Share |
Article Categories Advertising, Marketing & Trademark Antitrust and Trade Regulation Bank & Finance China Construction Corporate & Securities Electronic Discovery Resources Employment & Labor Energy Family Law Government Relations Health Law Immigration Intellectual Property Internal Investigations International Internet, Technology &
E–Commerce Life Sciences Litigation Non-Competes & Trade Secrets Real Estate Shareholder Disputes Tax Planning & Business Organization Trusts & Estates White Collar & Regulatory Defense
 
Beau J. Hurtig

Beau J. Hurtig Banking & Financial Services

bhurtig@fredlaw.com
612.492.7267
Printable Version

Banking Regulators Release Guidance Regarding Lessons Learned from Hurricane Katrina

By: BEAU J. HURTIG

December 2006

Bankers know that business continuity planning and disaster recovery are essential aspects of banking operations. Therefore, management devotes numerous hours to anticipating threats and developing measures designed to properly respond to imagined disasters that could potentially threaten banking operations. However, despite management’s best efforts, it is often difficult to anticipate every conceivable threat, especially worst case scenarios, so concrete examples of such disasters can provide essential lessons to management.

Recently, the bank regulatory agencies issued formal guidance entitled “Lessons Learned From Hurricane Katrina: Preparing Your Institution for a Catastrophic Event.” These guidelines highlight important concerns bank management should consider in reviewing their disaster recovery and business continuity plans. The following are some lessons set forth in this recently issued guidance:

What did Katrina teach us about analyzing threats to the bank?

  • Assess how well your institution is prepared for reasonably foreseeable threats across all levels of the organization, not just from the perspective of recovering and protecting information technology. Disasters can cause problems at all levels of business operations ranging from employee absence to the banking house being unavailable or even completely destroyed.
  • Categorize threats from high to low and note that every threat posing a highly adverse impact generally warrants further consideration.

How should I prepare my employees for a disaster?

  • Disaster training should include employees at every level, not just key employees, and these employees should know their responsibilities in the event of a disaster.
  • Identify and inform all employees of prioritized meeting places and alternative modes of transportation in the event of a disaster. Employees may not have the ability to travel by car, and management should consider alternative modes of transportation.

How can I test my disaster recovery and business continuity plans to ensure effectiveness?

  • Disaster recovery testing should be comprehensive and include a complete test of all support operations, business lines, and locations, including a consideration of the worst case scenario where the bank is destroyed or rendered inoperative.

What can I do to ensure the bank provides the best customer service possible in the event of an emergency?

  • Encourage customers to establish direct deposit and automatic bill paying services, which are more likely to continue operating in the event mail service is interrupted or cash becomes unavailable.
  • Develop plans for ordering larger shipments of cash in anticipation of disasters, especially forecasted natural disasters, as power and telecommunications outages can disrupt electronic forms of payment and trigger a demand for cash.

What can I do to ensure the bank can continue operating should disaster strike?

  • Maintain several days of key supplies including fuel, food, water, and medical supplies and realize that replacing these supplies may be difficult. Management may want to consider contacting appropriate vendors to maximize the possibility that the bank will receive priority in receiving additional supplies, if necessary.
  • Consider the fact that your primary facility may no longer be available in the event disaster strikes and consider entering “partner institution” or “buddy bank” agreements, which would allow emergency operation in other locations.
  • Determine in advance the types of building permits required to operate temporary facilities and maintain a list of the procedures to obtain and government authorities to contact in obtaining such permits.
  • Locate any contemplated back-up operational locations sufficiently far from the bank so that they are unlikely to be affected by the same disaster, and contact your power company to ensure these locations are not on the same power grid.
  • Contact and develop partnerships with nonprofit, volunteer, and private sector nongovernmental entities to develop plans to team up in the event disaster strikes.

How can I maximize the bank’s ability to communicate with other parties?

  • Develop, test, and update a contact list containing names of senior management, employees, customers, vendors, and key government agencies and maintain this list at all locations plus at least one off-site location.
  • Maintain a list of regulatory agency contacts and reference data to ensure clear lines of communication between the bank and its primary regulator in the event of a disaster.
  • Contact local and state officials to determine what priority, if any, will be given to your institution in restoring critical services such as electricity, telecommunications, traffic routes, and fuel services.

For more details and additional lessons, view the complete guidance available on the FDIC’s website at www.fdic.gov/regulations/resources/lessons/index.html. Your bank may have also received a booklet from your primary regulator containing this guidance.

Although the guidance is meant to aid bank management in reviewing and considering issues related to disaster management and business continuity, the guidance does not create any additional legal regulatory duties for financial institutions regarding disaster management and business continuity.