I ADMIT I AM A LITTLE LATE TO THE PARTY, but I decided last year that it was
time to start watching AMC’s “The Walking Dead.” Although I am not completely caught
up, I often wonder, what happened to all the banks and bankers? Weren’t they among the
best prepared? Surely each bank’s Business Continuity Plan saved them all—right?
We joke about zombies, but over the past year we’ve seen
a number of disasters that have been just as catastrophic
for some. According to data from the National Centers for
Environmental Information and the National Oceanic and
Atmospheric Administration (“NOAA”), there were 16 “billion
dollar” disasters in 2017, which resulted in more than $306
billion in damage, not including healthcare, loss of life, and
opportunity cost lost. Banks have had to develop Business
Continuity Plans to manage disasters and focus on recovery
and how to help their customers. Recent disasters include:
■ ■ ■ Hurricanes and Other Storms: Harvey, Irma, Maria
and Nate made landfall in 2017.
■ ■ ■ Nor’easters and other significant snow events: In the
U.S., these have already cost almost $3 billion in 2018.
■ ■ ■ Tornado outbreaks: Many of these occur with hurricanes and flooding and are devastating to communities.
■ ■ ■ Floods: Flooding in Louisiana in 2016 caused more
than $10.5 billion in damage; severe flooding in 2017
in CA, Oklahoma, Missouri and Arkansas resulted
in massive evacuations and billions of dollars spent.
■ ■ ■ Earthquakes and Volcanoes: A magnitude 6. 9 earthquake and the Kilauea volcano forced the evacuation of 1,700 residents and destroyed more than 35
structures, on the big island of Hawaii this past May.
These events are among several other earthquakes,
tsunamis and volcanoes recently.
■ ■ ■ Extreme Weather: While 2017 was not a “normal”
year, scientists think it is a baseline for a “new normal”
and that extreme events are likely to increase in both
intensity and frequency.
■ ■ ■ Wildfires: The 2017 California wildfire season was
the deadliest on record, with a total of 9,133 fires
burning 1,381,405 acres. Other wildfires across many
western and northwestern states burned over 9. 8
million acres, and more than 1 million acres burned
in Montana (California Department of Forestry
and Fire Protection and NOAA).
We can’t forget that mother nature isn’t the only one
causing problems. Man-made disasters can be just
as damaging and include:
■ ■ ■ Insider Threats: Insiders most easily perpetrate
fraud, theft or blackmail, and these threats can
cause losses, corruption of data, failure of systems,
and other issues that eventually lead to an inability to provide
full services to customers. Sabotage is also an issue, where
a disgruntled current or former employee has proprietary
knowledge of how to sabotage facilities, equipment and/
or data, and as a result, poses a threat.
If you thought disasters couldn’t be a viable threat, these
statistics may have changed your mind. But how do we plan
for disasters so that our banks can respond quickly and continue to service our customers? A disaster plan, or Business
Continuity Plan is a must. Here you’ll find what the basic
resources and requirements are, some things you should focus on in your plan, and some of the issues examiners have
noted. We will not focus on IT/Cybersecurity preparedness
with any specificity or any discussion of stress testing for
larger institutions, which are both large parts of continuity
planning, but fall outside of the scope of this article.
Financial Institution Regulatory
A Primer on the National Framework for
Disaster preparedness is not a new concept. On a national
scale, the Federal Emergency Management Agency or
DHS published a guide on how to respond to all
types of emergencies and disasters, and according to
FEMA, “provides context for how the whole community works together and how response efforts relate
to other parts of national preparedness.” It is organized into five mission areas: Prevention, Protection, Mitigation, Response and Recovery. There is a
Notice “private sectors” includes banks and bankers—