The FFIEC recently issued a new Business Continuity Management Booklet (BCM Booklet) to reflect updated information technology risk practices and procedures to help examiners evaluate an entity’s BCM program. The BCM Booklet replaces the Business Continuity Planning Booklet issued in February 2015, and is part of a series of booklets that comprise the FFIEC Information Technology Examination Handbook.
In general, the BCM Booklet outlines the principles and practices for managing business continuity. It also provides guidance to help examiners determine whether a financial institution adequately addresses the risks related to the availability of critical financial products and services.
The BCM Booklet primarily focuses on assessing an entity’s resilience through an enterprise risk management (ERM) perspective that takes into account technology, business operations, testing, communication strategies, training, testing, maintenance, and issues critical to the continuity of the business entity. The FFIEC indicates that the degree of maturity, integration and documentation between the BCM and ERM processes should be assessed commensurate with an entity’s size, complexity, and risk profile.