Business Continuity Controls
E-banking customers often expect 24-hour availability. Service interruptions can significantly affect customers if the institution offers more than the most basic services. For example, customer bill payment transactions may not be paid on time. Due to the potential impact on customers and customer service, financial institutions should analyze the impact of service outages and take steps to decrease the probability of outages and minimize the recovery time if one should occur. Some considerations include:
- Conducting a business impact analysis of e-banking services that defines the minimum level of service required and establishes recovery-time objectives;Building redundancy into critical network components to avoid single points of failure;
- Updating business continuity plans to address e-banking;
- Developing customer communication plans prior to an outage;
- Reviewing the compatibility of key third parties' business continuity plans; and
- Periodically testing business resumption capabilities to determine if objectives can be met.
Based on activity volumes, number of customer effected, and the availability of alternate service channels (branches, checks, etc.), some institutions may not consider e-banking services as "mission critical" warranting a high priority in its business continuity plan. Management should periodically reassess this decision to ensure the supporting rationale continues to reflect actual growth and expansion in e-banking services.
Legal and Compliance Issues