An official website of the United States government
Parts of this site may be down for maintenance Saturday, November 23, 7:00 p.m. to Sunday, November 24, 9:00 a.m. (Eastern).
OCC Bulletin 2019-57 | November 14, 2019
Share This Page:
Chief Executive Officers of All National Banks, Federal Savings Associations, and Federal Branches and Agencies; Technology Service Providers; Department and Division Heads; All Examining Personnel; and Other Interested Parties
The Federal Financial Institutions Examination Council (FFIEC) revised the "Business Continuity Management" booklet, one of a series of booklets that make up the FFIEC Information Technology Examination Handbook (IT Handbook). The revised "Business Continuity Management" booklet provides information for examiners to assess the adequacy of a bank's risk management related to the availability of critical financial products and services. The revised booklet replaces the "Business Continuity Planning" booklet issued in February 2015 and rescinds OCC Bulletin 2015-9, "FFIEC Information Technology Examination Handbook: Strengthening the Resilience of Outsourced Technology Services, New Appendix for Business Continuity Planning Booklet."
This booklet applies to the OCC's supervision of all national banks and federal savings associations (collectively, banks). Community banks should maintain effective business resilience and continuity commensurate with their operational complexities.
This booklet describes the following:
Business continuity management is the process for management to oversee and implement resilience, continuity, and response capabilities to safeguard employees, customers, and products and services. Disruptions such as cyber events, natural disasters, or man-made events can interrupt a bank's operations and can have a broader impact on the financial sector. The focus of business continuity management should be on more than just the planning process to recover operations after an event. It also should include the continued maintenance of systems and controls for the resilience and continuity of operations. Resilience incorporates proactive measures to mitigate disruptive events and evaluate a bank's recovery capabilities. A bank's business continuity management program should align with its strategic goals and objectives. The focus of this revised booklet is on enterprise-wide, process-oriented approaches that consider technology, business operations, testing, and communication strategies critical to the continuity of the entire business. Management should incorporate business continuity into the risk management life cycle of a bank's systems, processes, and operations.
Please contact Kevin Greenfield, Director for Bank Information Technology, at (202) 649-6340.
Grovetta N. Gardineer Senior Deputy Comptroller for Bank Supervision Policy