11 April 2003 Source: http://www.access.gpo.gov/su_docs/aces/fr-cont.html ----------------------------------------------------------------------- [Federal Register: April 11, 2003 (Volume 68, Number 70)] [Notices] [Page 17809-17814] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr11ap03-60] [[Page 17809]] ----------------------------------------------------------------------- FEDERAL RESERVE SYSTEM [Docket No. R-1128] DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency [Docket No. 03-05] SECURITIES AND EXCHANGE COMMISSION [Release No. 34-47638; File No. S7-32-02] Interagency Paper on Sound Practices To Strengthen the Resilience of the U.S. Financial System AGENCIES: Board of Governors of the Federal Reserve System; Office of the Comptroller of the Currency; and Securities and Exchange Commission. ACTION: Issuance of interagency paper. ----------------------------------------------------------------------- SUMMARY: The Federal Reserve Board (Board), the Office of the Comptroller of the Currency (OCC) and the Securities and Exchange Commission (SEC) are publishing an Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System. The Federal Reserve Bank of New York also participated in drafting the paper. The paper identifies three new business continuity objectives that have special importance in the post-September 11 risk environment for all financial firms. The paper also identifies four sound practices to ensure the resilience of the U.S. financial system, which focus on minimizing the immediate systemic effects of a wide-scale disruption on critical financial markets. The agencies expect organizations that fall within the scope of this paper to adopt the sound practices within the specified implementation timeframes, as described in more detail in the paper. FOR FURTHER INFORMATION CONTACT: Board: Jeffrey Marquardt, Associate Director, Division of Reserve Bank Operations and Payment Systems (202) 452-2360; or Angela Desmond, Assistant Director, Division of Banking Supervision and Regulation (202) 452-3497. OCC: Ralph Sharpe, Deputy Comptroller for Bank Technology (202) 874-4572; or Aida Plaza Carter, Director, Bank Information Technology Operations (202) 874-4740. SEC: Robert Colby, Deputy Director, Division of Market Regulation (202) 942-0094; David Shillman, Counsel to the Director, Division of Market Regulation (202) 942-0072; or Peter Chepucavage, Attorney Fellow, Division of Market Regulation (202) 942-0163. SUPPLEMENTARY INFORMATION: On September 5, 2002, the Board of Governors of the Federal Reserve System, Office of the Comptroller of the Currency, and the Securities and Exchange Commission published for comment a Draft Interagency White Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System.\1\ The draft white paper emphasized the criticality of protecting the financial system from serious new risks posed in the post-September 11 environment and described a series of sound practices that were identified by industry participants during a series of interviews and meetings with the agencies. Approximately 90 comment letters were submitted to one or more of the agencies by clearing and settlement system operators; banking organizations; investment banking firms; industry associations; technology companies; Federal, State and local officials; and other interested parties and are summarized below. After reviewing the comments and continuing their dialogue with interested persons, the agencies are issuing this revised final interagency paper. --------------------------------------------------------------------------- \1\ 67 FR 56835, September 5, 2002. --------------------------------------------------------------------------- The sound practices identified in the paper are intended to supplement the agencies' respective policies and other guidance on business continuity planning by financial institutions. The sound practices focus on establishing robust back-up facilities for those back-office activities necessary to recover clearance and settlement activities for the wholesale financial system in times of serious disruption and therefore do not address issues relating to trading operations or to retail financial services. The agencies are not recommending that firms move their primary offices, primary operating sites, or primary data centers out of metropolitan locations. The agencies expect organizations that fall within the scope of this paper to adopt the sound practices within the specified implementation timeframes, as described in more detail in the paper. Summary of Comments The commenters generally support the agencies' efforts to improve the resilience of the financial markets and agree with the goals outlined in the draft white paper. Most commenters agree with the sound practices in principle, but propose a number of modifications and clarifying changes to the document. In general, the commenters prefer that the agencies retain a ``sound practices paper format'' rather than adopt a regulatory approach that could be susceptible to a ``one size fits all'' application. They also ask that the agencies coordinate supervisory expectations with each other and with other regulatory authorities as necessary to assure a consistent approach. There was broad consensus with the goal of ensuring that key organizations in critical financial markets are able to recover clearing and settlement activities in the event of a wide-scale disruption as rapidly as possible. Commenters agree with the definitions of critical financial markets and critical activities, but ask that the agencies make clear that the sound practices apply to back-office operations and not to trading activities or retail products. They also believe that the description of core clearing and settlement organizations is sufficient. Commenters ask for additional guidance to assist in identifying firms that play significant roles in critical financial markets and generally agree that a market share benchmark should be established; a few commenters recommend adopting a dollar volume benchmark. A few commenters suggest that benchmarks should vary by market based on the amount of concentration of key participants in the critical financial markets. Some commenters note the importance of firms being able to self-determine whether they fall into a particular category for a critical financial market, while others ask that the agencies contact organizations that appear to meet the definition for core clearing and settlement organizations or firms that play significant roles in critical markets. Several commenters acknowledge that the sound practices would effectively raise market expectations with respect to the resilience of all financial firms. A number of commenters state that the description of a wide-scale, regional disruption should include parameters for a range of probable events (e.g., power disruption, natural disaster) and include the expected duration of the outage (e.g., 5, 10, or 30 days). Other commenters note that such specification is unnecessary. The commenters agree that a within-the-business-day recovery and resumption objective for core clearing and settlement organizations is appropriate and acknowledge that a two-hour recovery time objective is an achievable goal, although somewhat aggressive for some because of the volume and complexity of transaction data involved. There is general consensus that the end-of-business-day recovery objective is achievable for firms that play significant roles in critical markets, although many state that this is possible only if firms are able [[Page 17810]] to utilize synchronous data storage technologies, which can limit the extent of geographic separation between primary and back-up sites. A number of commenters note that a recovery time objective of four hours is unrealistic unless core clearing and settlement organizations and the telecommunications infrastructure are operating. \2\ Some commenters suggest that recovery and resumption time objectives should vary by type of market. Other commenters note that further guidance on the definitions of an ``event'' and ``end-of-business day'' is needed to help ensure meaningful recovery and resumption time objectives. --------------------------------------------------------------------------- \2\ Many commenters state that the recovery of financial systems can only be achieved if the telecommunications infrastructure is up and running across the nation. Firms identify a number of industry efforts to explore common infrastructure issues and possible solutions to ensure diversity of circuit routing and other reliability issues. Commenters raising this issue ask the agencies to continue to raise the issue of telecommunications infrastructure resilience with federal and state agencies, including the Federal Communications Commission, the National Security Telecommunications Advisory Committee and the Department of Homeland Security. The agencies are taking numerous actions to help direct attention to improving the resilience of the telecommunications infrastructure. --------------------------------------------------------------------------- A number of commenters support the concept of establishing back-up sites for operations and data centers that do not rely on the same infrastructure and other risk elements as primary sites and note that such diversification of risk is a long-standing principle of business continuity planning for financial firms. Most commenters oppose establishing any minimum distance requirement between primary and back- up facilities, citing the need for sufficient flexibility to manage costs effectively and allow for technological improvements. A few commenters believe that establishing minimum separation is appropriate and achievable. A number of commenters express concern that out-of- region back-up sites, including those of third-party service providers, often are geographically concentrated, creating additional risk in the event of a targeted attack or wide-scale disruption affecting those areas. Some commenters ask for additional guidance on how to address various infrastructure components, such as water supply sources. A few commenters indicate that they are exploring overseas locations as part of their recovery and resumption solutions and ask for some assurances that domestic and foreign financial authorities will permit such arrangements. Commenters note that firms should be permitted to address critical staffing needs sufficient to recover from a wide-scale disruption, but should not be required to maintain a separate redundant staff at their back-up locations, which would be costly and inefficient. Others advocate maintaining a back-up site with staff able to perform critical clearing and settlement activities routinely (through two or more active production sites) or on an emergency basis (e.g., through cross- training staff). Commenters state that permitting firms to adopt a risk-based approach to planning geographically dispersed back-up arrangements would allow institutions to focus on those scenarios that pose the greatest threat and manage labor needs more effectively. Most commenters agree that routine use or testing of back-up facilities is necessary and beneficial to ensure financial system viability. They also suggest that testing should be ``end-to-end'' involving telecommunication firms, third-party service providers, and securities exchanges. A majority of commenters state that plans to meet sound practices could be developed within a year after the agencies issue their final views. There is general consensus that sound practices can be implemented over a relatively short (two to three year) time period, if the agencies provide sufficient flexibility to accommodate the unique risk profile and planning and investment cycles of each institution. Commenters note that extending implementation schedules would help to mitigate the costs of building greater resilience into business continuity arrangements, although there was also recognition that the post-September 11 risk environment requires that achievement of the sound practices needs to be accomplished within a reasonably short time frame by peer firms. Some commenters warn that strict application of the sound practices or establishment of minimum distance and staffing requirements could require firms to bear excessive costs with the result that some might exit particular markets, leading to further concentration, decreased liquidity, and higher overall costs for participants in those markets. Several commenters expressed concern that the sound practices might result in significant employment losses and other negative impacts on the economy and tax base of the New York City metropolitan area. Virtually all commenters state that the core clearing and settlement organizations should establish more aggressive implementation timetables than other firms. Commenters also recognize that firms should set implementation benchmarks in their plans to assess progress. Some commenters assert that the incremental cost of achieving the sound practices should be subsidized, all or in part, by the government. The agencies have incorporated many of the suggestions that were made by the commenters. The revised paper is more succinct, and generally provides more flexibility to firms in managing geographic diversity of back-up facilities, staffing arrangements, and cost- benefit considerations. It also provides more specificity as to the scope of application of the sound practices as well as the implementation guidelines. No specific mileage requirements or technology solutions are mandated. Accordingly, the agencies are issuing this final version of the interagency paper on sound practices to strengthen the resilience of the U.S. financial system. Interagency Paper on Sound Practices To Strengthen the Resilience of the U.S. Financial System Introduction and Background The Federal Reserve, the Office of the Comptroller of the Currency, and the Securities and Exchange Commission (the agencies) are issuing this Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System to advise financial institutions on steps necessary to protect the financial system in light of the new risks posed by the post-September 11 environment. The sound practices build upon long-standing principles of business continuity planning and reflect actions identified by industry members that will strengthen the overall resilience of the U.S. financial system in the event of a wide- scale disruption. The agencies have identified broad industry consensus on three business continuity objectives that have special importance after September 11 for all financial firms. The agencies also have identified sound practices that focus on minimizing the immediate systemic effects of a wide-scale disruption on critical financial markets. The sound practices focus on the appropriate back-up capacity necessary for recovery and resumption of clearance and settlement activities for material open transactions in wholesale financial markets. They do not address the recovery or resumption of trading operations or retail financial services. The agencies are not recommending that firms move their primary offices, primary operating sites, or primary data centers out of metropolitan locations, and understand that there are important business and [[Page 17811]] internal control reasons for financial firms to maintain processing sites near financial markets and their own headquarters. The agencies also recognize that achieving the sound practices could be a multi-year endeavor for some firms and that it is not necessary or appropriate to prescribe any specific technology solution or limit a firm's flexibility to implement the sound practices in a manner that reflects its own risk profile. The sound practices discussed in this paper supplement the agencies' respective policies and other guidance on business continuity planning. Post-September 11 Business Continuity Objectives During discussions about the lessons learned from September 11, industry participants and others agreed that three business continuity objectives have special importance for all financial firms and the U.S. financial system as a whole: [sbull] Rapid recovery and timely resumption of critical operations following a wide-scale disruption; [sbull] Rapid recovery and timely resumption of critical operations following the loss or inaccessibility of staff in at least one major operating location; and [sbull] A high level of confidence, through ongoing use or robust testing, that critical internal and external continuity arrangements are effective and compatible. The events of September 11 underscored the fact that the financial system operates as a network of interrelated markets and participants. The ability of an individual participant to function can have wide- ranging effects beyond its immediate counterparties. Because of the interdependent nature of the U.S. financial markets, all financial firms have a role in improving the overall resilience of the financial system. It therefore is appropriate for all financial firms to review their business continuity plans and incorporate these three broad business continuity objectives to the fullest extent practicable. In striking an appropriate balance between the new set of risks posed in the post-September 11 environment and the costs involved in planning for wide-scale disruptions, financial firms should incorporate these new and continuing risks into their assessment of their unique characteristics and risk profiles. Firms also should continue to improve upon short-term measures that have been instituted since September 11 and develop longer-term business recovery plans where gaps are identified. Definitions The resilience of the U.S. financial system in the event of a ``wide-scale disruption'' rests on the rapid ``recovery'' and ``resumption'' of the ``clearing and settlement activities'' that support ``critical financial markets.'' Some organizations, namely ``core clearing and settlement organizations'' and ``firms that play a significant role in critical financial markets,'' present a type of ``systemic risk'' to the U.S. financial system should they be unable to recover or, in some instances, resume clearing and settlement activities that support those markets. These terms and organizations are defined below. Wide-Scale Disruption. A wide-scale disruption is an event that causes a severe disruption or destruction of transportation, telecommunications, power, or other critical infrastructure components across a metropolitan or other geographic area and the adjacent communities that are economically integrated with it; or that results in a wide-scale evacuation or inaccessibility of the population within normal commuting range of the disruption's origin. Systemic Risk. Systemic risk includes the risk that the failure of one participant in a transfer system or financial market to meet its required obligations will cause other participants to be unable to meet their obligations when due, causing significant liquidity or credit problems or threatening the stability of financial markets.\3\ Given the complex interdependencies of markets and among participants, thorough preparations by key market participants will reduce the potential that a sudden disruption experienced by one or a few firms will cascade into market-wide liquidity dislocations, solvency problems, and severe operational inefficiencies.\4\ --------------------------------------------------------------------------- \3\ The use of the term ``systemic risk'' in this paper is based on the international definition of systemic risk in payments and settlement systems contained in ``A glossary of terms in payment and settlement systems,'' Committee on Payment and Settlement Systems, Bank for International Settlements (2001). \4\ Under adverse market conditions or in the event of credit concerns about institutions, liquidity dislocations of the type experienced immediately after September 11 could be seriously compounded. --------------------------------------------------------------------------- Critical Financial Markets. Critical financial markets provide the means for banks, securities firms, and other financial institutions to adjust their cash and securities positions and those of their customers in order to manage liquidity, market, and other risks to their organizations. Critical financial markets also provide support for the provision of a wide range of financial services to businesses and consumers in the United States. Certain markets, such as the federal funds and government securities markets, also support the implementation of monetary policy. For purposes of this paper, ``critical financial markets'' are defined as the markets for: [sbull] Federal funds, foreign exchange, and commercial paper; [sbull] U.S. Government and agency securities; [sbull] Corporate debt and equity securities. Core Clearing and Settlement Organizations. Core clearing and settlement organizations consist of two groups of organizations that provide clearing and settlement services for critical financial markets or act as large-value payment system operators and present systemic risk should they be unable to perform. The first group consists of market utilities (government-sponsored services or industry-owned organizations) whose primary purpose is to clear and settle transactions for critical markets or transfer large-value wholesale payments. The second group of core clearing and settlement organizations consists of those private-sector firms that provide clearing and settlement services that are integral to a critical market (i.e., their aggregate market share is significant enough to present systemic risk in the event of their sudden failure to carry on those activities because there are no viable immediate substitutes). Firms that Play Significant Roles in Critical Financial Markets. Firms that play significant roles in critical financial markets are those that participate (on behalf of themselves or their customers) with sufficient market share in one or more critical financial markets such that their failure to settle their own or their customers' material pending transactions by the end of the business day could present systemic risk. While there are different ways to gauge the significance of such firms in critical markets, as a guideline, the agencies consider a firm significant in a particular critical market if it consistently clears or settles at least five percent of the value of transactions in that critical market. Recovery and Resumption of Clearing and Settlement Activities. The rapid recovery and resumption of critical financial markets, and the avoidance of potential systemic risk, requires the rapid recovery of clearing and settlement activities for the purpose of completing material pending transactions on their scheduled settlement dates. These clearing and settlement activities include: [[Page 17812]] (a) Completing pending large-value payments; (b) Clearing and settling material pending transactions; \5\ --------------------------------------------------------------------------- \5\ Transactions in government securities include the purchase and sale of U.S. government bills, notes, bonds and agency securities (including mortgage-backed securities issued by Government Sponsored Enterprises), as well as repurchase and reverse repurchase agreements and triparty repurchase agreements involving U.S. government and agency securities. --------------------------------------------------------------------------- (c) Meeting material end-of-day funding and collateral obligations necessary to ensure the performance of items (a) and (b) above; (d) Managing material open firm and customer risk positions, as appropriate and necessary to ensure the performance of items (a) through (c) above; (e) Communicating firm and customer positions and reconciling the day's records, and safeguarding firm and customer assets as necessary to ensure the performance of items (a) through (d) above; and (f) Carrying out all support and related functions that are integral to performing the above critical activities. For purposes of this paper, the terms recovery (or recover) refers to the restoration of clearing and settlement activities after a wide- scale disruption; \6\ resumption (or resume) refers to the capacity to accept and process new transactions and payments after a wide-scale disruption. --------------------------------------------------------------------------- \6\ The goal of business recovery plans is the recovery of a particular activity or function and not the recovery of a disabled facility or system. --------------------------------------------------------------------------- Sound Practices The agencies have identified four broad sound practices for core clearing and settlement organizations and firms that play significant roles in critical financial markets. The sound practices are based on long-standing principles of business continuity planning in which critical activities are identified, a business impact analysis is conducted, and plans are developed, implemented, and tested. Adoption of the sound practices will help protect the financial system from the risks of a wide-scale disruption and reduce the potential that key market participants will present systemic risk to one or more critical markets because primary and back-up processing facilities and staffs are located within the same geographic region. 1. Identify clearing and settlement activities in support of critical financial markets. An organization should identify all clearing and settlement activities in each critical financial market in which it is a core clearing and settlement organization or plays a significant role. This assessment should include identification of activities or systems that support or are integrally related to the performance of clearing and settlement activities in those markets. 2. Determine appropriate recovery and resumption objectives for clearing and settlement activities in support of critical markets. For purposes of the sound practices, a recovery-time objective is the amount of time in which a firm aims to recover clearing and settlement activities after a wide-scale disruption with the overall goal of completing material pending transactions on the scheduled settlement date. Recovery-time objectives for clearing and settlement activities should be relatively consistent across critical financial markets. This promotes the compatibility of recovery plans and helps ensure that core clearing and settlement organizations and firms that play significant roles in critical financial markets will be able to participate in the financial system in times of wide-scale disruptions. Recovery-time objectives provide concrete goals to plan for and test against. They should not be regarded as hard and fast deadlines that must be met in every emergency situation. Indeed, the agencies recognize that various external factors surrounding a disruption such as time of day, scope of disruption, and status of critical infrastructure--particularly telecommunications--can affect actual recovery times.\7\ Furthermore, recovery time objectives might not be achievable following a late-day disruption without an extension of normal business hours. --------------------------------------------------------------------------- \7\ A number of firms have expressed concerns about the resilience of telecommunications and other critical infrastructure, and the current limitations on an individual firm's ability to obtain verifiable redundancy of service from such carriers. Firms that establish geographically dispersed facilities can achieve additional diversity in their telecommunications and other infrastructure services, which will provide additional resilience in ensuring recovery of critical operations. A number of financial firms are sponsoring industry-wide efforts to explore common infrastructure issues and approaches. --------------------------------------------------------------------------- Market participants agree that core clearing and settlement organizations must meet more aggressive recovery-time objectives than firms that play significant roles in critical financial markets. This is because core clearing and settlement organizations are necessary to the completion of most transactions in critical markets; accordingly, they must recover and resume their critical functions in order for other market participants to process pending transactions and complete large-value payments. It also is reasonable to assume that there will be firms that play significant roles and other market participants in locations not affected by a particular disruption that will need to clear and settle pending transactions in critical markets. Therefore, core clearing and settlement organizations should plan both to recover and resume their processing and other activities that support critical markets. In light of the large volume and value of transactions/ payments that are cleared and settled on a daily basis, failure to complete the clearing and settlement of pending transactions within the business day could create systemic liquidity dislocations, as well as exacerbate credit and market risk for critical markets. Therefore, core clearing and settlement organizations should develop the capacity to recover and resume clearing and settlement activities within the business day on which the disruption occurs with the overall goal of achieving recovery and resumption within two hours after an event.\8\ Core clearing and settlement organizations also should develop plans for communicating with participants during a disruption to facilitate their rapid recovery. --------------------------------------------------------------------------- \8\ This includes recovery of clearance and settlement activities that would normally be performed by core clearing and settlement organizations and significant firms within a particular market's business hours on the day of the disruption. These activities include inputting material transaction data or payment instructions, and performing all steps necessary to clear and complete material transactions on their regular value or settlement dates. --------------------------------------------------------------------------- The ability of firms that play significant roles in critical financial markets to recover clearing and settlement activities depends on the timing of the recovery of core clearing and settlement organizations for those markets. For planning purposes, firms should assume that core clearing and settlement organizations will recover and resume clearance and settlement activities within the business day of the disruption. Accordingly, firms that play significant roles in critical financial markets should plan to recover clearing and settlement activities for those markets as soon as possible after the core clearing and settlement organizations have recovered and resumed their operations and within the business day on which a disruption occurs. In some markets, such as wholesale payments, the banking industry has had long-established recovery benchmarks of four hours and the largest participants in the wholesale payments market have actively discussed the need for a two-hour recovery standard by such [[Page 17813]] organizations. Firms that play significant roles in the other critical financial markets should strive to achieve a four-hour recovery time capability for clearing and settlement activities in order to ensure that they will be able to meet a within the business day recovery target.\9\ --------------------------------------------------------------------------- \9\ As markets and clearance and settlement systems move toward longer operating hours, there may be less flexibility to extend processing hours. This underscores the importance of achieving recovery time objectives within the business day's normal processing periods to the fullest extent possible. It also underscores the importance of ensuring that internal processes can be performed in the event that business hours are extended beyond midnight. --------------------------------------------------------------------------- 3. Maintain sufficient geographically dispersed resources to meet recovery and resumption objectives. Recovery of clearing and settlement activities within target times during a wide-scale disruption generally requires an appropriate level of geographic diversity between primary and back-up sites for back-office operations and data centers. The agencies do not believe it is necessary or appropriate to prescribe specific mileage requirements for geographically dispersed back-up sites. It is important for firms to retain flexibility in considering various approaches to establishing back-up arrangements that could be effective given a firm's particular risk profile. However, long- standing principles of business continuity planning suggest that back- up arrangements should be as far away from the primary site as necessary to avoid being subject to the same set of risks as the primary location. Back-up sites should not rely on the same infrastructure components (e.g., transportation, telecommunications, water supply, and electric power) used by the primary site. Moreover, the operation of such sites should not be impaired by a wide-scale evacuation at or the inaccessibility of staff that service the primary site. The effectiveness of back-up arrangements in recovering from a wide-scale disruption should be confirmed through testing. Core clearing and settlement organizations have the highest responsibility to develop resources that permit the recovery and resumption of clearing and settlement activities within the business day. Accordingly, these organizations should establish back-up facilities a significant distance away from their primary sites. Core clearing and settlement organizations that use synchronous back-up facilities or whose back-up sites depend primarily on the same labor pool as the primary site should address the risk that a wide-scale disruption could impact either or both of the sites and their labor pool. Such organizations should establish even more distant back-up arrangements that can recover and resume critical operations within the business day on which the disruption occurs. Firms that play significant roles in critical financial markets should maintain sufficient geographically dispersed resources, including staff, equipment and data to recover clearing and settlement activities within the business day on which a disruption occurs. Firms may consider the costs and benefits of a variety of approaches that ensure rapid recovery from a wide-scale disruption.\10\ However, if a back-up site relies largely on staff from the primary site, it is critical for the firm to determine how staffing needs at the back-up site would be met if a disruption results in loss or inaccessibility of staff at the primary site. Moreover, firms that use synchronous back-up facilities or whose back-up sites depend primarily on the same labor pool as the primary site should address the risk that a wide-scale disruption could impact either or both of the sites and their labor pools. As part of their ongoing planning process, firms with such back- up arrangements should strive to develop even more distant data back-up and operational resources that prove sufficient to recover clearing and settlement activities within the business day on which the disruption occurs. The business continuity planning process should take into consideration improvements in technology and business processes supporting back-up arrangements and the need to ensure greater resilience in the event of a wide-scale disruption. Interim steps a firm may take should be compatible with the objective of establishing even more distant back-up arrangements. The agencies expect that, as technology and business processes supporting back-up arrangements continue to improve and become increasingly cost effective, firms will take advantage of these developments to increase the geographic diversification of their back-up sites. --------------------------------------------------------------------------- \10\ Examples of such arrangements range from maintaining a fully operational geographically dispersed back-up facility for data and operations to utilizing outsourced facilities in which equipment, software, and data are stored for staff to activate. Firms are addressing critical staffing issues in various ways, such as cross training, utilizing staff at underused systems to share or shift loads, rotating employees off-site, and establishing work shifts. A number of firms use outsourced back-up solutions for recovering clearing and settlement activities and data storage. However, numerous commenters expressed concern about the small number of recovery facilities, their lack of geographic diversity and the cost of ensuring availability of facilities during a wide- scale disruption. Firms that use outsourced back-up solutions should take into consideration any heightened risks that could affect access to those facilities during a wide-scale disruption. --------------------------------------------------------------------------- 4. Routinely use or test recovery and resumption arrangements. One of the lessons learned from September 11 is that testing of business recovery arrangements should be expanded. It is critical for firms to test back-up facilities with the primary and back-up facilities of markets, core clearing and settlement organizations, and third-party service providers to ensure connectivity, capacity, and the integrity of data transmission. It also is important to test back-up arrangements with major counterparties and customers, as appropriate. Such testing ensures that recovery objectives are achievable and that staff and necessary external parties are sufficiently informed. Core clearing and settlement organizations should periodically test recovery and resumption plans at all of their back-up sites. Test scenarios should include wide-scale disruptions that affect the accessibility of key staff; demonstrate the ability to recover and resume within the business day; and aim for a two-hour recovery time. Core clearing and settlement organizations should require participants to test connectivity between their primary and back-up sites and those of the core clearing and settlement organizations. They also may wish to consider organizing a broader industry stress test to ensure that recovery systems are consistently robust across critical market participants. Firms that play significant roles in critical financial markets should routinely use or test their individual internal recovery and resumption arrangements for connectivity, functionality, and volume capacity. Firms that establish back-up sites within the current perimeter of synchronous back-up technology or that rely primarily on staff at the primary site should confirm that their plans would be effective if a wide-scale disaster affects both sites. Firms also are encouraged to take advantage of testing opportunities offered by markets, core clearing and settlement organizations and third-party service providers to ensure connectivity, capacity and the integrity of data transmission. Firms are encouraged to continue to work cooperatively with their core clearing and settlement organizations and trade associations to design and schedule appropriate industry tests to ensure the compatibility of individual recovery and resumption strategies across critical markets. [[Page 17814]] Implementation of Sound Practices Cost-Benefit Considerations. The agencies recognize the importance of cost-effective business continuity planning. The costs associated with implementing the sound practices can vary substantially depending on the extent to which incremental improvements may be needed to address the risks of a wide-scale disruption. Some firms that play significant roles in critical markets may find that they need to implement only relatively minor improvements to their back-up arrangements. Other firms may find it necessary to adopt a more robust technology or upgrade software applications in order to achieve recovery objectives identified by the sound practices. To mitigate the costs of these enhancements, firms may wish to integrate them into the strategic planning process (e.g., coordinate with planned enhancements to facilities, information system components and architecture, and business processes). Firms should recognize that adoption of the sound practices will help to reassure their counterparties and customers that they can rapidly regain their ability to clear and settle transactions in critical markets. Similarly, firms participating in the financial system would enjoy greater assurance that critical market participants will be able to withstand a wide-scale disruption and meet their payment and settlement obligations, thereby minimizing the potential for cascading fails and resulting systemic risk. Firms report that market forces clearly recognize the interdependent nature of the financial system, and customers and counterparties increasingly expect firms to demonstrate their ability to continue operations should a wide-scale disruption occur. Implementation by core clearing and settlement organizations. Core clearing and settlement organizations should continue their accelerated efforts to develop, approve, and implement plans that substantially achieve the sound practices by the end of 2004. Plans should provide for back-up facilities that are well outside of the current synchronous range that can meet within-the-business-day recovery targets. On a case-by-case basis, core clearing and settlement organizations can be given additional time to complete implementation of back-up facilities that are well outside the current synchronous range, so long as they take concrete, near-term steps that result in substantially improved resilience by the end of 2004. The amount of flexibility will be measured against factors such as board of directors and senior management's commitment to approved budgets, and adherence to aggressive timetables and interim milestones. Plans should include measurable milestones to assess progress in achieving the sound practices. Implementation by firms that play significant roles in critical markets. Firms that play significant roles in critical financial markets should develop, approve and implement plans that call for substantial achievement of the sound practices as soon as practicable, but generally within three years of publication of this paper.\11\ In some cases, a firm may find it in necessary to provide for a longer implementation period in light of its respective risk profile, level of resilience, and unique business circumstances. All plans should incorporate interim milestones against which progress can be measured and should provide for ongoing consideration of the costs and benefits of achieving greater geographic diversification of back-up facilities. --------------------------------------------------------------------------- \11\ The agencies will contact each firm that appears to meet the market share thresholds and, if they conclude that the firm plays a significant role in one or more critical markets, will review the firm's plans for implementing the sound practices. The agencies also will monitor implementation of those plans. --------------------------------------------------------------------------- Role of Senior Management and Boards of Directors. The agencies believe, and industry participants confirm, that incorporation of the post-September 11 business continuity objectives and sound practices discussed in this paper raises numerous short- and long-term strategic issues that require continuing leadership and involvement by the most senior levels of management. These issues must be considered in light of a firm's dependencies on other market participants and the need to achieve a consistent level of resilience across firms. Boards of directors should review business continuity strategies to ensure that plans are consistent with the firm's overall business objectives, risk management strategies, and financial resources. Decisions about overall business continuity objectives should not be left to the discretion of individual business units. Conclusion After September 11, financial industry participants initiated a significant review of lessons learned with a view towards strengthening their business continuity plans. The agencies believe that it is important for financial firms to improve recovery capabilities to address the continuing, serious risks to the U.S. financial system posed by the post-September 11 environment. Financial industry participants have demonstrated a keen commitment to ensuring the continued viability of the U.S. financial system by strengthening their own business continuity plans to address the risk of a wide-scale disruption. Over the past year, significant short- and longer-term improvements have been made to business recovery plans. Financial industry participants recognize the importance of continuing senior management involvement in achieving the sound practices discussed in this paper. Firms also are participating in industry initiatives aimed at improving private-sector coordination and ensuring that business recovery plans are compatible and that an appropriate level of robustness is achieved among peers. The agencies recognize that achievement of the sound practices could be a multi-year endeavor for some organizations and that it is not necessary or appropriate to prescribe any specific technology solution for implementing the sound practices. The agencies urge all financial system participants to continue efforts over the long term to ensure that critical U.S. financial markets have appropriately robust recovery capabilities and can respond to a wide-scale disruption by adopting the sound practices to the fullest extent practicable. Finally, the agencies encourage financial firms that are not deemed to be a core clearing and settlement organization or a firm that plays a significant role in critical markets to review and consider implementation of the sound practices, particularly if a firm's transactions levels approach those deemed to be significant. By order of the Board of Governors of the Federal Reserve System, April 7, 2003. Jennifer J. Johnson, Secretary of the Board. Dated: April 7, 2003. John D. Hawke, Jr., Comptroller of the Currency. By the Securities and Exchange Commission. Dated: April 7, 2003. Margaret H. McFarland, Deputy Secretary. [FR Doc. 03-8896 Filed 4-10-03; 8:45 am] BILLING CODE 6210-01-P