Business Continuity Planning

Action Summary

Financial institutions and their TSPs should develop, implement, and test appropriate disaster recovery and business continuity plans capable of maintaining acceptable retail payment-related customer service levels.  For financial institutions and service providers with complex retail payment operations, business continuity plans should enable restoration of service within timeframes that are reasonable for internal business units as well as other dependent financial institutions and counterparties.

Effective business continuity planning is an important component in managing operational risk.  Financial institutions and their TSPs should develop, implement, and test appropriate disaster recovery and business continuity plans capable of maintaining acceptable retail payment-related customer service levels.  Business continuity plans should be based on business impact analyses and the relative importance of retail payment system products and services to the financial institution. See the IT Handbook Business Continuity Planning Booklet.

For financial institutions offering basic retail payment products and services (e.g., bankcard issuance, check item processing, branch ATM access, Internet banking services), business continuity plans should include appropriate recovery targets for each retail product.  The recovery targets should consider the reliance on any third-party servicer in meeting their objectives.  Vendor management programs should include provisions for the disruption and restoration of service at service providers, including the consideration of service provider test plans.

For financial institutions and service providers with complex retail payment operations, business continuity plans should enable restoration of service within timeframes that are reasonable for internal business units, other dependent financial institutions, and counterparties.  Financial institutions providing significant card issuing, merchant processing, EFT/POS, ACH, and retail payment-related Internet banking services should also test these plans periodically with customer financial institutions and counterparties to ensure plans are sufficient.

 

Previous Section
Information Security
Next Section
Vendor and Third-Party Management