Your SlideShare is downloading. ×
Jim Devlin Comptroller of the Currency
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Jim Devlin Comptroller of the Currency

387
views

Published on

Published in: Business, Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
387
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  •  
  • .
  • .
  • .
  • Transcript

    • 1. Jim Devlin Comptroller of the Currency September 11, 2008 American Bankers Association Offices Business Continuity Planning / Regulatory Relief Working Group
    • 2. FFIEC Information Technology Examination Handbook
      • Audit
      • Business Continuity Planning
      • Development and Acquisition
      • E-Banking
      • Fed Line
      • Information Security
      080911
      • Management
      • Operations
      • Outsourcing Technology Services
      • Retail Payment Systems
      • Supervision of TSPs
      • Wholesale Payment Systems
      • FDIC, FRB, NCUA, OCC, OTS
      • Guidance and Examination Procedures
              • Examiners
              • Financial Institutions
              • Technology Service Providers
      • 12 Booklets in Series
    • 3. The "FFIEC InfoBase" concept was developed by the Task Force on Examiner Education to provide field examiners in financial institution regulatory agencies with a quick source of introductory training and basic information. The long-term goal of the InfoBase is to provide just-in-time training for new regulations and for other topics of specific concern to examiners in FFIEC's five member agencies. 080911 FFIEC BCP Booklet Revision http://www.ffiec.gov/ffiecinfobase/index.html
    • 4. 080911 FFIEC BCP Booklet Revision The new edition rescinds and replaces the previous Business Continuity Planning Booklet issued in March 2003. The BCP booklet was revised to reflect technological and regulatory changes with a focus on management’s responsibilities regarding oversight of the continuity planning process for business operations. While significant revisions were made, the focus continues to be based on an enterprise-wide, process-oriented approach that considers: technology, business operations, testing, and communication strategies that are critical to business continuity planning for the entire business, instead of just the information technology department.
    • 5.
    • 6. FFIEC BCP Booklet Revision 080911
      • Risk Monitoring and Testing
        • BIA and Risk Assessment
        • Roles and Responsibilities
        • Business Continuity Testing Life Cycle
        • In-house versus Serviced Testing
        • Appendix: Testing Program –
        • Governance and Attributes
        • Critical Infrastructure Expectations
      • Appendix: BIA Process
      • Lessons Learned from Hurricanes Katrina / Rita
        • Crisis Management
        • Incident Response
        • Remote Access
        • Communication Notification Standards
        • Internal and External Threats
        • Appendix: Pandemic Planning
        • Appendix: Interdependencies
      Focus: Enterprise-wide , process-oriented BCP Appendix: Examination Procedures
    • 7. FFIEC BCP Booklet Revision 080911
      • Risk Monitoring and Testing
          • Principles of Business Continuity Testing Program
            • BIA and Risk Assessment
            • Roles and responsibilities
            • Business Continuity Testing Life Cycle – policy, strategies, planning, plan review, methods, execution and documentation, evaluation, assessment, reporting results, updating the plan
          • In-house versus Serviced Testing Activities
            • Understand provider’s capabilities
            • Assess provider’s recovery capabilities
            • Participate in recovery testing activities
            • Review provider’s capabilities at least annually
    • 8. FFIEC BCP Booklet Revision 080911
      • Risk Monitoring and Testing (continued)
          • New Appendix:
          • H: Testing Program – Governance and Attributes
          • Governance
          • Testing Strategy
          • Test Planning
          • Critical Infrastructure Considerations / Expectations
          • Testing criteria for “Core” and “Significant” firms are now consistent with the Interagency Paper on Sound Practices to Strengthen the Resilience of the US Financial System .
    • 9. 080911 FFIEC BCP Booklet Revision
      • Business Impact Analysis Process (Appendix F)
          • Resulted from recommendation from small-medium institutions for additional examples
          • Business Impact Analysis Goals
          • Cyclical Steps in the Process
            • Gathering information
            • Performing a vulnerability assessment
            • Analyzing the information
            • Documenting the results / Presenting the recommendation
    • 10.
    • 11. FFIEC BCP Booklet Revision 080911
      • Lessons Learned: Hurricanes Katrina / Rita
          • Other Policies, Standards and Process
            • Crisis Management
            • Incident response
            • Remote Access
            • Notification Standards
          • Internal and External Threats (Appendix C)
            • Customers
            • Employees
            • Electronic Payment Systems
            • Affiliates, vendors and service providers
          • Interdependencies (Appendix E)
    • 12. 080911 FFIEC BCP Booklet Revision
      • Interdependencies (Appendix E)
          • Telecommunication systems
          • Liquidity needs
          • Vendor due diligence
          • Internal systems and business processes
    • 13. 080911 FFIEC BCP Booklet Revision
      • Examination Procedures (Appendix A)
          • Revised to address
              • Expanded Risk Monitoring and Testing
              • New Pandemic Planning
          • Tier 1 versus Tier 2 objectives
          • Designed to assist Examiners
          • Not intended as an Audit Guide
          • Use will differ by Agency
    • 14.
    • 15. FFIEC BCP Booklet Revision 080911
      • Pandemic Planning (Appendix D)
          • Continues Enterprise-wide concept
          • Identical to FFIEC December 2007 Guidance
          • Five critical elements that each plan should address:
            • Preventive program
            • Documented response strategy
            • Comprehensive framework to continue critical operations
            • Testing program
            • Oversight program
    • 16.
    • 17. Private Sector / Public Sector Regulatory Clarity Discussions 080911
          • Follow-Up to Roundtable on Pandemic Planning
          • Focused on Banking Sector Regulatory Relief
          • Initial Meeting - March 26, 2008
            • Regulatory Relief vs. Regulatory Clarity
            • Public Sector Regulatory Relief Abilities
            • Private Sector Regulatory Relief Expectations
            • Agreement on Action / Follow-Up Items
              • Discussion of FFIEC Agency Pandemic Plans
              • Development of Prioritized list of Anticipated Regulatory Relief needs
              • Consideration of the Issuance of an FFIEC document based on existing OTS and FFIEC documents
    • 18. Private Sector / Public Sector Regulatory Clarity Discussions 080911
          • Follow-Up Meeting - May 21, 2008
            • Discussion of Agency Pandemic Plans
            • Discussion of FFIEC “Pandemic Protocols”
            • Agreement on Action / Follow-Up Items
              • + 2-4 Weeks : Development of Prioritized list of anticipated regulatory relief needs
              • + 3-6 weeks : Consideration of the Issuance of an FFIEC document based on existing OTS and FFIEC documents
          • And then came summer,
            • and the West Coast fires
            • and the Mid West floods …… ;-)
    • 19. 080722 FFIEC BCP Booklet Revision Jim Devlin Special Advisor for Operational Risk (202) 874-5013 / (202) 359-6590 (cell) [email_address] Gracias ! Obrigado ! Merci ! Danke ! Thank You !

    ×