As a forecasted above-normal Atlantic hurricane season picks up speed, it's a good reminder of how important it is for financial institutions to review their business-continuity plans. That applies to all banks and credit unions; not just those in hurricane-prone areas.
Having a strategy for backups, whether taped, on the cloud or through a trusted partner, is the first step toward getting back to business as usual.
Here are seven tips that can help financial institutions maintain business continuity in times of crisis.
1. Continue to Work From Wherever You Are
Even if branches sustain critical damage from a storm or a virus prevents people from coming into work, financial institutions still need to serve their accountholders.
To be ready for staff to work off-site, have a secure virtual private network (VPN) in place with more bandwidth than you think you'll need. Run an after-hours load test during which everyone logs in remotely at the same time.
Make sure tellers, loan officers and other typically branch-centric staff can access needed systems and know whom to contact in case they lose access. Provide login tips and security standards in simple formats. Nobody reads a book-length manual during a disaster.
2. Have Multiple Paths for Internet Access
Chances are if a major storm hits your area, there will be a large area outage.
Too often, financial institutions have one circuit to the internet that feeds all locations. But redundancy is important to maintain business as usual in the event of an outage.
Using multiple paths through a mesh network to provide employee access to VPN is a best practice.
3. Know How to Reach Critical Vendors
Critical vendors can make a business disruption run much more smoothly.
ATM, home banking and other critical third-party vendors, if up and running, can provide a sense of security for members, customers and staff. Being able to contact the correct person at various vendors at any time is key to maintaining business as usual.
Include contact information in your business-continuity plan for all critical vendors and make sure it's readily accessible for all staff.
4. Identify Disruptions Before They Happen
Business disruptions can come in many forms, including physical damage to buildings, utility outages and absent employees.
It's important to plan for as many scenarios as possible.
When you have a well-defined, well-tested plan, you can be prepared for whatever nature sends your way.
5. Build a Recovery Team
With a recovery team in place, financial institutions can bounce back quickly following a disruption.
Training key staff is paramount for a successful recovery. Highlight and clearly define key functions and roles on a contact sheet and revisit those roles at least annually. The goal is to get business functions back on track quickly to help accountholders when they need you most.
Think through processes such as how to get a contract signed or a loan approved without the usual systems in place. For example, an organization's shipping and receiving operation is critical following a disaster because it can ensure safe transit of cash shipments, statements and official documents. Establish a calling tree and test it.
6. Conduct a Business Impact Analysis and Risk Assessment
Important pieces of any business-continuity plan are the business impact analysis (BIA) and risk assessment (RA).
A BIA allows you to evaluate the effect on business, predict the consequences of a disruption and gather the information needed to develop recovery strategies. Potential loss scenarios and risk exposure will be identified during the RA.
7. Find Power in Power
Backup power systems or generators are big assets, but only if they work. Regularly double-check and test backup systems.
Check fuel levels and maintenance status and review procedures to start the backup systems. Your contact sheet should include fuel delivery and maintenance, if needed.
Test the Plan, Then Test it Again
A business-continuity plan is functional only if it's properly tested. There are many levels of testing, from simple tabletop exercises to full-fledged failover. Testing can ensure the comfort level needed to perform recovery steps when a disaster occurs.
The best tips we've heard from financial institutions that have navigated disasters are to stay calm, think clearly and check in with staff often. When you have a well-defined, well-tested plan, you can be prepared for whatever nature sends your way.