5 September 2002 Source: http://www.access.gpo.gov/su_docs/aces/fr-cont.html ----------------------------------------------------------------------- [Federal Register: September 5, 2002 (Volume 67, Number 172)] [Notices] [Page 56835-56842] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr05se02-52] ----------------------------------------------------------------------- FEDERAL RESERVE SYSTEM [Docket No. R-1128] DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency [Docket No. 02-13] SECURITIES AND EXCHANGE COMMISSION [Release No. 34-46432; File No. S7-32-02] Draft Interagency White Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System AGENCIES: Board of Governors of the Federal Reserve System (Board); Office of the Comptroller of the Currency, Treasury (OCC); and Securities and Exchange Commission (SEC). ACTION: Request for comment. ----------------------------------------------------------------------- SUMMARY: The Federal Reserve, the Office of the Comptroller of the Currency and the Securities and Exchange Commission are publishing this draft white paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System for comment. The New York State Banking Department and the Federal Reserve Bank of New York also participated in drafting the paper. The New York State Banking Department is issuing the paper separately for comment by interested persons. The federal agencies and the New York State Banking Department are referred to as the ``agencies'' in the paper. The paper discusses the views of the agencies on sound practices based on discussions with industry representatives on how the events surrounding September 11, 2001, have altered business recovery and resumption expectations for purposes of ensuring the resilience of the U.S. financial system and seeks comments on those views. DATES: Comments must be received on or before October 21, 2002. ADDRESSES: Comments should be directed to: Board: Comments should refer to Docket No. R-1128 and should be submitted to Ms. Jennifer J. Johnson, Secretary, Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue, NW, Washington, DC 20551, or mailed electronically to regs.comments@federalreserve.gov. Comments addressed to Ms. Johnson may also be delivered to the Board's mail facility in the West Courtyard between 8:45 a.m. and 5:15 p.m., located on 21st Street between Constitution Avenue and C Street, NW. Members of the public may inspect comments in Room MP-500 of the Martin Building between 9 a.m. and 5 p.m. on weekdays pursuant to Sec. 261.12, except as provided in Sec. 261.14, of the Board's Rules Regarding Availability of Information, 12 CFR 261.12 and 261.14. OCC: Please direct all comments concerning this paper to: Office of the Comptroller of the Currency, 250 E Street, SW., Public Information Room, Mail Stop 1-5, Washington, DC 20219, Attention: Docket No. 02-13; fax number (202) 874-4448; or Internet address: regs.comments@occ.treas.gov. Due to recent temporary disruptions in the OCC's mail service, we encourage the submission of comments by fax or e-mail whenever possible. Comments may be inspected and photocopied at the OCC's Public Reference Room, 250 E Street, SW, Washington, DC. You can make an appointment to inspect comments by calling (202) 874-5043. SEC: All comments concerning the paper should be submitted in triplicate to Jonathan G. Katz, Secretary, Securities and Exchange Commission, 450 5th Street, NW., Washington, DC 20549-0609. Comments can be submitted electronically at the following E-mail address: rule- comments@sec.gov. All comment letters should refer to File No. S7-32- 02; this file number should be included on the subject line if E-mail is used. All comments received will be available for public inspection and copying in the Commission's Public Reference Room, 450 5th Street, NW., Washington, DC 20549. Electronically submitted comment letters will be [[Page 56836]] posted on the Commission's Internet Web site (http://www.sec.gov). FOR FURTHER INFORMATION CONTACT: Board: Jeffrey Marquardt, Associate Director, Division of Reserve Bank Operations and Payment Systems (202) 452-2360; or Angela Desmond, Assistant Director, Division of Banking Supervision and Regulation (202) 452-3497. OCC: Ralph Sharpe, Deputy Comptroller for Bank Technology (202) 874-4572; or Aida Plaza Carter, Director, Bank Information Technology Operations (202) 874-4740. SEC: David Shillman, Counsel to the Director, Division of Market Regulation (202) 942-0072; or Peter Chepucavage, Attorney Fellow (202) 942-0163. SUPPLEMENTARY INFORMATION: Based on in-depth discussions with industry representatives, the agencies have reached certain conclusions regarding the necessity to assure the resilience of critical U.S. financial markets in the face of wide-scale, regional disruptions and identified a number of sound practices to strengthen the resiliency of the overall U.S. financial system and the respective U.S. financial centers. Ensuring the resilience of critical financial markets requires that core clearing and settlement organizations and other firms that play significant roles in critical financial markets, many of which enjoy the benefits of operating out of major financial centers, will be able to perform their critical activities even in the event of a wide- scale, regional disruption. The agencies are seeking comment on the sound practices discussed below. Upon issuance of a final paper, the agencies intend to incorporate these sound practices into supervisory expectations or other forms of guidance. This paper is meant to supplement the agencies' respective existing policies and other guidance on business continuity planning by financial institutions. Because of the criticality of protecting the financial system after September 11, the sound practices focus on minimizing immediate systemic effects of wide- scale regional disruption of critical wholesale financial markets and therefore do not address issues relating to retail financial services. Section I of this paper discusses business continuity objectives that have special importance after September 11 and their scope of application. Section II provides the agencies' preliminary conclusions with respect to key factors affecting the resilience of critical markets and activities in the U.S. financial system; sound practices to strengthen financial system resilience; and an appropriate timetable for implementing these sound practices. Section III contains a summary and analysis of the industry discussions that provided a basis for the agencies' preliminary conclusions, with a focus on private-sector perspectives; recovery of critical activities; confidence in recovery and resumption plans through use or testing; and implementation considerations. Section IV outlines next steps following issuance of the agencies' final views. Section V concludes this paper with a request for comment on the sound practices. Draft Interagency White Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System I. Business Continuity Objectives and Scope of Application The Federal Reserve, the Office of the Comptroller of the Currency, the Securities and Exchange Commission and the New York State Banking Department (the agencies) have been meeting with industry participants to analyze the lessons learned from the events of September 11, with a view towards strengthening the overall resilience of the U.S. financial system in the event of a wide-scale, regional disruption. This effort began with a set of interviews with a number of large banking and securities firms, clearing and settlement organizations, and payment system operators to identify ``what worked'' and what could be improved going forward. On February 13, 2002, the agencies issued a discussion note on lessons learned and their implications for business continuity.\1\ On February 26, the agencies met with a group of large financial firms and financial utilities to discuss these findings, identify areas of consensus, and exchange views on how industry members can act as catalysts in achieving greater internal and industry resilience.\2\ Out of these and a series of in-depth, follow-up discussions, the agencies identified broad consensus on three business continuity objectives that have special importance after September 11: --------------------------------------------------------------------------- \1\ The note is posted on each of the agencies web sites. See, e.g., http://www.sec.gov/divisions/marketreg/lessonslearned.htm. \2\ The summary is posted on each of the agencies web sites. See, e.g., http://www.federalreserve.gov/boarddocs/staffreports/. --------------------------------------------------------------------------- [sbull] Rapid recovery and timely resumption of critical operations following a wide-scale, regional disruption; [sbull] Rapid recovery and timely resumption of critical operations following the loss or inaccessibility of staff in at least one major operating location; and [sbull] A high level of confidence, through ongoing use or robust testing, that critical internal and external continuity arrangements are effective and compatible. Based on this extensive dialogue, the agencies have reached certain preliminary conclusions with respect to the factors affecting the resilience of critical markets and activities in the U.S. financial system; sound practices to strengthen financial system resilience; and an appropriate timetable for implementing these sound practices. Following a public comment period, the agencies will issue in final form their views on sound practices for strengthening the resilience of the financial system in the event of a wide-scale, regional disruption. The agencies are issuing their views to guide financial organizations as they complete their reviews of business continuity plans and make strategic investments to strengthen their capabilities. The agencies view these sound practices as being most applicable to organizations that present a type of systemic risk should they be unable to recover or resume critical activities that support critical markets. In this context, ``systemic risk'' includes the risk that the failure of one participant in a transfer system or financial market to meet its required obligations will cause other participants to be unable to meet their obligations when due, causing significant liquidity or credit problems and threatening the stability of financial markets.\3\ The organizations that could present such systemic risk should they be unable to recover (i.e., complete) and resume (i.e., carry on) critical activities consist of core clearing and settlement organizations. Other firms that play a significant role in critical financial markets also could contribute to systemic risk should they be unable to recover critical activities. These organizations and key terms are described more fully below. --------------------------------------------------------------------------- \3\ The use of the term ``systemic risk'' in this paper is based on the international definition of systemic risk in payments and settlement systems contained in ``A glossary of terms in payment and settlement systems,'' Committee on Payment and Settlement Systems, Bank for International Settlements (2001). --------------------------------------------------------------------------- Critical markets provide the means for banks, securities firms, and other financial institutions to adjust their key cash and securities positions and those of their customers in order to manage significant liquidity, market, and other risks to their organizations. Critical markets also provide support for the provision of a wide range of financial services to businesses and consumers in [[Page 56837]] the United States. Certain markets such as the Federal funds and government securities markets also support the implementation of monetary policy. For purposes of this paper, ``critical markets'' are defined as the markets for [sbull] Federal funds, foreign exchange and commercial paper [sbull] Government, corporate, and mortgage-backed securities [sbull] ``Core clearing and settlement organizations'' consist of market utilities that provide critical clearing and settlement services for financial markets and large value payment system operators. Core clearing and settlement organizations also consist of firms that provide similar critical clearing and settlement services for critical financial markets in sufficient volume or value to present systemic risk in their sudden absence, and for whom there are no viable immediate substitutes. [sbull] ``Firms that play significant roles in critical financial markets'' are those that participate in sufficient volume or value such that their failure to perform critical activities by the end of the business day could present systemic risk. There are different ways to gauge the significance of such firms in critical markets. The agencies believe that many if not most of the 15-20 major banks and the 5-10 major securities firms, and possibly others, play at least one significant role in at least one critical market. In the context of these sound practices, the agencies are considering the benefit of providing additional guidance (e.g., in terms of market-share or dollar-value thresholds) to help firms identify the category into which they fall for the specific activities they perform. For purposes of these sound practices, a ``wide scale, regional disruption'' is one that causes a severe disruption of transportation, telecommunications, power, or other critical infrastructure components across a metropolitan or other geographic area and its adjacent communities that are economically integrated with it; or that results in a wide-scale evacuation or inaccessibility of the population within normal commuting range of the disruption's origin. II. Resilience of Critical Markets and Activities in the U.S. Financial System and Sound Practices A. Resilience of Critical Markets and Activities in U.S. Financial System Critical Markets. The resilience of the U.S. financial system in the event of a wide-scale, regional disruption rests on the rapid recovery and resumption of critical financial markets defined above and the activities that support them. Recovery of Critical Activities. The rapid restoration of critical financial markets, and the avoidance of potential systemic risk, requires firms that play significant roles in those markets to recover business processes and functions sufficient to complete critical activities by the end of each business day. These critical activities are: (a) Completing pending large-value payment instructions; (b) Clearing and settling material pending transactions; (c) Meeting material end-of-day funding and collateral obligations necessary to assure the performance of items (a) and (b) above; (d) Managing material open firm and customer risk positions, as appropriate and necessary to assure the performance of items (a) through (c) above; (e) Communicating firm and customer positions necessary to assure the performance of items (a) through (d) above, reconciling the day's records, and safeguarding firm and customer assets; and (f) Performing all support and related functions that are integral to the above critical activities. Recovery and Resumption of Critical Activities. The rapid resumption of critical financial markets requires that core clearing and settlement organizations be able to recover and resume within the business day the critical activities they perform that support the recovery of critical markets. These include the recovery of critical activities discussed above as well as the resumption of: (a) Processing new large-value payment instructions; (b) Clearing and settling material new transactions; (c) Managing material ongoing funding and collateral requirements necessary to assure the performance of items (a) and (b) above; (d) Managing material ongoing firm and customer risk positions, as appropriate and necessary to assure the performance of items (a) through (c) above; (e) Communicating changes in firm and customer positions necessary to assure the performance of items (a) through (d) above, reconciling the day's records, and safeguarding firm and customer assets; and (f) Performing all support and related functions that are integral to the above critical activities. B. Sound Practices to Strengthen U.S. Financial System Resilience The agencies have identified the following sound practices for core clearing and settlement organizations and other firms that play significant roles in critical financial markets. The sound practices address the risks of a wide-scale, regional disruption and strengthen the resilience of the financial system. They also reduce the potential for a regional disruption to have an undue impact on one or more critical markets because primary and back-up processing facilities and staffs are concentrated in a particular geographic region. 1. Identify critical activities. Core clearing and settlement organizations and other firms that play significant roles in critical financial markets should identify all the critical activities they perform in support of critical markets. 2. Determine the appropriate recovery and resumption objectives. Firms that play significant roles in critical financial markets should, at a minimum, plan to recover on the same business day the critical activities they perform that support the recovery of critical markets. In fact, an emerging industry objective appears to be for firms that play significant roles in critical financial markets generally to set a recovery-time target of no later than four hours after the event. Core clearing and settlement organizations should plan both to recover and to resume fully within the day their critical activities that support critical financial markets. An emerging industry objective appears to be for such organizations generally to set a resumption-time target no later than two hours after the event. 3. Maintain sufficient out-of-region resources to meet recovery and resumption objectives. Firms that play significant roles in critical markets, at a minimum, should have back-up arrangements with sufficient out-of-region staff, equipment, and data to recover their critical activities within their recovery-time objectives.\4\ These arrangements can range from a firm establishing its own out-of-region back-up facility for data and operations, to arranging for the use of remote outsourced facilities. The objective is to minimize the risk that a primary and a back-up site, and their respective labor pools, could both be impaired by a single wide-scale, regional disruption, including one centered somewhere in between them. Core clearing and settlement organizations should have sufficient out-of-region resources both to [[Page 56838]] recover and to resume fully their critical activities within their recovery and resumption-time objectives. Although there may be a variety of approaches that could be effective, out-of-region back-up locations should not be dependent on the same labor pool or infrastructure components used by the primary site, and their respective labor pools should not both be vulnerable to simultaneous evacuation or inaccessibility. Infrastructure components include transportation, telecommunications, water supply and electric power. --------------------------------------------------------------------------- \4\ The agencies are not recommending as a sound practice that firms move their primary sites out of center-city locations. There are many important business and internal control reasons for having processing sites near financial markets and firms' headquarters. It is the separation between primary and alternative processing sites that is important in promoting resilience. --------------------------------------------------------------------------- 4. Routinely use or test recovery and resumption arrangements. Firms that play significant roles in critical financial markets and core clearing and settlement organizations should routinely use or test their individual internal recovery and resumption arrangements for required connectivity, functionality, and volume capacity. Such institutions should also work cooperatively to design and to schedule appropriate cross-organization tests to assure the compatibility of individual recovery and resumption strategies within and across critical markets. C. Timetable for Developing Plans and Implementing Sound Practices Firms should be enhancing their business continuity plans to address wide-scale, regional disruptions, including adoption of implementation plans to achieve these sound practices. To the extent that these sound practices require revisions of the plans, they should be completed as soon as possible and no later than 180 days after the agencies issue their final views. The agencies recognize that firms that play significant roles in critical financial markets are in different stages of their planning and investment cycles regarding new facilities, technology, staffing, and business processes. Furthermore, some have built, or are in the process of establishing, back-up sites or other arrangements that, while improving resilience, may not be fully consistent with these sound practices. Given their different circumstances, it may take some firms longer than others to implement all of these sound practices in a cost-effective manner. Accordingly, while the agencies recognize the need for some flexibility in implementation timetables, firms nevertheless should strive to achieve these sound practices as soon as practicable. All core clearing and settlement organizations, however, should begin to implement plans to establish out-of-region back-up resources within the next year. III. Summary and Analysis of Industry Discussions A. Private-Sector Perspectives The events of September 11 underscored the fact that the financial system operates as a network of interrelated markets and participants. The behavior of an individual participant can have a wide-ranging effect beyond its immediate counterparties. Firms agreed that all participants in the financial system should strive to incorporate the three business continuity objectives into their plans; however, they also made clear that ``one size does not fit all.'' There was agreement that some critical activities, including safeguarding and transferring funds and financial assets, are so vital to the operation of the financial system that they should continue with minimal disruption, even in the event of a wide-scale, regional disruption. All firms recognize the importance of critical financial markets to their own operations and to the financial system overall in the event of a wide-scale, regional disruption. Core clearing and settlement organizations play a particularly crucial role in permitting firms and markets that are affected by the event to recover and resume operations as well as in permitting firms and markets that are unaffected to continue to operate. For example, in order for firms affected by a disruption to recover critical activities by the end of the day, including clearing and settling pending transactions, clearing and settlement organizations must themselves be able to recover and resume operations within the day. In addition, if some firms are unaffected by the disruption and are able to support the continued operation of critical markets to some degree, clearing and settlement organizations must be able to conduct operations. If clearing and settlement organizations are not able to operate in such circumstances, they likely will contribute to the amplification of potential systemic risks. For core clearing and settlement organizations, the dimensions of this systemic risk would likely be national and even international. As a result of these considerations, core clearing and settlement organizations recognize that in the event of a wide-scale, regional disruption they must be able to both recover and fully resume critical activities within the day, and typically within a very limited period of time. Firms that play significant roles in critical financial markets also should meet high recovery standards. The agencies have found that industry participants generally recognize their respective roles in improving the overall resilience of the financial system and have made it a priority to complete internal preparations, share information and coordinate efforts. Firms indicated that economic trades-offs and competitive considerations exist in making strategic decisions about business continuity that require the continuing leadership of senior management and should not be left to the discretion of individual business units. B. Recovery of Critical Activities Business continuity plans address a variety of issues, including emergency response procedures assuring the safety of personnel, effective internal and external communications, and implementation of business recovery and business resumption strategies. The business continuity planning process involves a careful enterprise-wide analysis, including an assessment of the impact of an unexpected disruption of business processes and associated risks. Among other things, plans are designed to manage those risks by arranging for the recovery of critical activities to permit an orderly resolution of outstanding obligations. Firms also are expected to monitor their business continuity risks by testing and updating plans periodically.\5\ --------------------------------------------------------------------------- \5\ There are numerous sources of information on sound practices for business continuity planning. See, e.g. www.thebci.org; http:// www.business-continuity.com; www.bsi-global.com. --------------------------------------------------------------------------- Business recovery preparations enable a firm to recover the operation of a disrupted business process or function in order to manage firm and customer risks.\6\ At a minimum this includes recovery of those ``critical activities'' necessary to permit the clearance and settlement of pending transactions; management and reconcilement of firm and customer positions; completion of the day's large value payments; and arranging for collateral or end-of-day funding. This also includes recovery of activities or systems that support or are integrally related to the performance of these critical business processes or functions. Business recovery preparations related to these critical activities are crucial to the smooth operation of the financial system. Given the complex interdependencies of markets and among participants, thorough preparations reduce the [[Page 56839]] potential that a sudden disruption experienced by a few firms will cascade into market-wide inefficiencies and liquidity dislocations.\7\ All firms recognize that business recovery is a core element of more comprehensive business continuity plans. --------------------------------------------------------------------------- \6\ The goal of business recovery plans is the recovery of a particular activity or function, and not the recovery of a disabled facility or system. The goal of business resumption is the effecting and processing of new transactions after old transactions have been completed. \7\ Under adverse market conditions or in the event of credit concerns about institutions, liquidity dislocations of the type experienced immediately after September 11 could be seriously compounded. --------------------------------------------------------------------------- In discussions with industry members, firms often stated that the financial system is only as strong as its ``weakest link.'' Each firm has to ensure that its business continuity plans provide robust business recovery arrangements for the activities it performs that are critical to the smooth functioning of the financial system: wholesale payments processing, and clearance and settlement of money market instruments, government securities, foreign exchange, commercial paper and other corporate securities. Industry participants also recognize that core clearing and settlement organizations represent potential single points of failure in the financial system and therefore have the greatest responsibility for ensuring that they can recover and fully resume those activities in a timely manner. They also believe that firms that are significant participants in one or more critical markets or that effect a substantial volume or value of wholesale payments should develop robust recovery plans for critical activities in the event of a wide scale disruption when their primary sites and staffs may be inaccessible for some duration. Once a firm identifies its critical business functions and processes, it must establish recovery-time targets sufficient to ensure that it can carry out those functions and processes in a manner that will result in minimal disruption to the financial system. This facilitates the compatibility of recovery plans across firms and helps assure firms are able to participate in the financial system in times of wide-scale, regional disruptions. A number of firms stated that current technology permits recovery-time targets of between one to four hours for many critical activities, even when factoring in the possibility of needing to reconstruct lost data. In establishing recovery targets for critical activities, firms are coordinating their plans with the expectations of their respective core clearing and settlement organizations and peers. Some payment systems already have established robust recovery targets. Core clearing and settlement organizations are holding themselves to an intra-day recovery target--generally a few hours--and it is expected that technology will continue to improve upon those recovery times. Some also have, or are establishing, recovery times for their participants and, in such cases suggest that firms establish no later than end-of- day recovery targets. For example, wholesale payment systems have typically required participants to recover from a disruption in less than four hours, and many firms, including the payment systems themselves, are now able to achieve recovery times of substantially less than two hours. Industry members generally agree that recovery of critical activities and processes during a wide-scale, regional disruption requires establishment of some level of out-of-region arrangements for critical operations and the personnel and data that support them. The objective of establishing out-of-region arrangements is to minimize the risk that a primary site and a back-up site, and their respective labor pools could be impaired by a single, wide-scale, regional disruption. Although there may be other approaches that could be effective, firms generally agree that out-of-region locations should not be dependent on the same labor pool or infrastructure components used by the primary site and should not be affected by a wide-scale evacuation or the inaccessibility of the region's population. Examples of such arrangements include a fully operational out-of-region back-up facility for data and operations,\8\ and utilizing outsourced facilities in which equipment, software and data are stored for staff to activate. With this in mind, certain core clearing and settlement organizations, which are widely expected to recover and resume operations at full capacity indefinitely, and other firms that play significant roles in critical financial markets are establishing remote back-up facilities, in some cases hundreds or even thousands of miles away from the primary site. Some firms that already have a national or multi-region presence are planning to utilize out-of-region offices to establish back-up sites. Many are finding that there is the potential to achieve out-of- region staffing and system efficiencies by cross training staff or utilizing underused systems to share or shift loads. Other firms that play significant roles in markets or in effecting payments also are developing remote arrangements to ensure that they can recover critical data and operations during a wide-scale outage within expected recovery time targets. A number of firms in the process of identifying appropriate recovery arrangements stated that the events of September 11 have underscored the importance of building recovery strategies and capacities into their basic business processes.\9\ --------------------------------------------------------------------------- \8\ Generally referred to as ``hot'' sites, these facilities are fully equipped with hardware and software necessary to perform critical business functions and provide access to replicated data. This approach allows a firm to recover a function in minutes to a few hours depending on the integrity of the data. \9\ A number of firms have expressed concerns about the reliability of telecommunications and other infrastructure providers, and the current limitations on an individual firm's ability to obtain verifiable redundancy of service from such carriers. Firms that have out-of-region facilities obtain additional diversity in their telecommunications and other infrastructure services that provide additional resilience in ensuring recovery of critical operations. Individual financial firms are also launching industry-wide efforts to explore common infrastructure issues and approaches. --------------------------------------------------------------------------- Recovery plans must anticipate the need to have sufficient trained staff located at or near the back-up site to meet recovery objectives and plans for resuming a critical function at normal volumes for an extended duration. Firms are staffing remote back-up sites in a variety of practical and cost-effective ways. For example, firms operating active back-up sites often have full-time staffs who regularly perform the critical activities. Other firms plan to cross-train staff already located at remote sites so that they are able to assume responsibility for performing more critical back-up operations during an outage at the primary site. Firms that outsource their business resumption facilities to an out-of-region facility may have some staff located there. In general, firms that establish out-of-region facilities recognize that relocating employees is useful during the start-up/training period of developing a facility; however, it may be necessary to develop and maintain ``local talent'' to operate these facilities in the event of an extended outage and loss or inaccessibility of staff at the primary site. Some firms do not have sufficient volumes to warrant establishing geographically remote back-up facilities capable of providing full resumption over the near term. Nevertheless, many are taking steps to provide for the out-of-region recovery of transactional data and other resources to complete critical activities within target recovery times. Ensuring that back-up facilities have access to current data is a critical component of business recovery. Firms recognize that out-of- region facilities fall beyond the current distance capacity of some high-volume, synchronous [[Page 56840]] mirrored disk back-up technology,\10\ and those establishing such facilities are taking a number of steps to minimize the potential for losing data in transit. For example, a number of firms are transmitting data continuously to local and remote back-up data centers resulting in multiple back-up databases. Others are sending more frequent batches to their remote back-up sites or to data storage locations electronically. Some firms maintain multiple replicas of their databases at various locations that can be accessed for production and other uses. In addition, a number of firms are establishing active back-up arrangements that permit the primary site automatically to shift production with little or no staff involvement, providing a very rapid recovery capability. These steps can significantly reduce the amount of time it takes to recover lost transactions and improve the ability of a firm to recover the function or process. Technology is evolving rapidly in this area; for example, software and hardware innovations are expected to provide the ability to maintain synchronous databases at even longer distances. Some firms are establishing systems and business strategies that permit the use of continued improvements in technology to achieve the greatest geographical diversity practicable. --------------------------------------------------------------------------- \10\ Estimates of the distance limitations of such technology typically range from 60-100 km. --------------------------------------------------------------------------- Sound planning includes developing flexible plans that incorporate alternative recovery and resumption arrangements. These plans often can be activated to respond to more commonly experienced contingencies that affect fairly small geographic areas and were the subject of most plans before September 11. For example, some firms that require real-time data back-up have or are establishing in-region back-up sites that employ synchronous technology and are easily accessible in situations that do not involve a wide area disruption. Other examples include developing numerous small recovery sites that are locally accessible by employees and can be used to perform essential business functions; requiring a percentage of employees in a function to telecommute each day; dividing employees into shifts over a 24 hour period; and modifying information systems security access protocols to permit access to desk tops and data from home (virtual offices). These measures provide additional resilience in responding to a disruption in an appropriate and practical manner. C. Confidence in Recovery and Resumption Plans through Use or Testing In responding to the events of September 11, many firms used plans developed during Year 2000 preparations. Although these plans worked well, some found that back-up data bases, facilities, contact information and other aspects of their plans were not sufficiently up- to-date. As a result, firms expressed a renewed commitment to ensure that critical internal and external business recovery and resumption arrangements are effective, communicated and rehearsed by all staff on a regular basis. Some firms report that they are achieving a high level of confidence through the continuous use of two sites (i.e., active'active model), or by switching over to alternate facilities on a regular basis. Periodic testing is an important and long-standing component of the business continuity planning process. Firms typically stage tests of particular systems, processes (e.g., communications facilities) or business lines to limit risks inherent in tests utilizing production workloads. Sound practice includes designing tests to simulate high impact scenarios, e.g., through switch or fail over to back-up facilities with no advance warning. One of the lessons learned during September 11 is that testing of internal systems alone is no longer sufficient. It also is critical to test back-up facilities with the primary and back-up facilities of markets, core clearing and settlement organizations and service providers to ensure connectivity, capacity and the integrity of data transmission. Moreover, firms are planning to share back-up contact information and test arrangements with counterparties and important customers. A number of firms and trade associations also have expressed a willingness to participate in or sponsor industry-wide testing. As firms successfully complete the more limited testing discussed above, appropriately scaled industry-wide testing could prove beneficial. Discussions within the industry on possible approaches are ongoing, and the prospect provides an incentive for firms to complete internal preparations so that there can be maximum participation. One possibility may be to take a staged approach by organizing respective tests with the core clearing and settlement organizations. As confidence grows, end-to-end tests could be organized. D. Implementation Considerations After September 11, financial firms naturally initiated a lessons learned process with a view towards strengthening their business continuity plans. Industry meetings with the agencies in February 2002 and throughout the Spring confirmed that this process is nearing completion at many firms. The process has two components. First, firms are taking immediate steps to ensure that they address obvious gaps and refine plans to address near-term risks. Many are participating in industry initiatives aimed at improving private sector coordination and identifying sound practices with the intent of assuring that their plans are compatible with their peers. Some of these steps include sharing contact information; procuring alternative telecommunications facilities; and meeting with disaster recovery authorities to determine the availability of resources to facilitate business recovery activities. Second, firms are well along in reviewing and strengthening long-term strategic plans for business recovery and continuity of operations. A number of firms already are discussing alternative solutions at the most senior level to ensure that final plans are consistent with overall business objectives, risk management strategies and financial resources. Most firms indicate that they will complete their strategic plans and implementation timetables by year-end or shortly thereafter. Some core clearing and settlement organizations already are in the process of establishing out-of-region, fully staffed and operational back-up facilities and expect to be operational within the next year. Sound practice for all firms includes implementing long-range plans as soon as practicable in order to protect and enhance their franchise \11\ and promote confidence in the strength of the financial system. It also is important for firms that play significant roles in the financial markets and payments systems to ensure that their implementation plans are consistent with the expectations of those markets, systems and peers. Firms also are finding it appropriate to share information about the status of implementation with their core clearing and settlement organizations, counterparties and important customers.\12\ --------------------------------------------------------------------------- \11\ Customers increasingly are seeking assurances that their financial firms have the necessary resilience to continue operations should a disaster occur, and firms are evaluating the resilience of counterparties for purpose of initiating or continuing business relationships. \12\ One way for firms to share such information is to provide periodic progress reports on the implementation of business recovery and resumption arrangements to their utilities and others who are dependent upon the strength of their business continuity arrangements for critical activities, including customers, counterparties and vendors. --------------------------------------------------------------------------- [[Page 56841]] IV. Next Steps Financial industry participants, and in particular those firms that were affected directly or indirectly by the September 11 attacks, are committed to ensuring the continued viability of the U.S. financial system by strengthening their own business continuity plans and improving the resilience of domestic markets and payments systems in the event of a wide-scale, regional disruption. Many firms are taking steps to integrate the broader objectives discussed above into their business continuity plans while balancing the costs associated with achieving same-day recovery capabilities for critical activities. Core clearing organizations are exploring their intra-day business resumption capabilities. It is important to ensure that plans are flexible enough to incorporate evolving technologies that provide greater resilience of critical business functions and processes. The agencies believe that the lessons of September 11 are relevant to all financial system participants. Accordingly, it is incumbent upon all firms to determine the extent to which it would be practicable to achieve the broader business recovery objectives for critical activities in the near future. To the extent that these sound practices require revisions of the plans, firms should largely complete the planning process, including adoption of implementation plans, no later than 180 days after issuance of the agencies' final views and implement them as soon as practicable. The agencies recognize that firms that play significant roles in critical financial markets are in different stages of their planning and investment cycles regarding new facilities, technology, staffing, and business processes. Furthermore, some have built, or are in the process of establishing, back-up sites or other arrangements that, while improving resilience, may not be fully consistent with these sound practices. Given their different circumstances, it may take some firms longer than others to implement all of these sound practices in a cost-effective manner. Accordingly, while the agencies recognize the need for some flexibility in implementation timetables, firms that play significant roles in critical markets nevertheless should strive to achieve these sound practices as soon as practicable. All core clearing and settlement organizations, however, should begin to implement plans to establish out-of-region back-up resources within the next year. Meeting these planning and implementation goals will require the continued oversight and commitment of senior management. The agencies will expect core clearing and settlement organizations and other financial firms that play a significant role in critical financial markets to adopt the sound practices outlined in this paper. Furthermore, the agencies intend to incorporate these sound practices into supervisory expectations or other forms of guidance for purposes of reviewing the overall adequacy of those portions of business continuity plans that address the recovery of critical activities necessary to ensure the resilience of the financial system. Firms can expect the agencies to review plans for their reasonableness and to take a keen interest in the appropriateness of plans to address risk relative to the firm's position in a critical market or in effecting large value payments. This will include consideration of the probable effects a disruption of a firm's activities would have on the financial system. As part of their ongoing review process, the agencies will consider how firms identify their critical activities, the appropriateness of the recovery and resumption objectives they set, and the adequacy of their plans for achieving those objectives. The agencies will include consideration of whether recovery-time and resumption-time targets and implementation schedules are consistent with market and peer expectations. Finally, the agencies will review the firm's assessment of test plans and results to confirm that the firm is appropriately able to manage its business risks should a wide- scale, regional disruption occur. V. Request for Comments The agencies invite comments on the appropriate scope and application of the sound practices and implementation timetable discussed above, as well as other issues relevant to strengthening the resilience of the financial system in the face of wide-scale regional disasters. In particular the agencies invite comment in the following areas: Scope of application. Have the agencies excluded any critical markets? Have the agencies sufficiently defined the term ``core clearing and settlement organizations'' for such organizations to identify themselves? Have the agencies provided sufficient guidance for firms to determine whether they play ``significant roles in critical financial markets?'' Are there other measures or additional facts or circumstances that should be used to determine whether a firm plays a significant role or acts as a core clearing organization? Should the agencies establish an average daily dollar volume (e.g., $20 billion, $50 billion, $150 billion or some larger amount) or a market share test (e.g., 3, 5, 7, 10 percent market share or some larger amount) as a benchmark for either or both of these categories? Should such benchmarks differ by market or activity? In some market segments, there are geographic concentrations of primary and back-up facilities of firms with relatively small market shares. Should sound practices take into consideration the geographic concentration of the back-up sites of firms that as a group could play a significant role in critical markets? One of the reasons core clearing organizations are expected to recover and resume is that there are no effective substitutes that can assume their critical activities; is this also true for some or all firms that play significant roles in critical markets? Should any firms that play significant roles in critical markets be required to meet an intra-day standard for recovery and resumption because of the size of their market share or volume, or the significance of the services they perform for other firms (e.g. as a correspondent bank or clearing broker) in clearing and settling material amounts of transactions and large-value payments? Does the paper's definition of a ``wide-scale, regional disruption'' provide sufficient guidance for planning for wide-scale, regional disruptions? Is there a need to provide some sense of duration of a wide-scale, regional disruption? If so, what should it be? Recovery and Resumption of Critical Activities. Have the agencies identified the critical activities needed to recover and resume operation in critical markets? Is there a need to define the term ``material'' in this context? If so, what should be used? Sound practice seems to require firms that play significant roles in critical markets to establish recovery targets of four hours after an event for their critical activities. Is this a realistic and achievable recovery-time objective for firms that play significant roles in critical markets? If not, what would be? Similarly, sound practice seems to require core clearing and settlement organizations to establish recovery and resumption targets of two hours for critical activities. Is this a realistic and achievable resumption-time objective for core clearing and settlement organizations? Should recovery- and resumption-time objectives differ according to critical markets? [[Page 56842]] Sound practices. Have the agencies sufficiently described expectations regarding out-of-region back-up resources? Should some minimum distance from primary sites be specified for back-up facilities for core clearing and settlement organizations and firms that play significant roles in critical markets (e.g., 200-300 miles between primary and back-up sites)? What factors should be used to identify such a minimum distance? Should the agencies specify other requirements (e.g., back-up sites not be dependent on the same labor pools or infrastructure components, including power grid, water supply and transportation systems)? Are there alternative arrangements (i.e., within a region) that would provide sufficient resilience in a wide- scale, regional disruption? What are they? Are there other arrangements that core clearing and settlement organizations should consider, such as common communication protocols, that would provide greater assurance that critical activities will be recovered and resumed? Timetable for Implementation. To ensure that enhanced business continuity plans are sufficiently coordinated among participants in critical markets, should specific implementation timeframes be considered? Is it reasonable to expect firms that play significant roles in critical financial markets to achieve sound practices within the next few years? Should the agencies specify an outside date (e.g. 2007) for achieving sound practices to accommodate those firms that may require more time to adopt sound practices in a cost-effective manner? Would such distant dates communicate a sufficient sense of urgency for addressing the risk of a wide-scale, regional disruption? By order of the Board of Governors of the Federal Reserve System. Dated: August 29, 2002. Jennifer J. Johnson, Secretary of the Board. Dated: August 30, 2002. John D. Hawke, Jr., Comptroller of the Currency. By the Securities and Exchange Commission. Dated: August 29, 2002. Margaret H. McFarland, Deputy Secretary. [FR Doc. 02-22633 Filed 9-4-02; 8:45 am] BILLING CODE 6210-01-P; 4810-33-P; 8010-01-P