Welcome to Rothstein Publishing!
FFIEC releases new Business Continuity Management examination booklet

The United States Federal Financial Institutions Examination Council (FFIEC) has released a new Business Continuity Management examination booklet that provides updated guidance for examiners to audit Business Continuity programs for financial institutions.

The “Business Continuity Management” (BCM) booklet is one in a series of booklets that comprise the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook). The IT Handbook is prepared for use by examiners. With the publication of this booklet, the FFIEC member agencies replace the “Business Continuity Planning” booklet issued in February 2015. The change from business continuity planning to business continuity management reflects the changes in customer and industry expectations for the resilience of operations.

The BCM booklet describes principles and practices for IT and operations for safety and soundness, consumer financial protection, and compliance with applicable laws and regulations. The BCM booklet also outlines BCM principles to help examiners evaluate how management addresses risk related to the availability of critical financial products and services. This booklet discusses BCM governance and its related components, including resilience strategies and plan development; training and awareness; exercises and tests; maintenance and improvement; and reporting for all levels of management, including the board of directors.

The focus of this revised booklet is on enterprise-wide, process-oriented approaches that consider technology, business operations, testing, and communication strategies critical to the continuity of the entire entity. However, business continuity should not be focused only on the planning process to recover operations after an event, but rather it should include the continued maintenance of systems and controls for the resilience of operations. Business continuity should be incorporated into the risk management life cycle of all systems, processes, and operations of an entity.

The full document can be viewed here: https://ithandbook.ffiec.gov/media/296178/ffiec_itbooklet_businesscontinuitymanagement.pdf