The Federal Financial Institutions Examination Council ("FFIEC") issued updated guidance to assist examiners in evaluations of business continuity governance at FDIC-supervised financial institutions. The new booklet, titled Business Continuity Management, replaces the Business Continuity Planning booklet issued in February 2015. The new guidance provides a heightened emphasis on the expanding role of information technology ("IT") in financial institutions' business operations.
In a Financial Institution Letter, the FDIC noted that no new requirements are imposed on regulated entities as a result of the updated booklet. However, the FDIC did point out the significance of the booklet's title change from Business Continuity Planning to Business Continuity Management. According to the FDIC, this title change is designed to reflect developments in both customer and industry expectations for financial institutions' resilience of operations, as well as the important function of IT in meeting these expectations.
The booklet provides guidance on examining an entity through an enterprise risk management ("ERM") perspective and covers (i) technology, (ii) business operations, (iii) communication strategies, (iv) training, (v) testing, (vi) maintenance, and (vii) improvement. Additionally, the booklet states that the "degree of maturity, integration and documentation" between the business continuity management and ERM processes of a regulated entity should be evaluated by examiners with consideration to the entity's size, complexity and risk profile.