Time to Dust off Your Contingency Plan

TLDR: In the event of a natural disaster, how many banks would be fully prepared to meet the needs of their customers the morning after? as discussed by the authors The problem is that banks are required to have contingency plans in place.

Abstract: Regulators are paying closer attention than ever to banks' disaster recovery plans. Community banks may be particularly vulnerable It goes without saying that community banks have a vested interest in their communities. Yet in the event of a natural disaster, how many would be fully prepared to meet the needs of their customers the morning after? Banks, of course, are required to have contingency plans in place. But security and risk management experts say now is the time for community bankers to take a closer look at their disaster recovery arrangements. Why? First, because recent disasters, like the Midwest floods, Hurricane Andrew, and the World Trade Center bombing, are drawing attention to the importance of disaster recovery planning. Second, now that bank balance sheets are healthier, the regulators have more time to look closely at contingency plans. They are looking for signs that banks are doing more than the bare minimum as required by law. "We all know the dependence that citizens have on accurate, timely, and readily available financial information and on financial institutions to provide it," says Charles E. Davis, III, a former senior vice-president and security officer at South Carolina National Bank, Columbia. "When that information stops, there's a real problem." After leaving the bank, Davis did consulting work for Comdisco Disaster Recovery Services, Rosemont, Ill., which gave him a keener insight into community bankers' thinking concerning disaster planning. And he's troubled by what he found. "Somebody has to get these folks' attention," says Davis. "They're telling themselves that because they're a little bank, the issue doesn't really apply to them. I saw that over and over again." Among other things, Davis found that small banks rely heavily on reciprocal agreements, where an incapacitated bank uses the technology resources of another bank nearby to handle data or check processing until its operations are restored. Also: Community bank officers typically wear many hats. It's difficult for them to devote sufficient time to coordinating the institution's disaster recovery plans, which must cover everything from check processing to automated teller machine access. RECIPROCALS--YEA AND NAY. Reciprocal agreements can and do work. However, there are potential pitfalls. Such an agreement, for example, presumes that the two banks' hardware systems and processing software are the same, or at least compatible. It also presumes there is excess capacity on the functioning computers to handle the new workload. Reciprocal agreements are coming under closer scrutiny by examiners in part due to their structure. Many agreements are based mainly on a handshake between bankers, points out Dana Turner, a partner with Security Education Systems, a training and consulting firm in Palo Cedro, Calif. "There are no performance obligations in such arrangements," says Turner. "Regulators have no objection to reciprocal agreements that are based on a contract with performance obligations that specify that certain items be available." Turner recommends that banks in the agreement be separated by at least three miles--they certainly should not be in the same building or office complex. Testing of the plan at least once a year should be part of the agreement. The bank's board decides what type of arrangement it wants to have, notes Turner. If it doesn't understand the risks associated with reciprocal agreements, it may agree to one without recognizing the repercussions, warns Turner. "The directors are probably more at risk than anybody else in the bank, both personally and financially," he adds. "Most banks won't get it right the first time they establish a plan," notes Turner. "The average time it takes to get a plan done right is about three years." FIND OUTSIDE HELP. After that, the process becomes easier. Outside expertise can help speed the process. …