6-Point Bank Business Continuity Plan Checklist
In the finance industry, disasters are especially dangerous. Disruptions to a single bank’s operations have the power to tarnish the brand and disrupt entire markets. Data losses can compromise the financial information of thousands of customers. To avert these scenarios, a bank business continuity plan must account for every disaster possible, along with the proper protocols.
- What takes priority after a disaster?
- Who’s in charge?
- What if key stakeholders cannot be reached?
- Who should personnel turn to for answers?
- How will operations be restored, and when?
These are just a few of the questions that a bank business continuity plan must be able to answer – long before disaster strikes.
While there is no one-size-fits-all business continuity plan template for banks, we’ve put together a checklist of areas that every plan should address.
Essential Components of a Bank Business Continuity Plan
__ Managerial Protocols
This section is the foundation of a bank business continuity plan. That’s regardless of the type of disaster (natural, manmade or electronic) – or how many bank branches have been affected (just one or over a hundred). Your plan needs to outline:
- Who does the decision-making in an emergency situation?
- What are the mission-critical responsibilities of each executive and manager?
- What are the protocols for personnel in each department?
- Who needs to do what to restore operations?
__ Prevention Strategies
Your bank business continuity plan cannot prevent every disaster. But it can greatly minimize the risks, while also preventing the worst aftermaths. Your plan should identify the steps you are already actively taking to prevent operational disruption in a disaster. This section should include disaster-specific scenarios and strategies currently being used to monitor and prevent these risks.
- What technologies are in place to prevent cyberattacks?
- How adequate are your data backup and recovery systems?
- Are your bank branches built to withstand various natural disasters?
__ Restoring Operations
The longer a bank is shut down, the worse the consequences. Every bank disaster recovery plan template must include the specific actions that need to be taken if operations have been halted.
- What are the minimum staffing requirements required to maintain operations?
- Which banking services are the highest priority if limitations are in place?
- What protocols are in place if technological roadblocks prevent access to information systems?
Have a “Plan B” for everything. Better yet, also have a Plan C, D and E. Identify your backup plan for various scenarios and backup functions. These contingencies can be placed in their own section within the business continuity plan or addressed in each of the other sections. Some example scenarios to consider:
- What if the physical bank location was destroyed in a disaster?
- What if sensitive data was stolen in a cyberattack and being held at ransom?
- What if third-party service providers are unavailable and disrupting your own operations (i.e. utilities, technology providers, ATM access providers and so on)?
__ Methods & Hierarchy of Communications
Imagine a scenario in which telecommunications and other utilities have been knocked offline for weeks. How will managers communicate with personnel, and vice versa, about the status of operations?
- Which methods will be used to maintain communications after a disaster?
- Which personnel will need emergency devices (i.e. mobile phones), and how will that process work?
- Will the public need to be notified of updates? If so, how and what information will need to be submitted in a press release? Who will communicate with the press?
__ BCP Plan Writing and Reevaluation
A bank business continuity plan is a coordinated effort, written and reevaluated by several members of your organization on a regular basis. This is not a job for a single IT person or an executive’s assistant. It should be a comprehensive and specific document that needs to be reviewed and updated regularly.
- Who is in charge of maintaining your bank’s BCP?
- How often should it be reviewed?
- Who has access to the document?
When in doubt, always speak to a business continuity professional. This checklist is intended only for illustrative purposes to identify the core objectives of a bank disaster recovery plan. A professional will help you build out the most essential components of your plan, based on the specific needs of your business.