By Southern Financial Exchange – A Staff Collaboration
With the 2021 hurricane season still going strong, it’s a good time to raise awareness about the importance of preparing for emergencies that could happen at any time. Disaster preparedness and recovery planning are part of a solid business strategy, especially for organizations in the payments space.
Your community expects – and needs – you to be available and to continue providing services during emergencies. Depending on the nature of the event, you might experience unusually high traffic through your doors or your web servers. In addition to your customers or members relying on you, regulators and insurance companies expect financial institutions of every size to have a tested business continuity plan in place.
Avoid Preventable Disasters and Prepare for the Worst
The key to planning is to be prepared for as many forms of disaster as possible – severe weather, earthquakes, fraudulent activity, data breaches, robbery attempts, power outages, and as we have now learned, pandemics. The COVID-19 pandemic caught many financial institutions by surprise; some did not have the resources and secure communication processes necessary to immediately move all operations to a remote environment.
Robust risk controls can even help prevent some emergencies:
- Secure all systems and databases from criminals looking to compromise them electronically or by walking right through your doors. Reputable third-party services are often the best way for small banks, credit unions, and businesses to protect their electronic assets and sensitive information.
- Maintain compliance in the payments services you offer. Rules and regulations are a guide to keeping operations running efficiently and at the same high standard throughout the industry. Conducting regular audits and risk assessments can be invaluable in keeping operations and systems secure.
- Determine backup protocols for essential operations and critical data. Some financial institutions develop reciprocal agreements with other institutions with similar operating environments to support one another in an emergency. If it’s not possible to implement a reciprocal agreement, some companies specialize in providing disaster recovery support.
- Check equipment regularly to ensure it is functioning properly, including backup resources.
- Run periodic drills that test your contingency plans by simulating different emergency scenarios. This gives your team practice so they are familiar with the steps they must take when an actual disaster hits.
Build Detailed Contingency and Business Continuity Plans
Contingency and business continuity plans are in place to define immediate action when disaster strikes, to minimize interruptions of service, and to ensure security of sensitive information and systems. These plans should be as detailed as possible so any member of your team can quickly understand what they must do. Critical plan components include:
- Roles and responsibilities for bringing services back after the initial crisis and for ongoing business continuity.
- Protocol for a variety of emergencies or service interruptions, including location security; remote access; securing and protecting digital and hard copy data; and how to recover and maintain critical systems.
- Contact information for your institution’s senior management, your payments association, your Federal Reserve Account Executive, and service providers and vendors who need to be notified in the event of an emergency and who may be able to provide assistance.
- Method of distribution of alerts and critical information to employees, customers or members, and applicable regulators during and after an emergency.
- Liquidity management considerations, as debits and credits will continue to post and the disaster could cause a surge in activity.
Prepared Employees Make a Successful Plan
Even the best plan will fail if your team doesn’t know where to find it. Communicate and test your contingency and business continuity plans often, making sure everyone knows their role in an emergency and how they can access the needed information. Hard copy plans should be easily accessible by employees. Physical and electronic copies should be stored offsite at locations that can be accessed when necessary. For example, if a disruption occurs in the national power grid, can you access your plan?
Your staff will also be the face of your organization to anxious customers or members. Open lines of internal and external communication are critical to ensuring all employees are delivering a uniform message and serving customers and members as effectively as possible.
In a Disaster, Lean on Your Resources
When tensions are high and much is at risk, you are not alone. You have resources through your payments association as well as the Federal Reserve, FFIEC, and others. Payments associations host business continuity planning education; prepare candidates for the Accredited Payments Risk Professional examination; conduct audits and risk assessments, and provide guidance on the proper application of the Excused Delay provision of the Nacha Operating Rules and other applicable payments regulations. We stand ready to help you plan, prepare, and recover!