Posted by: David Schneier
bcp, business continuity planning, FFIEC, GLBA, NCUA, pandemic, Regulatory Compliance
I started my day yesterday by finding my 12-year-old sitting with his eyes riveted on the laptop screen reading what I figured was something either on Facebook or a sports related website. I only wish. Turns out he was fixated on the breaking news covering the swine flu.
Much like his father, my son suffers from a very fertile imagination and can quickly move from Point A to Point Z without so much as a blink of an eye. He was already busy trying to figure out how bad this was going to be and because he had no context for something like this had no boundaries to keep him in check. Suffice to say he was at least a little concerned.
I explained to him that the hysteria he was exposed to was more the result of near real-time media capabilities that span the globe rather than something worth losing sleep over. While there was something to be concerned about it was no likely greater than anything we’ve already dealt with and that he should relax, wash his hands frequently and go on with his life. And of course I immediately hid my copy of Stephen King’s “The Stand.”
I’m not really sure how large of a threat the swine flu represents, I only know that it serves as yet another reminder as to why it’s important that all financial institutions (as well as many other industries) have in place a functioning and well-designed pandemic response plan.
I recall how the guidance first emerged a few years back, largely in response to the avian flu that seemed so threatening at the time. The FFIEC issued a number of documents to raise awareness within the banking industry so that the covered institutions had ample warning that they needed to develop and implement a viable plan. Most did but largely to appease the examiners. Of the dozens I’ve reviewed through the years, I encountered only a handful that presented anything close to something that would work. Most of them consisted of background documentation explaining what a pandemic was and provided some specifications about personal hygiene. But very few of them provided clear, concise steps as to how they were going to manage through such an event.
I’m concerned that this blind-spot in business continuity planning is about to be brought to light in a very bad, ugly way.
What’s going on in the media now is a bit alarming (and I realize the irony of me, a blogger, stating as such); the swine flu is being tracked much like a hurricane barreling towards the mainland. President Obama commented on this earlier today, which validates that this is a major news item. And when considering the aggressive steps Mexico is taking to slow the spread of the virus I can see where for the first time in my lifetime some form of government intervention may occur.
So here’s a question for all the banks and credit unions out there: Can you manage through a quarantine with a dispersed and restricted work force? Do your employees even have a copy of the plan available to them and if so do they know how to use it and what their role is within it? Because this is a lousy time to be asking yourselves these very same questions.