CFTC Rule 23.603 Commodity Futures Trading Commission

CGMP—Current Good Manufacturing Practice Regulations COBIT (Control
Objectives for Information and Related Technology)

COBIT: Control Objectives
for Information and Related
Technologies (COSO)

DOE 0 150.1:2008

DRII—Disaster Recovery Institute International: Generally Accepted
Practices for BC Practitioners

Dodd-Frank

EMAP:2010

FCD 1:2008

FCD2:2008

FEMA—Federal Emergency
Management Agency

CGC 1

CGC 2

FERC COOP:2007—Federal Energy Regulatory Commission

FERC RM01-12-00

FDA 21 CFR Part 11—Federal Drug
Administration—Pharmaceutical Companies BC

FDCA—Food, Drug, and Cosmetics Act

FDICIA—Federal Deposit Insurance Corporation Improvement Act

FFIEC—Federal Financial Institutions Examination Council: BC Planning IT Examination Handbook, U.S.

FIL 67-97/82-96.

IT Examination Handbook.

Interagency Statement on
Pandemic:2007

FINRA Rule 4370—Financial
Industry Regulations on Emergency

Preparedness & Business Continuity

FHLB Bulletin R-67—Federal Home Loan Bank

FIRREA—Financial Institutions Reform, Recovery and Enforcement Act

FISMA—Federal Information Security Management Act

FRB SR 96-22

HIPAA:1996—Health Insurance Portability And Accountability Act

HIPPA Security Rule 164.308(a)(7)(i)

HITECH:2009

Homeland Defense’s Pandemic Preparedness Handbook:2007

HSPD-21:2007

IERP—Independent Experts Review Panel

Interagency Paper on Sound
Practices to Strengthen the
Resilience of the U.S. Financial System, 2003

ISO22301—International Organization for Standardization Business
Continuity

ISO22313—International Organization for Standardization Business
Continuity

ISO22317:2015—International
Organization for Standardization BIA

ISO27001—International Organization
for Standardization

ISO31000—International Organization
for Standardization

ITIL, v2, v3

ITSCM—IT Service Continuity Management ITIL v3, International

Joint Commission-Environmental Care Standards: 2005

Joint Commission 2.30:2008

Medicare/Medicaid

NASD 3510 and 3520: National Association of Securities Dealer

NERC CIP 002-009 Cyber Security Requirement

NFA Compliance Rule 2-38:2008

NFPA 1600:2013

NFPA 1600: 2016 Standard on Disaster/Emergency Management and BC Programs, U.S.

NIST 800-34 National Institute of Standards and Technology

NYSE Rule 446: Business Continuity and Contingency Plans OCC 2001-47

OSHA 3327-05R:2009

PAHPA:2006

PPACA—Patient Protection and Affordability Care Act

Sarbanes-Oxley: Section 404 (SOX).

Sarbanes-Oxley: Japan
(J-SOX).

Securities and Exchange Act 17 CFR240:2005