Important paper released overnight (our time) from the Joint Forum of the BCBS. This one is one business continuity and you can expect the regulators to include its principles in future reviews and audits. Most institutions will have already reviewed their plans in light of many recent threats to business continuity, but you may want to review these in light of these principles and write up a paper for the regulator on how you meet these.
If you really do not want to read the full paper, the principles are over the fold.
- Principle 1 emphasises that the requirement for sound business continuity management applies to all financial authorities and financial industry participants and that the ultimate responsibility for business continuity management – not unlike the management of other risks – rests with an organisation’s board of directors and senior management.
- Principle 2 advises organisations that they should explicitly consider and plan for major operational disruptions. While this concept may be new for many organisations, it is considered important in light of the increasing frequency of such events.
- Principle 3 states that financial industry participants should develop recovery objectives that reflect the risk they represent to the operation of the financial system. Financial industry participants that provide critical services to, or otherwise present significant risk to the operation of, the financial system should target higher standards in their business continuity management than other participants. This concept may be new for some financial industry participants. Because the steps necessary to improve the resilience of the financial system may be more costly than the steps such participants would choose to undertake on their own, financial authorities are encouraged to participate, as appropriate, in identifying recovery objectives that are proportionate to the risk posed by a given participant in order to achieve a reasonably consistent level of resilience.
- Principle 4 stresses the critical importance of business continuity plans addressing the full range of internal and external communication issues an organisation may encounter in the event of a major operational disruption. The principle specifically recognises that clear, regular communication during a major operational disruption is necessary to manage a crisis and maintain public confidence.
- Principle 5 highlights the special case of cross-border communications during a major operational disruption. Given the deepening interdependencies of financial systems across national boundaries, this principle advises financial industry participants and financial authorities to adopt communication protocols that address situations where cross border communication may be necessary.
- Principle 6 emphasises the need to ensure that business continuity plans are effective and to identify necessary modifications through periodic testing.
- Finally, to ensure that financial industry participants are in fact implementing appropriate approaches to business continuity management that reflect the recovery objectives adopted in accordance with Principles 1 and 3, Principle 7 calls upon financial authorities to incorporate business continuity management reviews into their frameworks for assessing financial industry participants.