5 September 2002
Source: http://www.access.gpo.gov/su_docs/aces/fr-cont.html
-----------------------------------------------------------------------
[Federal Register: September 5, 2002 (Volume 67, Number 172)]
[Notices]
[Page 56835-56842]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr05se02-52]
-----------------------------------------------------------------------
FEDERAL RESERVE SYSTEM
[Docket No. R-1128]
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
[Docket No. 02-13]
SECURITIES AND EXCHANGE COMMISSION
[Release No. 34-46432; File No. S7-32-02]
Draft Interagency White Paper on Sound Practices to Strengthen
the Resilience of the U.S. Financial System
AGENCIES: Board of Governors of the Federal Reserve System (Board);
Office of the Comptroller of the Currency, Treasury (OCC); and
Securities and Exchange Commission (SEC).
ACTION: Request for comment.
-----------------------------------------------------------------------
SUMMARY: The Federal Reserve, the Office of the Comptroller of the
Currency and the Securities and Exchange Commission are publishing this
draft white paper on Sound Practices to Strengthen the Resilience of
the U.S. Financial System for comment. The New York State Banking
Department and the Federal Reserve Bank of New York also participated
in drafting the paper. The New York State Banking Department is issuing
the paper separately for comment by interested persons. The federal
agencies and the New York State Banking Department are referred to as
the ``agencies'' in the paper. The paper discusses the views of the
agencies on sound practices based on discussions with industry
representatives on how the events surrounding September 11, 2001, have
altered business recovery and resumption expectations for purposes of
ensuring the resilience of the U.S. financial system and seeks comments
on those views.
DATES: Comments must be received on or before October 21, 2002.
ADDRESSES: Comments should be directed to:
Board: Comments should refer to Docket No. R-1128 and should be
submitted to Ms. Jennifer J. Johnson, Secretary, Board of Governors of
the Federal Reserve System, 20th Street and Constitution Avenue, NW,
Washington, DC 20551, or mailed electronically to
regs.comments@federalreserve.gov. Comments addressed to Ms. Johnson may
also be delivered to the Board's mail facility in the West Courtyard
between 8:45 a.m. and 5:15 p.m., located on 21st Street between
Constitution Avenue and C Street, NW. Members of the public may inspect
comments in Room MP-500 of the Martin Building between 9 a.m. and 5
p.m. on weekdays pursuant to Sec. 261.12, except as provided in Sec.
261.14, of the Board's Rules Regarding Availability of Information, 12
CFR 261.12 and 261.14.
OCC: Please direct all comments concerning this paper to: Office of
the Comptroller of the Currency, 250 E Street, SW., Public Information
Room, Mail Stop 1-5, Washington, DC 20219, Attention: Docket No. 02-13;
fax number (202) 874-4448; or Internet address:
regs.comments@occ.treas.gov. Due to recent temporary disruptions in the
OCC's mail service, we encourage the submission of comments by fax or
e-mail whenever possible. Comments may be inspected and photocopied at
the OCC's Public Reference Room, 250 E Street, SW, Washington, DC. You
can make an appointment to inspect comments by calling (202) 874-5043.
SEC: All comments concerning the paper should be submitted in
triplicate to Jonathan G. Katz, Secretary, Securities and Exchange
Commission, 450 5th Street, NW., Washington, DC 20549-0609. Comments
can be submitted electronically at the following E-mail address: rule-
comments@sec.gov. All comment letters should refer to File No. S7-32-
02; this file number should be included on the subject line if E-mail
is used. All comments received will be available for public inspection
and copying in the Commission's Public Reference Room, 450 5th Street,
NW., Washington, DC 20549. Electronically submitted comment letters
will be
[[Page 56836]]
posted on the Commission's Internet Web site (http://www.sec.gov).
FOR FURTHER INFORMATION CONTACT: Board: Jeffrey Marquardt, Associate
Director, Division of Reserve Bank Operations and Payment Systems (202)
452-2360; or Angela Desmond, Assistant Director, Division of Banking
Supervision and Regulation (202) 452-3497.
OCC: Ralph Sharpe, Deputy Comptroller for Bank Technology (202)
874-4572; or Aida Plaza Carter, Director, Bank Information Technology
Operations (202) 874-4740.
SEC: David Shillman, Counsel to the Director, Division of Market
Regulation (202) 942-0072; or Peter Chepucavage, Attorney Fellow (202)
942-0163.
SUPPLEMENTARY INFORMATION: Based on in-depth discussions with industry
representatives, the agencies have reached certain conclusions
regarding the necessity to assure the resilience of critical U.S.
financial markets in the face of wide-scale, regional disruptions and
identified a number of sound practices to strengthen the resiliency of
the overall U.S. financial system and the respective U.S. financial
centers. Ensuring the resilience of critical financial markets requires
that core clearing and settlement organizations and other firms that
play significant roles in critical financial markets, many of which
enjoy the benefits of operating out of major financial centers, will be
able to perform their critical activities even in the event of a wide-
scale, regional disruption.
The agencies are seeking comment on the sound practices discussed
below. Upon issuance of a final paper, the agencies intend to
incorporate these sound practices into supervisory expectations or
other forms of guidance. This paper is meant to supplement the
agencies' respective existing policies and other guidance on business
continuity planning by financial institutions. Because of the
criticality of protecting the financial system after September 11, the
sound practices focus on minimizing immediate systemic effects of wide-
scale regional disruption of critical wholesale financial markets and
therefore do not address issues relating to retail financial services.
Section I of this paper discusses business continuity objectives
that have special importance after September 11 and their scope of
application. Section II provides the agencies' preliminary conclusions
with respect to key factors affecting the resilience of critical
markets and activities in the U.S. financial system; sound practices to
strengthen financial system resilience; and an appropriate timetable
for implementing these sound practices. Section III contains a summary
and analysis of the industry discussions that provided a basis for the
agencies' preliminary conclusions, with a focus on private-sector
perspectives; recovery of critical activities; confidence in recovery
and resumption plans through use or testing; and implementation
considerations. Section IV outlines next steps following issuance of
the agencies' final views. Section V concludes this paper with a
request for comment on the sound practices.
Draft Interagency White Paper on Sound Practices to Strengthen the
Resilience of the U.S. Financial System
I. Business Continuity Objectives and Scope of Application
The Federal Reserve, the Office of the Comptroller of the Currency,
the Securities and Exchange Commission and the New York State Banking
Department (the agencies) have been meeting with industry participants
to analyze the lessons learned from the events of September 11, with a
view towards strengthening the overall resilience of the U.S. financial
system in the event of a wide-scale, regional disruption. This effort
began with a set of interviews with a number of large banking and
securities firms, clearing and settlement organizations, and payment
system operators to identify ``what worked'' and what could be improved
going forward. On February 13, 2002, the agencies issued a discussion
note on lessons learned and their implications for business
continuity.\1\ On February 26, the agencies met with a group of large
financial firms and financial utilities to discuss these findings,
identify areas of consensus, and exchange views on how industry members
can act as catalysts in achieving greater internal and industry
resilience.\2\ Out of these and a series of in-depth, follow-up
discussions, the agencies identified broad consensus on three business
continuity objectives that have special importance after September 11:
---------------------------------------------------------------------------
\1\ The note is posted on each of the agencies web sites. See,
e.g., http://www.sec.gov/divisions/marketreg/lessonslearned.htm.
\2\ The summary is posted on each of the agencies web sites.
See, e.g., http://www.federalreserve.gov/boarddocs/staffreports/.
---------------------------------------------------------------------------
[sbull] Rapid recovery and timely resumption of critical operations
following a wide-scale, regional disruption;
[sbull] Rapid recovery and timely resumption of critical operations
following the loss or inaccessibility of staff in at least one major
operating location; and
[sbull] A high level of confidence, through ongoing use or robust
testing, that critical internal and external continuity arrangements
are effective and compatible.
Based on this extensive dialogue, the agencies have reached certain
preliminary conclusions with respect to the factors affecting the
resilience of critical markets and activities in the U.S. financial
system; sound practices to strengthen financial system resilience; and
an appropriate timetable for implementing these sound practices.
Following a public comment period, the agencies will issue in final
form their views on sound practices for strengthening the resilience of
the financial system in the event of a wide-scale, regional disruption.
The agencies are issuing their views to guide financial organizations
as they complete their reviews of business continuity plans and make
strategic investments to strengthen their capabilities.
The agencies view these sound practices as being most applicable to
organizations that present a type of systemic risk should they be
unable to recover or resume critical activities that support critical
markets. In this context, ``systemic risk'' includes the risk that the
failure of one participant in a transfer system or financial market to
meet its required obligations will cause other participants to be
unable to meet their obligations when due, causing significant
liquidity or credit problems and threatening the stability of financial
markets.\3\ The organizations that could present such systemic risk
should they be unable to recover (i.e., complete) and resume (i.e.,
carry on) critical activities consist of core clearing and settlement
organizations. Other firms that play a significant role in critical
financial markets also could contribute to systemic risk should they be
unable to recover critical activities. These organizations and key
terms are described more fully below.
---------------------------------------------------------------------------
\3\ The use of the term ``systemic risk'' in this paper is based
on the international definition of systemic risk in payments and
settlement systems contained in ``A glossary of terms in payment and
settlement systems,'' Committee on Payment and Settlement Systems,
Bank for International Settlements (2001).
---------------------------------------------------------------------------
Critical markets provide the means for banks, securities firms, and
other financial institutions to adjust their key cash and securities
positions and those of their customers in order to manage significant
liquidity, market, and other risks to their organizations. Critical
markets also provide support for the provision of a wide range of
financial services to businesses and consumers in
[[Page 56837]]
the United States. Certain markets such as the Federal funds and
government securities markets also support the implementation of
monetary policy. For purposes of this paper, ``critical markets'' are
defined as the markets for
[sbull] Federal funds, foreign exchange and commercial paper
[sbull] Government, corporate, and mortgage-backed securities
[sbull] ``Core clearing and settlement organizations'' consist of
market utilities that provide critical clearing and settlement services
for financial markets and large value payment system operators. Core
clearing and settlement organizations also consist of firms that
provide similar critical clearing and settlement services for critical
financial markets in sufficient volume or value to present systemic
risk in their sudden absence, and for whom there are no viable
immediate substitutes.
[sbull] ``Firms that play significant roles in critical financial
markets'' are those that participate in sufficient volume or value such
that their failure to perform critical activities by the end of the
business day could present systemic risk. There are different ways to
gauge the significance of such firms in critical markets. The agencies
believe that many if not most of the 15-20 major banks and the 5-10
major securities firms, and possibly others, play at least one
significant role in at least one critical market. In the context of
these sound practices, the agencies are considering the benefit of
providing additional guidance (e.g., in terms of market-share or
dollar-value thresholds) to help firms identify the category into which
they fall for the specific activities they perform.
For purposes of these sound practices, a ``wide scale, regional
disruption'' is one that causes a severe disruption of transportation,
telecommunications, power, or other critical infrastructure components
across a metropolitan or other geographic area and its adjacent
communities that are economically integrated with it; or that results
in a wide-scale evacuation or inaccessibility of the population within
normal commuting range of the disruption's origin.
II. Resilience of Critical Markets and Activities in the U.S. Financial
System and Sound Practices
A. Resilience of Critical Markets and Activities in U.S. Financial
System
Critical Markets. The resilience of the U.S. financial system in
the event of a wide-scale, regional disruption rests on the rapid
recovery and resumption of critical financial markets defined above and
the activities that support them.
Recovery of Critical Activities. The rapid restoration of critical
financial markets, and the avoidance of potential systemic risk,
requires firms that play significant roles in those markets to recover
business processes and functions sufficient to complete critical
activities by the end of each business day. These critical activities
are:
(a) Completing pending large-value payment instructions;
(b) Clearing and settling material pending transactions;
(c) Meeting material end-of-day funding and collateral obligations
necessary to assure the performance of items (a) and (b) above;
(d) Managing material open firm and customer risk positions, as
appropriate and necessary to assure the performance of items (a)
through (c) above;
(e) Communicating firm and customer positions necessary to assure
the performance of items (a) through (d) above, reconciling the day's
records, and safeguarding firm and customer assets; and
(f) Performing all support and related functions that are integral
to the above critical activities.
Recovery and Resumption of Critical Activities. The rapid
resumption of critical financial markets requires that core clearing
and settlement organizations be able to recover and resume within the
business day the critical activities they perform that support the
recovery of critical markets. These include the recovery of critical
activities discussed above as well as the resumption of:
(a) Processing new large-value payment instructions;
(b) Clearing and settling material new transactions;
(c) Managing material ongoing funding and collateral requirements
necessary to assure the performance of items (a) and (b) above;
(d) Managing material ongoing firm and customer risk positions, as
appropriate and necessary to assure the performance of items (a)
through (c) above;
(e) Communicating changes in firm and customer positions necessary
to assure the performance of items (a) through (d) above, reconciling
the day's records, and safeguarding firm and customer assets; and
(f) Performing all support and related functions that are integral
to the above critical activities.
B. Sound Practices to Strengthen U.S. Financial System Resilience
The agencies have identified the following sound practices for core
clearing and settlement organizations and other firms that play
significant roles in critical financial markets. The sound practices
address the risks of a wide-scale, regional disruption and strengthen
the resilience of the financial system. They also reduce the potential
for a regional disruption to have an undue impact on one or more
critical markets because primary and back-up processing facilities and
staffs are concentrated in a particular geographic region.
1. Identify critical activities. Core clearing and settlement
organizations and other firms that play significant roles in critical
financial markets should identify all the critical activities they
perform in support of critical markets.
2. Determine the appropriate recovery and resumption objectives.
Firms that play significant roles in critical financial markets should,
at a minimum, plan to recover on the same business day the critical
activities they perform that support the recovery of critical markets.
In fact, an emerging industry objective appears to be for firms that
play significant roles in critical financial markets generally to set a
recovery-time target of no later than four hours after the event. Core
clearing and settlement organizations should plan both to recover and
to resume fully within the day their critical activities that support
critical financial markets. An emerging industry objective appears to
be for such organizations generally to set a resumption-time target no
later than two hours after the event.
3. Maintain sufficient out-of-region resources to meet recovery and
resumption objectives. Firms that play significant roles in critical
markets, at a minimum, should have back-up arrangements with sufficient
out-of-region staff, equipment, and data to recover their critical
activities within their recovery-time objectives.\4\ These arrangements
can range from a firm establishing its own out-of-region back-up
facility for data and operations, to arranging for the use of remote
outsourced facilities. The objective is to minimize the risk that a
primary and a back-up site, and their respective labor pools, could
both be impaired by a single wide-scale, regional disruption, including
one centered somewhere in between them. Core clearing and settlement
organizations should have sufficient out-of-region resources both to
[[Page 56838]]
recover and to resume fully their critical activities within their
recovery and resumption-time objectives. Although there may be a
variety of approaches that could be effective, out-of-region back-up
locations should not be dependent on the same labor pool or
infrastructure components used by the primary site, and their
respective labor pools should not both be vulnerable to simultaneous
evacuation or inaccessibility. Infrastructure components include
transportation, telecommunications, water supply and electric power.
---------------------------------------------------------------------------
\4\ The agencies are not recommending as a sound practice that
firms move their primary sites out of center-city locations. There
are many important business and internal control reasons for having
processing sites near financial markets and firms' headquarters. It
is the separation between primary and alternative processing sites
that is important in promoting resilience.
---------------------------------------------------------------------------
4. Routinely use or test recovery and resumption arrangements.
Firms that play significant roles in critical financial markets and
core clearing and settlement organizations should routinely use or test
their individual internal recovery and resumption arrangements for
required connectivity, functionality, and volume capacity. Such
institutions should also work cooperatively to design and to schedule
appropriate cross-organization tests to assure the compatibility of
individual recovery and resumption strategies within and across
critical markets.
C. Timetable for Developing Plans and Implementing Sound Practices
Firms should be enhancing their business continuity plans to
address wide-scale, regional disruptions, including adoption of
implementation plans to achieve these sound practices. To the extent
that these sound practices require revisions of the plans, they should
be completed as soon as possible and no later than 180 days after the
agencies issue their final views. The agencies recognize that firms
that play significant roles in critical financial markets are in
different stages of their planning and investment cycles regarding new
facilities, technology, staffing, and business processes. Furthermore,
some have built, or are in the process of establishing, back-up sites
or other arrangements that, while improving resilience, may not be
fully consistent with these sound practices. Given their different
circumstances, it may take some firms longer than others to implement
all of these sound practices in a cost-effective manner. Accordingly,
while the agencies recognize the need for some flexibility in
implementation timetables, firms nevertheless should strive to achieve
these sound practices as soon as practicable. All core clearing and
settlement organizations, however, should begin to implement plans to
establish out-of-region back-up resources within the next year.
III. Summary and Analysis of Industry Discussions
A. Private-Sector Perspectives
The events of September 11 underscored the fact that the financial
system operates as a network of interrelated markets and participants.
The behavior of an individual participant can have a wide-ranging
effect beyond its immediate counterparties. Firms agreed that all
participants in the financial system should strive to incorporate the
three business continuity objectives into their plans; however, they
also made clear that ``one size does not fit all.'' There was agreement
that some critical activities, including safeguarding and transferring
funds and financial assets, are so vital to the operation of the
financial system that they should continue with minimal disruption,
even in the event of a wide-scale, regional disruption.
All firms recognize the importance of critical financial markets to
their own operations and to the financial system overall in the event
of a wide-scale, regional disruption. Core clearing and settlement
organizations play a particularly crucial role in permitting firms and
markets that are affected by the event to recover and resume operations
as well as in permitting firms and markets that are unaffected to
continue to operate. For example, in order for firms affected by a
disruption to recover critical activities by the end of the day,
including clearing and settling pending transactions, clearing and
settlement organizations must themselves be able to recover and resume
operations within the day. In addition, if some firms are unaffected by
the disruption and are able to support the continued operation of
critical markets to some degree, clearing and settlement organizations
must be able to conduct operations. If clearing and settlement
organizations are not able to operate in such circumstances, they
likely will contribute to the amplification of potential systemic
risks. For core clearing and settlement organizations, the dimensions
of this systemic risk would likely be national and even international.
As a result of these considerations, core clearing and settlement
organizations recognize that in the event of a wide-scale, regional
disruption they must be able to both recover and fully resume critical
activities within the day, and typically within a very limited period
of time. Firms that play significant roles in critical financial
markets also should meet high recovery standards.
The agencies have found that industry participants generally
recognize their respective roles in improving the overall resilience of
the financial system and have made it a priority to complete internal
preparations, share information and coordinate efforts. Firms indicated
that economic trades-offs and competitive considerations exist in
making strategic decisions about business continuity that require the
continuing leadership of senior management and should not be left to
the discretion of individual business units.
B. Recovery of Critical Activities
Business continuity plans address a variety of issues, including
emergency response procedures assuring the safety of personnel,
effective internal and external communications, and implementation of
business recovery and business resumption strategies. The business
continuity planning process involves a careful enterprise-wide
analysis, including an assessment of the impact of an unexpected
disruption of business processes and associated risks. Among other
things, plans are designed to manage those risks by arranging for the
recovery of critical activities to permit an orderly resolution of
outstanding obligations. Firms also are expected to monitor their
business continuity risks by testing and updating plans
periodically.\5\
---------------------------------------------------------------------------
\5\ There are numerous sources of information on sound practices
for business continuity planning. See, e.g. www.thebci.org; http://
www.business-continuity.com; www.bsi-global.com.
---------------------------------------------------------------------------
Business recovery preparations enable a firm to recover the
operation of a disrupted business process or function in order to
manage firm and customer risks.\6\ At a minimum this includes recovery
of those ``critical activities'' necessary to permit the clearance and
settlement of pending transactions; management and reconcilement of
firm and customer positions; completion of the day's large value
payments; and arranging for collateral or end-of-day funding. This also
includes recovery of activities or systems that support or are
integrally related to the performance of these critical business
processes or functions. Business recovery preparations related to these
critical activities are crucial to the smooth operation of the
financial system. Given the complex interdependencies of markets and
among participants, thorough preparations reduce the
[[Page 56839]]
potential that a sudden disruption experienced by a few firms will
cascade into market-wide inefficiencies and liquidity dislocations.\7\
All firms recognize that business recovery is a core element of more
comprehensive business continuity plans.
---------------------------------------------------------------------------
\6\ The goal of business recovery plans is the recovery of a
particular activity or function, and not the recovery of a disabled
facility or system. The goal of business resumption is the effecting
and processing of new transactions after old transactions have been
completed.
\7\ Under adverse market conditions or in the event of credit
concerns about institutions, liquidity dislocations of the type
experienced immediately after September 11 could be seriously
compounded.
---------------------------------------------------------------------------
In discussions with industry members, firms often stated that the
financial system is only as strong as its ``weakest link.'' Each firm
has to ensure that its business continuity plans provide robust
business recovery arrangements for the activities it performs that are
critical to the smooth functioning of the financial system: wholesale
payments processing, and clearance and settlement of money market
instruments, government securities, foreign exchange, commercial paper
and other corporate securities. Industry participants also recognize
that core clearing and settlement organizations represent potential
single points of failure in the financial system and therefore have the
greatest responsibility for ensuring that they can recover and fully
resume those activities in a timely manner. They also believe that
firms that are significant participants in one or more critical markets
or that effect a substantial volume or value of wholesale payments
should develop robust recovery plans for critical activities in the
event of a wide scale disruption when their primary sites and staffs
may be inaccessible for some duration.
Once a firm identifies its critical business functions and
processes, it must establish recovery-time targets sufficient to ensure
that it can carry out those functions and processes in a manner that
will result in minimal disruption to the financial system. This
facilitates the compatibility of recovery plans across firms and helps
assure firms are able to participate in the financial system in times
of wide-scale, regional disruptions. A number of firms stated that
current technology permits recovery-time targets of between one to four
hours for many critical activities, even when factoring in the
possibility of needing to reconstruct lost data.
In establishing recovery targets for critical activities, firms are
coordinating their plans with the expectations of their respective core
clearing and settlement organizations and peers. Some payment systems
already have established robust recovery targets. Core clearing and
settlement organizations are holding themselves to an intra-day
recovery target--generally a few hours--and it is expected that
technology will continue to improve upon those recovery times. Some
also have, or are establishing, recovery times for their participants
and, in such cases suggest that firms establish no later than end-of-
day recovery targets. For example, wholesale payment systems have
typically required participants to recover from a disruption in less
than four hours, and many firms, including the payment systems
themselves, are now able to achieve recovery times of substantially
less than two hours.
Industry members generally agree that recovery of critical
activities and processes during a wide-scale, regional disruption
requires establishment of some level of out-of-region arrangements for
critical operations and the personnel and data that support them. The
objective of establishing out-of-region arrangements is to minimize the
risk that a primary site and a back-up site, and their respective labor
pools could be impaired by a single, wide-scale, regional disruption.
Although there may be other approaches that could be effective, firms
generally agree that out-of-region locations should not be dependent on
the same labor pool or infrastructure components used by the primary
site and should not be affected by a wide-scale evacuation or the
inaccessibility of the region's population. Examples of such
arrangements include a fully operational out-of-region back-up facility
for data and operations,\8\ and utilizing outsourced facilities in
which equipment, software and data are stored for staff to activate.
With this in mind, certain core clearing and settlement organizations,
which are widely expected to recover and resume operations at full
capacity indefinitely, and other firms that play significant roles in
critical financial markets are establishing remote back-up facilities,
in some cases hundreds or even thousands of miles away from the primary
site. Some firms that already have a national or multi-region presence
are planning to utilize out-of-region offices to establish back-up
sites. Many are finding that there is the potential to achieve out-of-
region staffing and system efficiencies by cross training staff or
utilizing underused systems to share or shift loads. Other firms that
play significant roles in markets or in effecting payments also are
developing remote arrangements to ensure that they can recover critical
data and operations during a wide-scale outage within expected recovery
time targets. A number of firms in the process of identifying
appropriate recovery arrangements stated that the events of September
11 have underscored the importance of building recovery strategies and
capacities into their basic business processes.\9\
---------------------------------------------------------------------------
\8\ Generally referred to as ``hot'' sites, these facilities are
fully equipped with hardware and software necessary to perform
critical business functions and provide access to replicated data.
This approach allows a firm to recover a function in minutes to a
few hours depending on the integrity of the data.
\9\ A number of firms have expressed concerns about the
reliability of telecommunications and other infrastructure
providers, and the current limitations on an individual firm's
ability to obtain verifiable redundancy of service from such
carriers. Firms that have out-of-region facilities obtain additional
diversity in their telecommunications and other infrastructure
services that provide additional resilience in ensuring recovery of
critical operations. Individual financial firms are also launching
industry-wide efforts to explore common infrastructure issues and
approaches.
---------------------------------------------------------------------------
Recovery plans must anticipate the need to have sufficient trained
staff located at or near the back-up site to meet recovery objectives
and plans for resuming a critical function at normal volumes for an
extended duration. Firms are staffing remote back-up sites in a variety
of practical and cost-effective ways. For example, firms operating
active back-up sites often have full-time staffs who regularly perform
the critical activities. Other firms plan to cross-train staff already
located at remote sites so that they are able to assume responsibility
for performing more critical back-up operations during an outage at the
primary site. Firms that outsource their business resumption facilities
to an out-of-region facility may have some staff located there. In
general, firms that establish out-of-region facilities recognize that
relocating employees is useful during the start-up/training period of
developing a facility; however, it may be necessary to develop and
maintain ``local talent'' to operate these facilities in the event of
an extended outage and loss or inaccessibility of staff at the primary
site. Some firms do not have sufficient volumes to warrant establishing
geographically remote back-up facilities capable of providing full
resumption over the near term. Nevertheless, many are taking steps to
provide for the out-of-region recovery of transactional data and other
resources to complete critical activities within target recovery times.
Ensuring that back-up facilities have access to current data is a
critical component of business recovery. Firms recognize that out-of-
region facilities fall beyond the current distance capacity of some
high-volume, synchronous
[[Page 56840]]
mirrored disk back-up technology,\10\ and those establishing such
facilities are taking a number of steps to minimize the potential for
losing data in transit. For example, a number of firms are transmitting
data continuously to local and remote back-up data centers resulting in
multiple back-up databases. Others are sending more frequent batches to
their remote back-up sites or to data storage locations electronically.
Some firms maintain multiple replicas of their databases at various
locations that can be accessed for production and other uses. In
addition, a number of firms are establishing active back-up
arrangements that permit the primary site automatically to shift
production with little or no staff involvement, providing a very rapid
recovery capability. These steps can significantly reduce the amount of
time it takes to recover lost transactions and improve the ability of a
firm to recover the function or process. Technology is evolving rapidly
in this area; for example, software and hardware innovations are
expected to provide the ability to maintain synchronous databases at
even longer distances. Some firms are establishing systems and business
strategies that permit the use of continued improvements in technology
to achieve the greatest geographical diversity practicable.
---------------------------------------------------------------------------
\10\ Estimates of the distance limitations of such technology
typically range from 60-100 km.
---------------------------------------------------------------------------
Sound planning includes developing flexible plans that incorporate
alternative recovery and resumption arrangements. These plans often can
be activated to respond to more commonly experienced contingencies that
affect fairly small geographic areas and were the subject of most plans
before September 11. For example, some firms that require real-time
data back-up have or are establishing in-region back-up sites that
employ synchronous technology and are easily accessible in situations
that do not involve a wide area disruption. Other examples include
developing numerous small recovery sites that are locally accessible by
employees and can be used to perform essential business functions;
requiring a percentage of employees in a function to telecommute each
day; dividing employees into shifts over a 24 hour period; and
modifying information systems security access protocols to permit
access to desk tops and data from home (virtual offices). These
measures provide additional resilience in responding to a disruption in
an appropriate and practical manner.
C. Confidence in Recovery and Resumption Plans through Use or Testing
In responding to the events of September 11, many firms used plans
developed during Year 2000 preparations. Although these plans worked
well, some found that back-up data bases, facilities, contact
information and other aspects of their plans were not sufficiently up-
to-date. As a result, firms expressed a renewed commitment to ensure
that critical internal and external business recovery and resumption
arrangements are effective, communicated and rehearsed by all staff on
a regular basis. Some firms report that they are achieving a high level
of confidence through the continuous use of two sites (i.e.,
active'active model), or by switching over to alternate facilities on a
regular basis. Periodic testing is an important and long-standing
component of the business continuity planning process. Firms typically
stage tests of particular systems, processes (e.g., communications
facilities) or business lines to limit risks inherent in tests
utilizing production workloads. Sound practice includes designing tests
to simulate high impact scenarios, e.g., through switch or fail over to
back-up facilities with no advance warning.
One of the lessons learned during September 11 is that testing of
internal systems alone is no longer sufficient. It also is critical to
test back-up facilities with the primary and back-up facilities of
markets, core clearing and settlement organizations and service
providers to ensure connectivity, capacity and the integrity of data
transmission. Moreover, firms are planning to share back-up contact
information and test arrangements with counterparties and important
customers. A number of firms and trade associations also have expressed
a willingness to participate in or sponsor industry-wide testing. As
firms successfully complete the more limited testing discussed above,
appropriately scaled industry-wide testing could prove beneficial.
Discussions within the industry on possible approaches are ongoing, and
the prospect provides an incentive for firms to complete internal
preparations so that there can be maximum participation. One
possibility may be to take a staged approach by organizing respective
tests with the core clearing and settlement organizations. As
confidence grows, end-to-end tests could be organized.
D. Implementation Considerations
After September 11, financial firms naturally initiated a lessons
learned process with a view towards strengthening their business
continuity plans. Industry meetings with the agencies in February 2002
and throughout the Spring confirmed that this process is nearing
completion at many firms. The process has two components. First, firms
are taking immediate steps to ensure that they address obvious gaps and
refine plans to address near-term risks. Many are participating in
industry initiatives aimed at improving private sector coordination and
identifying sound practices with the intent of assuring that their
plans are compatible with their peers. Some of these steps include
sharing contact information; procuring alternative telecommunications
facilities; and meeting with disaster recovery authorities to determine
the availability of resources to facilitate business recovery
activities. Second, firms are well along in reviewing and strengthening
long-term strategic plans for business recovery and continuity of
operations. A number of firms already are discussing alternative
solutions at the most senior level to ensure that final plans are
consistent with overall business objectives, risk management strategies
and financial resources.
Most firms indicate that they will complete their strategic plans
and implementation timetables by year-end or shortly thereafter. Some
core clearing and settlement organizations already are in the process
of establishing out-of-region, fully staffed and operational back-up
facilities and expect to be operational within the next year. Sound
practice for all firms includes implementing long-range plans as soon
as practicable in order to protect and enhance their franchise \11\ and
promote confidence in the strength of the financial system. It also is
important for firms that play significant roles in the financial
markets and payments systems to ensure that their implementation plans
are consistent with the expectations of those markets, systems and
peers. Firms also are finding it appropriate to share information about
the status of implementation with their core clearing and settlement
organizations, counterparties and important customers.\12\
---------------------------------------------------------------------------
\11\ Customers increasingly are seeking assurances that their
financial firms have the necessary resilience to continue operations
should a disaster occur, and firms are evaluating the resilience of
counterparties for purpose of initiating or continuing business
relationships.
\12\ One way for firms to share such information is to provide
periodic progress reports on the implementation of business recovery
and resumption arrangements to their utilities and others who are
dependent upon the strength of their business continuity
arrangements for critical activities, including customers,
counterparties and vendors.
---------------------------------------------------------------------------
[[Page 56841]]
IV. Next Steps
Financial industry participants, and in particular those firms that
were affected directly or indirectly by the September 11 attacks, are
committed to ensuring the continued viability of the U.S. financial
system by strengthening their own business continuity plans and
improving the resilience of domestic markets and payments systems in
the event of a wide-scale, regional disruption. Many firms are taking
steps to integrate the broader objectives discussed above into their
business continuity plans while balancing the costs associated with
achieving same-day recovery capabilities for critical activities. Core
clearing organizations are exploring their intra-day business
resumption capabilities. It is important to ensure that plans are
flexible enough to incorporate evolving technologies that provide
greater resilience of critical business functions and processes.
The agencies believe that the lessons of September 11 are relevant
to all financial system participants. Accordingly, it is incumbent upon
all firms to determine the extent to which it would be practicable to
achieve the broader business recovery objectives for critical
activities in the near future. To the extent that these sound practices
require revisions of the plans, firms should largely complete the
planning process, including adoption of implementation plans, no later
than 180 days after issuance of the agencies' final views and implement
them as soon as practicable. The agencies recognize that firms that
play significant roles in critical financial markets are in different
stages of their planning and investment cycles regarding new
facilities, technology, staffing, and business processes. Furthermore,
some have built, or are in the process of establishing, back-up sites
or other arrangements that, while improving resilience, may not be
fully consistent with these sound practices. Given their different
circumstances, it may take some firms longer than others to implement
all of these sound practices in a cost-effective manner. Accordingly,
while the agencies recognize the need for some flexibility in
implementation timetables, firms that play significant roles in
critical markets nevertheless should strive to achieve these sound
practices as soon as practicable. All core clearing and settlement
organizations, however, should begin to implement plans to establish
out-of-region back-up resources within the next year. Meeting these
planning and implementation goals will require the continued oversight
and commitment of senior management.
The agencies will expect core clearing and settlement organizations
and other financial firms that play a significant role in critical
financial markets to adopt the sound practices outlined in this paper.
Furthermore, the agencies intend to incorporate these sound practices
into supervisory expectations or other forms of guidance for purposes
of reviewing the overall adequacy of those portions of business
continuity plans that address the recovery of critical activities
necessary to ensure the resilience of the financial system. Firms can
expect the agencies to review plans for their reasonableness and to
take a keen interest in the appropriateness of plans to address risk
relative to the firm's position in a critical market or in effecting
large value payments. This will include consideration of the probable
effects a disruption of a firm's activities would have on the financial
system. As part of their ongoing review process, the agencies will
consider how firms identify their critical activities, the
appropriateness of the recovery and resumption objectives they set, and
the adequacy of their plans for achieving those objectives. The
agencies will include consideration of whether recovery-time and
resumption-time targets and implementation schedules are consistent
with market and peer expectations. Finally, the agencies will review
the firm's assessment of test plans and results to confirm that the
firm is appropriately able to manage its business risks should a wide-
scale, regional disruption occur.
V. Request for Comments
The agencies invite comments on the appropriate scope and
application of the sound practices and implementation timetable
discussed above, as well as other issues relevant to strengthening the
resilience of the financial system in the face of wide-scale regional
disasters. In particular the agencies invite comment in the following
areas:
Scope of application. Have the agencies excluded any critical
markets? Have the agencies sufficiently defined the term ``core
clearing and settlement organizations'' for such organizations to
identify themselves? Have the agencies provided sufficient guidance for
firms to determine whether they play ``significant roles in critical
financial markets?'' Are there other measures or additional facts or
circumstances that should be used to determine whether a firm plays a
significant role or acts as a core clearing organization? Should the
agencies establish an average daily dollar volume (e.g., $20 billion,
$50 billion, $150 billion or some larger amount) or a market share test
(e.g., 3, 5, 7, 10 percent market share or some larger amount) as a
benchmark for either or both of these categories? Should such
benchmarks differ by market or activity? In some market segments, there
are geographic concentrations of primary and back-up facilities of
firms with relatively small market shares. Should sound practices take
into consideration the geographic concentration of the back-up sites of
firms that as a group could play a significant role in critical
markets?
One of the reasons core clearing organizations are expected to
recover and resume is that there are no effective substitutes that can
assume their critical activities; is this also true for some or all
firms that play significant roles in critical markets? Should any firms
that play significant roles in critical markets be required to meet an
intra-day standard for recovery and resumption because of the size of
their market share or volume, or the significance of the services they
perform for other firms (e.g. as a correspondent bank or clearing
broker) in clearing and settling material amounts of transactions and
large-value payments?
Does the paper's definition of a ``wide-scale, regional
disruption'' provide sufficient guidance for planning for wide-scale,
regional disruptions? Is there a need to provide some sense of duration
of a wide-scale, regional disruption? If so, what should it be?
Recovery and Resumption of Critical Activities. Have the agencies
identified the critical activities needed to recover and resume
operation in critical markets? Is there a need to define the term
``material'' in this context? If so, what should be used?
Sound practice seems to require firms that play significant roles
in critical markets to establish recovery targets of four hours after
an event for their critical activities. Is this a realistic and
achievable recovery-time objective for firms that play significant
roles in critical markets? If not, what would be? Similarly, sound
practice seems to require core clearing and settlement organizations to
establish recovery and resumption targets of two hours for critical
activities. Is this a realistic and achievable resumption-time
objective for core clearing and settlement organizations? Should
recovery- and resumption-time objectives differ according to critical
markets?
[[Page 56842]]
Sound practices. Have the agencies sufficiently described
expectations regarding out-of-region back-up resources? Should some
minimum distance from primary sites be specified for back-up facilities
for core clearing and settlement organizations and firms that play
significant roles in critical markets (e.g., 200-300 miles between
primary and back-up sites)? What factors should be used to identify
such a minimum distance? Should the agencies specify other requirements
(e.g., back-up sites not be dependent on the same labor pools or
infrastructure components, including power grid, water supply and
transportation systems)? Are there alternative arrangements (i.e.,
within a region) that would provide sufficient resilience in a wide-
scale, regional disruption? What are they? Are there other arrangements
that core clearing and settlement organizations should consider, such
as common communication protocols, that would provide greater assurance
that critical activities will be recovered and resumed?
Timetable for Implementation. To ensure that enhanced business
continuity plans are sufficiently coordinated among participants in
critical markets, should specific implementation timeframes be
considered? Is it reasonable to expect firms that play significant
roles in critical financial markets to achieve sound practices within
the next few years? Should the agencies specify an outside date (e.g.
2007) for achieving sound practices to accommodate those firms that may
require more time to adopt sound practices in a cost-effective manner?
Would such distant dates communicate a sufficient sense of urgency for
addressing the risk of a wide-scale, regional disruption?
By order of the Board of Governors of the Federal Reserve System.
Dated: August 29, 2002.
Jennifer J. Johnson,
Secretary of the Board.
Dated: August 30, 2002.
John D. Hawke, Jr.,
Comptroller of the Currency.
By the Securities and Exchange Commission.
Dated: August 29, 2002.
Margaret H. McFarland,
Deputy Secretary.
[FR Doc. 02-22633 Filed 9-4-02; 8:45 am]
BILLING CODE 6210-01-P; 4810-33-P; 8010-01-P