November 14, 2019
Updated FFIEC IT Examination Handbook – Business Continuity Management Booklet
The Federal Financial Institutions Examination Council (FFIEC) issued the Business Continuity Management (BCM) booklet, which is part of the FFIEC Information Technology Examination Handbook. The booklet replaces the Business Continuity Planning booklet issued in February 2015.
Statement of Applicability to Institutions under $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-supervised financial institutions.
- The BCM booklet describes principles and practices for managing business continuity. The booklet also helps examiners determine whether management adequately addresses risks related to the availability of critical financial products and services.
- The booklet also contains updated procedures to help examiners evaluate the adequacy of an entity’s business continuity management program.
- The change from business continuity planning to business continuity management reflects the expanded role information technology (IT) plays in supporting business operations and meeting customer expectations.
- The booklet focuses on assessing an entity’s resilience through an enterprise risk management (ERM) perspective that considers technology, business operations, communication strategies, training, testing, maintenance, and improvement — issues critical to business continuity. The degree of maturity, integration and documentation between the BCM and ERM processes should be assessed commensurate with the entity’s size, complexity, and risk profile.
- The incorporation of industry principles and frameworks provides examiners with a durable means to assess business continuity management. The changes do not impose new requirements on examined entities.