[Federal Register Volume 67, Number 172 (Thursday, September 5, 2002)]
[Notices]
[Pages 56835-56842]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 02-22633]


-----------------------------------------------------------------------

FEDERAL RESERVE SYSTEM

[Docket No. R-1128]

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

[Docket No. 02-13]

SECURITIES AND EXCHANGE COMMISSION

[Release No. 34-46432; File No. S7-32-02]


Draft Interagency White Paper on Sound Practices to Strengthen 
the Resilience of the U.S. Financial System

AGENCIES: Board of Governors of the Federal Reserve System (Board); 
Office of the Comptroller of the Currency, Treasury (OCC); and 
Securities and Exchange Commission (SEC).

ACTION: Request for comment.

-----------------------------------------------------------------------

SUMMARY: The Federal Reserve, the Office of the Comptroller of the 
Currency and the Securities and Exchange Commission are publishing this 
draft white paper on Sound Practices to Strengthen the Resilience of 
the U.S. Financial System for comment. The New York State Banking 
Department and the Federal Reserve Bank of New York also participated 
in drafting the paper. The New York State Banking Department is issuing 
the paper separately for comment by interested persons. The federal 
agencies and the New York State Banking Department are referred to as 
the ``agencies'' in the paper. The paper discusses the views of the 
agencies on sound practices based on discussions with industry 
representatives on how the events surrounding September 11, 2001, have 
altered business recovery and resumption expectations for purposes of 
ensuring the resilience of the U.S. financial system and seeks comments 
on those views.

DATES: Comments must be received on or before October 21, 2002.

ADDRESSES: Comments should be directed to:
    Board: Comments should refer to Docket No. R-1128 and should be 
submitted to Ms. Jennifer J. Johnson, Secretary, Board of Governors of 
the Federal Reserve System, 20th Street and Constitution Avenue, NW, 
Washington, DC 20551, or mailed electronically to 
[email protected]. Comments addressed to Ms. Johnson may 
also be delivered to the Board's mail facility in the West Courtyard 
between 8:45 a.m. and 5:15 p.m., located on 21st Street between 
Constitution Avenue and C Street, NW. Members of the public may inspect 
comments in Room MP-500 of the Martin Building between 9 a.m. and 5 
p.m. on weekdays pursuant to Sec.  261.12, except as provided in Sec.  
261.14, of the Board's Rules Regarding Availability of Information, 12 
CFR 261.12 and 261.14.
    OCC: Please direct all comments concerning this paper to: Office of 
the Comptroller of the Currency, 250 E Street, SW., Public Information 
Room, Mail Stop 1-5, Washington, DC 20219, Attention: Docket No. 02-13; 
fax number (202) 874-4448; or Internet address: 
[email protected]. Due to recent temporary disruptions in the 
OCC's mail service, we encourage the submission of comments by fax or 
e-mail whenever possible. Comments may be inspected and photocopied at 
the OCC's Public Reference Room, 250 E Street, SW, Washington, DC. You 
can make an appointment to inspect comments by calling (202) 874-5043.
    SEC: All comments concerning the paper should be submitted in 
triplicate to Jonathan G. Katz, Secretary, Securities and Exchange 
Commission, 450 5th Street, NW., Washington, DC 20549-0609. Comments 
can be submitted electronically at the following E-mail address: [email protected]. All comment letters should refer to File No. S7-32-
02; this file number should be included on the subject line if E-mail 
is used. All comments received will be available for public inspection 
and copying in the Commission's Public Reference Room, 450 5th Street, 
NW., Washington, DC 20549. Electronically submitted comment letters 
will be

[[Page 56836]]

posted on the Commission's Internet Web site (http://www.sec.gov).

FOR FURTHER INFORMATION CONTACT: Board: Jeffrey Marquardt, Associate 
Director, Division of Reserve Bank Operations and Payment Systems (202) 
452-2360; or Angela Desmond, Assistant Director, Division of Banking 
Supervision and Regulation (202) 452-3497.
    OCC: Ralph Sharpe, Deputy Comptroller for Bank Technology (202) 
874-4572; or Aida Plaza Carter, Director, Bank Information Technology 
Operations (202) 874-4740.
    SEC: David Shillman, Counsel to the Director, Division of Market 
Regulation (202) 942-0072; or Peter Chepucavage, Attorney Fellow (202) 
942-0163.

SUPPLEMENTARY INFORMATION: Based on in-depth discussions with industry 
representatives, the agencies have reached certain conclusions 
regarding the necessity to assure the resilience of critical U.S. 
financial markets in the face of wide-scale, regional disruptions and 
identified a number of sound practices to strengthen the resiliency of 
the overall U.S. financial system and the respective U.S. financial 
centers. Ensuring the resilience of critical financial markets requires 
that core clearing and settlement organizations and other firms that 
play significant roles in critical financial markets, many of which 
enjoy the benefits of operating out of major financial centers, will be 
able to perform their critical activities even in the event of a wide-
scale, regional disruption.
    The agencies are seeking comment on the sound practices discussed 
below. Upon issuance of a final paper, the agencies intend to 
incorporate these sound practices into supervisory expectations or 
other forms of guidance. This paper is meant to supplement the 
agencies' respective existing policies and other guidance on business 
continuity planning by financial institutions. Because of the 
criticality of protecting the financial system after September 11, the 
sound practices focus on minimizing immediate systemic effects of wide-
scale regional disruption of critical wholesale financial markets and 
therefore do not address issues relating to retail financial services.
    Section I of this paper discusses business continuity objectives 
that have special importance after September 11 and their scope of 
application. Section II provides the agencies' preliminary conclusions 
with respect to key factors affecting the resilience of critical 
markets and activities in the U.S. financial system; sound practices to 
strengthen financial system resilience; and an appropriate timetable 
for implementing these sound practices. Section III contains a summary 
and analysis of the industry discussions that provided a basis for the 
agencies' preliminary conclusions, with a focus on private-sector 
perspectives; recovery of critical activities; confidence in recovery 
and resumption plans through use or testing; and implementation 
considerations. Section IV outlines next steps following issuance of 
the agencies' final views. Section V concludes this paper with a 
request for comment on the sound practices.

Draft Interagency White Paper on Sound Practices to Strengthen the 
Resilience of the U.S. Financial System

I. Business Continuity Objectives and Scope of Application

    The Federal Reserve, the Office of the Comptroller of the Currency, 
the Securities and Exchange Commission and the New York State Banking 
Department (the agencies) have been meeting with industry participants 
to analyze the lessons learned from the events of September 11, with a 
view towards strengthening the overall resilience of the U.S. financial 
system in the event of a wide-scale, regional disruption. This effort 
began with a set of interviews with a number of large banking and 
securities firms, clearing and settlement organizations, and payment 
system operators to identify ``what worked'' and what could be improved 
going forward. On February 13, 2002, the agencies issued a discussion 
note on lessons learned and their implications for business 
continuity.\1\ On February 26, the agencies met with a group of large 
financial firms and financial utilities to discuss these findings, 
identify areas of consensus, and exchange views on how industry members 
can act as catalysts in achieving greater internal and industry 
resilience.\2\ Out of these and a series of in-depth, follow-up 
discussions, the agencies identified broad consensus on three business 
continuity objectives that have special importance after September 11:
---------------------------------------------------------------------------

    \1\ The note is posted on each of the agencies web sites. See, 
e.g., http://www.sec.gov/divisions/marketreg/lessonslearned.htm.
    \2\ The summary is posted on each of the agencies web sites. 
See, e.g., http://www.federalreserve.gov/boarddocs/staffreports/.
---------------------------------------------------------------------------

    [sbull] Rapid recovery and timely resumption of critical operations 
following a wide-scale, regional disruption;
    [sbull] Rapid recovery and timely resumption of critical operations 
following the loss or inaccessibility of staff in at least one major 
operating location; and
    [sbull] A high level of confidence, through ongoing use or robust 
testing, that critical internal and external continuity arrangements 
are effective and compatible.
    Based on this extensive dialogue, the agencies have reached certain 
preliminary conclusions with respect to the factors affecting the 
resilience of critical markets and activities in the U.S. financial 
system; sound practices to strengthen financial system resilience; and 
an appropriate timetable for implementing these sound practices. 
Following a public comment period, the agencies will issue in final 
form their views on sound practices for strengthening the resilience of 
the financial system in the event of a wide-scale, regional disruption. 
The agencies are issuing their views to guide financial organizations 
as they complete their reviews of business continuity plans and make 
strategic investments to strengthen their capabilities.
    The agencies view these sound practices as being most applicable to 
organizations that present a type of systemic risk should they be 
unable to recover or resume critical activities that support critical 
markets. In this context, ``systemic risk'' includes the risk that the 
failure of one participant in a transfer system or financial market to 
meet its required obligations will cause other participants to be 
unable to meet their obligations when due, causing significant 
liquidity or credit problems and threatening the stability of financial 
markets.\3\ The organizations that could present such systemic risk 
should they be unable to recover (i.e., complete) and resume (i.e., 
carry on) critical activities consist of core clearing and settlement 
organizations. Other firms that play a significant role in critical 
financial markets also could contribute to systemic risk should they be 
unable to recover critical activities. These organizations and key 
terms are described more fully below.
---------------------------------------------------------------------------

    \3\ The use of the term ``systemic risk'' in this paper is based 
on the international definition of systemic risk in payments and 
settlement systems contained in ``A glossary of terms in payment and 
settlement systems,'' Committee on Payment and Settlement Systems, 
Bank for International Settlements (2001).
---------------------------------------------------------------------------

    Critical markets provide the means for banks, securities firms, and 
other financial institutions to adjust their key cash and securities 
positions and those of their customers in order to manage significant 
liquidity, market, and other risks to their organizations. Critical 
markets also provide support for the provision of a wide range of 
financial services to businesses and consumers in

[[Page 56837]]

the United States. Certain markets such as the Federal funds and 
government securities markets also support the implementation of 
monetary policy. For purposes of this paper, ``critical markets'' are 
defined as the markets for
    [sbull] Federal funds, foreign exchange and commercial paper
    [sbull] Government, corporate, and mortgage-backed securities
    [sbull] ``Core clearing and settlement organizations'' consist of 
market utilities that provide critical clearing and settlement services 
for financial markets and large value payment system operators. Core 
clearing and settlement organizations also consist of firms that 
provide similar critical clearing and settlement services for critical 
financial markets in sufficient volume or value to present systemic 
risk in their sudden absence, and for whom there are no viable 
immediate substitutes.
    [sbull] ``Firms that play significant roles in critical financial 
markets'' are those that participate in sufficient volume or value such 
that their failure to perform critical activities by the end of the 
business day could present systemic risk. There are different ways to 
gauge the significance of such firms in critical markets. The agencies 
believe that many if not most of the 15-20 major banks and the 5-10 
major securities firms, and possibly others, play at least one 
significant role in at least one critical market. In the context of 
these sound practices, the agencies are considering the benefit of 
providing additional guidance (e.g., in terms of market-share or 
dollar-value thresholds) to help firms identify the category into which 
they fall for the specific activities they perform.
    For purposes of these sound practices, a ``wide scale, regional 
disruption'' is one that causes a severe disruption of transportation, 
telecommunications, power, or other critical infrastructure components 
across a metropolitan or other geographic area and its adjacent 
communities that are economically integrated with it; or that results 
in a wide-scale evacuation or inaccessibility of the population within 
normal commuting range of the disruption's origin.

II. Resilience of Critical Markets and Activities in the U.S. Financial 
System and Sound Practices

A. Resilience of Critical Markets and Activities in U.S. Financial 
System

    Critical Markets. The resilience of the U.S. financial system in 
the event of a wide-scale, regional disruption rests on the rapid 
recovery and resumption of critical financial markets defined above and 
the activities that support them.
    Recovery of Critical Activities. The rapid restoration of critical 
financial markets, and the avoidance of potential systemic risk, 
requires firms that play significant roles in those markets to recover 
business processes and functions sufficient to complete critical 
activities by the end of each business day. These critical activities 
are:
    (a) Completing pending large-value payment instructions;
    (b) Clearing and settling material pending transactions;
    (c) Meeting material end-of-day funding and collateral obligations 
necessary to assure the performance of items (a) and (b) above;
    (d) Managing material open firm and customer risk positions, as 
appropriate and necessary to assure the performance of items (a) 
through (c) above;
    (e) Communicating firm and customer positions necessary to assure 
the performance of items (a) through (d) above, reconciling the day's 
records, and safeguarding firm and customer assets; and
    (f) Performing all support and related functions that are integral 
to the above critical activities.
    Recovery and Resumption of Critical Activities. The rapid 
resumption of critical financial markets requires that core clearing 
and settlement organizations be able to recover and resume within the 
business day the critical activities they perform that support the 
recovery of critical markets. These include the recovery of critical 
activities discussed above as well as the resumption of:
    (a) Processing new large-value payment instructions;
    (b) Clearing and settling material new transactions;
    (c) Managing material ongoing funding and collateral requirements 
necessary to assure the performance of items (a) and (b) above;
    (d) Managing material ongoing firm and customer risk positions, as 
appropriate and necessary to assure the performance of items (a) 
through (c) above;
    (e) Communicating changes in firm and customer positions necessary 
to assure the performance of items (a) through (d) above, reconciling 
the day's records, and safeguarding firm and customer assets; and
    (f) Performing all support and related functions that are integral 
to the above critical activities.

B. Sound Practices to Strengthen U.S. Financial System Resilience

    The agencies have identified the following sound practices for core 
clearing and settlement organizations and other firms that play 
significant roles in critical financial markets. The sound practices 
address the risks of a wide-scale, regional disruption and strengthen 
the resilience of the financial system. They also reduce the potential 
for a regional disruption to have an undue impact on one or more 
critical markets because primary and back-up processing facilities and 
staffs are concentrated in a particular geographic region.
    1. Identify critical activities. Core clearing and settlement 
organizations and other firms that play significant roles in critical 
financial markets should identify all the critical activities they 
perform in support of critical markets.
    2. Determine the appropriate recovery and resumption objectives. 
Firms that play significant roles in critical financial markets should, 
at a minimum, plan to recover on the same business day the critical 
activities they perform that support the recovery of critical markets. 
In fact, an emerging industry objective appears to be for firms that 
play significant roles in critical financial markets generally to set a 
recovery-time target of no later than four hours after the event. Core 
clearing and settlement organizations should plan both to recover and 
to resume fully within the day their critical activities that support 
critical financial markets. An emerging industry objective appears to 
be for such organizations generally to set a resumption-time target no 
later than two hours after the event.
    3. Maintain sufficient out-of-region resources to meet recovery and 
resumption objectives. Firms that play significant roles in critical 
markets, at a minimum, should have back-up arrangements with sufficient 
out-of-region staff, equipment, and data to recover their critical 
activities within their recovery-time objectives.\4\ These arrangements 
can range from a firm establishing its own out-of-region back-up 
facility for data and operations, to arranging for the use of remote 
outsourced facilities. The objective is to minimize the risk that a 
primary and a back-up site, and their respective labor pools, could 
both be impaired by a single wide-scale, regional disruption, including 
one centered somewhere in between them. Core clearing and settlement 
organizations should have sufficient out-of-region resources both to

[[Page 56838]]

recover and to resume fully their critical activities within their 
recovery and resumption-time objectives. Although there may be a 
variety of approaches that could be effective, out-of-region back-up 
locations should not be dependent on the same labor pool or 
infrastructure components used by the primary site, and their 
respective labor pools should not both be vulnerable to simultaneous 
evacuation or inaccessibility. Infrastructure components include 
transportation, telecommunications, water supply and electric power.
---------------------------------------------------------------------------

    \4\ The agencies are not recommending as a sound practice that 
firms move their primary sites out of center-city locations. There 
are many important business and internal control reasons for having 
processing sites near financial markets and firms' headquarters. It 
is the separation between primary and alternative processing sites 
that is important in promoting resilience.
---------------------------------------------------------------------------

    4. Routinely use or test recovery and resumption arrangements. 
Firms that play significant roles in critical financial markets and 
core clearing and settlement organizations should routinely use or test 
their individual internal recovery and resumption arrangements for 
required connectivity, functionality, and volume capacity. Such 
institutions should also work cooperatively to design and to schedule 
appropriate cross-organization tests to assure the compatibility of 
individual recovery and resumption strategies within and across 
critical markets.

C. Timetable for Developing Plans and Implementing Sound Practices

    Firms should be enhancing their business continuity plans to 
address wide-scale, regional disruptions, including adoption of 
implementation plans to achieve these sound practices. To the extent 
that these sound practices require revisions of the plans, they should 
be completed as soon as possible and no later than 180 days after the 
agencies issue their final views. The agencies recognize that firms 
that play significant roles in critical financial markets are in 
different stages of their planning and investment cycles regarding new 
facilities, technology, staffing, and business processes. Furthermore, 
some have built, or are in the process of establishing, back-up sites 
or other arrangements that, while improving resilience, may not be 
fully consistent with these sound practices. Given their different 
circumstances, it may take some firms longer than others to implement 
all of these sound practices in a cost-effective manner. Accordingly, 
while the agencies recognize the need for some flexibility in 
implementation timetables, firms nevertheless should strive to achieve 
these sound practices as soon as practicable. All core clearing and 
settlement organizations, however, should begin to implement plans to 
establish out-of-region back-up resources within the next year.

III. Summary and Analysis of Industry Discussions

A. Private-Sector Perspectives

    The events of September 11 underscored the fact that the financial 
system operates as a network of interrelated markets and participants. 
The behavior of an individual participant can have a wide-ranging 
effect beyond its immediate counterparties. Firms agreed that all 
participants in the financial system should strive to incorporate the 
three business continuity objectives into their plans; however, they 
also made clear that ``one size does not fit all.'' There was agreement 
that some critical activities, including safeguarding and transferring 
funds and financial assets, are so vital to the operation of the 
financial system that they should continue with minimal disruption, 
even in the event of a wide-scale, regional disruption.
    All firms recognize the importance of critical financial markets to 
their own operations and to the financial system overall in the event 
of a wide-scale, regional disruption. Core clearing and settlement 
organizations play a particularly crucial role in permitting firms and 
markets that are affected by the event to recover and resume operations 
as well as in permitting firms and markets that are unaffected to 
continue to operate. For example, in order for firms affected by a 
disruption to recover critical activities by the end of the day, 
including clearing and settling pending transactions, clearing and 
settlement organizations must themselves be able to recover and resume 
operations within the day. In addition, if some firms are unaffected by 
the disruption and are able to support the continued operation of 
critical markets to some degree, clearing and settlement organizations 
must be able to conduct operations. If clearing and settlement 
organizations are not able to operate in such circumstances, they 
likely will contribute to the amplification of potential systemic 
risks. For core clearing and settlement organizations, the dimensions 
of this systemic risk would likely be national and even international. 
As a result of these considerations, core clearing and settlement 
organizations recognize that in the event of a wide-scale, regional 
disruption they must be able to both recover and fully resume critical 
activities within the day, and typically within a very limited period 
of time. Firms that play significant roles in critical financial 
markets also should meet high recovery standards.
    The agencies have found that industry participants generally 
recognize their respective roles in improving the overall resilience of 
the financial system and have made it a priority to complete internal 
preparations, share information and coordinate efforts. Firms indicated 
that economic trades-offs and competitive considerations exist in 
making strategic decisions about business continuity that require the 
continuing leadership of senior management and should not be left to 
the discretion of individual business units.

B. Recovery of Critical Activities

    Business continuity plans address a variety of issues, including 
emergency response procedures assuring the safety of personnel, 
effective internal and external communications, and implementation of 
business recovery and business resumption strategies. The business 
continuity planning process involves a careful enterprise-wide 
analysis, including an assessment of the impact of an unexpected 
disruption of business processes and associated risks. Among other 
things, plans are designed to manage those risks by arranging for the 
recovery of critical activities to permit an orderly resolution of 
outstanding obligations. Firms also are expected to monitor their 
business continuity risks by testing and updating plans 
periodically.\5\
---------------------------------------------------------------------------

    \5\ There are numerous sources of information on sound practices 
for business continuity planning. See, e.g. www.thebci.org; http://www.business-continuity.com; www.bsi-global.com.
---------------------------------------------------------------------------

    Business recovery preparations enable a firm to recover the 
operation of a disrupted business process or function in order to 
manage firm and customer risks.\6\ At a minimum this includes recovery 
of those ``critical activities'' necessary to permit the clearance and 
settlement of pending transactions; management and reconcilement of 
firm and customer positions; completion of the day's large value 
payments; and arranging for collateral or end-of-day funding. This also 
includes recovery of activities or systems that support or are 
integrally related to the performance of these critical business 
processes or functions. Business recovery preparations related to these 
critical activities are crucial to the smooth operation of the 
financial system. Given the complex interdependencies of markets and 
among participants, thorough preparations reduce the

[[Page 56839]]

potential that a sudden disruption experienced by a few firms will 
cascade into market-wide inefficiencies and liquidity dislocations.\7\ 
All firms recognize that business recovery is a core element of more 
comprehensive business continuity plans.
---------------------------------------------------------------------------

    \6\ The goal of business recovery plans is the recovery of a 
particular activity or function, and not the recovery of a disabled 
facility or system. The goal of business resumption is the effecting 
and processing of new transactions after old transactions have been 
completed.
    \7\ Under adverse market conditions or in the event of credit 
concerns about institutions, liquidity dislocations of the type 
experienced immediately after September 11 could be seriously 
compounded.
---------------------------------------------------------------------------

    In discussions with industry members, firms often stated that the 
financial system is only as strong as its ``weakest link.'' Each firm 
has to ensure that its business continuity plans provide robust 
business recovery arrangements for the activities it performs that are 
critical to the smooth functioning of the financial system: wholesale 
payments processing, and clearance and settlement of money market 
instruments, government securities, foreign exchange, commercial paper 
and other corporate securities. Industry participants also recognize 
that core clearing and settlement organizations represent potential 
single points of failure in the financial system and therefore have the 
greatest responsibility for ensuring that they can recover and fully 
resume those activities in a timely manner. They also believe that 
firms that are significant participants in one or more critical markets 
or that effect a substantial volume or value of wholesale payments 
should develop robust recovery plans for critical activities in the 
event of a wide scale disruption when their primary sites and staffs 
may be inaccessible for some duration.
    Once a firm identifies its critical business functions and 
processes, it must establish recovery-time targets sufficient to ensure 
that it can carry out those functions and processes in a manner that 
will result in minimal disruption to the financial system. This 
facilitates the compatibility of recovery plans across firms and helps 
assure firms are able to participate in the financial system in times 
of wide-scale, regional disruptions. A number of firms stated that 
current technology permits recovery-time targets of between one to four 
hours for many critical activities, even when factoring in the 
possibility of needing to reconstruct lost data.
    In establishing recovery targets for critical activities, firms are 
coordinating their plans with the expectations of their respective core 
clearing and settlement organizations and peers. Some payment systems 
already have established robust recovery targets. Core clearing and 
settlement organizations are holding themselves to an intra-day 
recovery target--generally a few hours--and it is expected that 
technology will continue to improve upon those recovery times. Some 
also have, or are establishing, recovery times for their participants 
and, in such cases suggest that firms establish no later than end-of-
day recovery targets. For example, wholesale payment systems have 
typically required participants to recover from a disruption in less 
than four hours, and many firms, including the payment systems 
themselves, are now able to achieve recovery times of substantially 
less than two hours.
    Industry members generally agree that recovery of critical 
activities and processes during a wide-scale, regional disruption 
requires establishment of some level of out-of-region arrangements for 
critical operations and the personnel and data that support them. The 
objective of establishing out-of-region arrangements is to minimize the 
risk that a primary site and a back-up site, and their respective labor 
pools could be impaired by a single, wide-scale, regional disruption. 
Although there may be other approaches that could be effective, firms 
generally agree that out-of-region locations should not be dependent on 
the same labor pool or infrastructure components used by the primary 
site and should not be affected by a wide-scale evacuation or the 
inaccessibility of the region's population. Examples of such 
arrangements include a fully operational out-of-region back-up facility 
for data and operations,\8\ and utilizing outsourced facilities in 
which equipment, software and data are stored for staff to activate. 
With this in mind, certain core clearing and settlement organizations, 
which are widely expected to recover and resume operations at full 
capacity indefinitely, and other firms that play significant roles in 
critical financial markets are establishing remote back-up facilities, 
in some cases hundreds or even thousands of miles away from the primary 
site. Some firms that already have a national or multi-region presence 
are planning to utilize out-of-region offices to establish back-up 
sites. Many are finding that there is the potential to achieve out-of-
region staffing and system efficiencies by cross training staff or 
utilizing underused systems to share or shift loads. Other firms that 
play significant roles in markets or in effecting payments also are 
developing remote arrangements to ensure that they can recover critical 
data and operations during a wide-scale outage within expected recovery 
time targets. A number of firms in the process of identifying 
appropriate recovery arrangements stated that the events of September 
11 have underscored the importance of building recovery strategies and 
capacities into their basic business processes.\9\
---------------------------------------------------------------------------

    \8\ Generally referred to as ``hot'' sites, these facilities are 
fully equipped with hardware and software necessary to perform 
critical business functions and provide access to replicated data. 
This approach allows a firm to recover a function in minutes to a 
few hours depending on the integrity of the data.
    \9\ A number of firms have expressed concerns about the 
reliability of telecommunications and other infrastructure 
providers, and the current limitations on an individual firm's 
ability to obtain verifiable redundancy of service from such 
carriers. Firms that have out-of-region facilities obtain additional 
diversity in their telecommunications and other infrastructure 
services that provide additional resilience in ensuring recovery of 
critical operations. Individual financial firms are also launching 
industry-wide efforts to explore common infrastructure issues and 
approaches.
---------------------------------------------------------------------------

    Recovery plans must anticipate the need to have sufficient trained 
staff located at or near the back-up site to meet recovery objectives 
and plans for resuming a critical function at normal volumes for an 
extended duration. Firms are staffing remote back-up sites in a variety 
of practical and cost-effective ways. For example, firms operating 
active back-up sites often have full-time staffs who regularly perform 
the critical activities. Other firms plan to cross-train staff already 
located at remote sites so that they are able to assume responsibility 
for performing more critical back-up operations during an outage at the 
primary site. Firms that outsource their business resumption facilities 
to an out-of-region facility may have some staff located there. In 
general, firms that establish out-of-region facilities recognize that 
relocating employees is useful during the start-up/training period of 
developing a facility; however, it may be necessary to develop and 
maintain ``local talent'' to operate these facilities in the event of 
an extended outage and loss or inaccessibility of staff at the primary 
site. Some firms do not have sufficient volumes to warrant establishing 
geographically remote back-up facilities capable of providing full 
resumption over the near term. Nevertheless, many are taking steps to 
provide for the out-of-region recovery of transactional data and other 
resources to complete critical activities within target recovery times.
    Ensuring that back-up facilities have access to current data is a 
critical component of business recovery. Firms recognize that out-of-
region facilities fall beyond the current distance capacity of some 
high-volume, synchronous

[[Page 56840]]

mirrored disk back-up technology,\10\ and those establishing such 
facilities are taking a number of steps to minimize the potential for 
losing data in transit. For example, a number of firms are transmitting 
data continuously to local and remote back-up data centers resulting in 
multiple back-up databases. Others are sending more frequent batches to 
their remote back-up sites or to data storage locations electronically. 
Some firms maintain multiple replicas of their databases at various 
locations that can be accessed for production and other uses. In 
addition, a number of firms are establishing active back-up 
arrangements that permit the primary site automatically to shift 
production with little or no staff involvement, providing a very rapid 
recovery capability. These steps can significantly reduce the amount of 
time it takes to recover lost transactions and improve the ability of a 
firm to recover the function or process. Technology is evolving rapidly 
in this area; for example, software and hardware innovations are 
expected to provide the ability to maintain synchronous databases at 
even longer distances. Some firms are establishing systems and business 
strategies that permit the use of continued improvements in technology 
to achieve the greatest geographical diversity practicable.
---------------------------------------------------------------------------

    \10\ Estimates of the distance limitations of such technology 
typically range from 60-100 km.
---------------------------------------------------------------------------

    Sound planning includes developing flexible plans that incorporate 
alternative recovery and resumption arrangements. These plans often can 
be activated to respond to more commonly experienced contingencies that 
affect fairly small geographic areas and were the subject of most plans 
before September 11. For example, some firms that require real-time 
data back-up have or are establishing in-region back-up sites that 
employ synchronous technology and are easily accessible in situations 
that do not involve a wide area disruption. Other examples include 
developing numerous small recovery sites that are locally accessible by 
employees and can be used to perform essential business functions; 
requiring a percentage of employees in a function to telecommute each 
day; dividing employees into shifts over a 24 hour period; and 
modifying information systems security access protocols to permit 
access to desk tops and data from home (virtual offices). These 
measures provide additional resilience in responding to a disruption in 
an appropriate and practical manner.

C. Confidence in Recovery and Resumption Plans through Use or Testing

    In responding to the events of September 11, many firms used plans 
developed during Year 2000 preparations. Although these plans worked 
well, some found that back-up data bases, facilities, contact 
information and other aspects of their plans were not sufficiently up-
to-date. As a result, firms expressed a renewed commitment to ensure 
that critical internal and external business recovery and resumption 
arrangements are effective, communicated and rehearsed by all staff on 
a regular basis. Some firms report that they are achieving a high level 
of confidence through the continuous use of two sites (i.e., 
active'active model), or by switching over to alternate facilities on a 
regular basis. Periodic testing is an important and long-standing 
component of the business continuity planning process. Firms typically 
stage tests of particular systems, processes (e.g., communications 
facilities) or business lines to limit risks inherent in tests 
utilizing production workloads. Sound practice includes designing tests 
to simulate high impact scenarios, e.g., through switch or fail over to 
back-up facilities with no advance warning.
    One of the lessons learned during September 11 is that testing of 
internal systems alone is no longer sufficient. It also is critical to 
test back-up facilities with the primary and back-up facilities of 
markets, core clearing and settlement organizations and service 
providers to ensure connectivity, capacity and the integrity of data 
transmission. Moreover, firms are planning to share back-up contact 
information and test arrangements with counterparties and important 
customers. A number of firms and trade associations also have expressed 
a willingness to participate in or sponsor industry-wide testing. As 
firms successfully complete the more limited testing discussed above, 
appropriately scaled industry-wide testing could prove beneficial. 
Discussions within the industry on possible approaches are ongoing, and 
the prospect provides an incentive for firms to complete internal 
preparations so that there can be maximum participation. One 
possibility may be to take a staged approach by organizing respective 
tests with the core clearing and settlement organizations. As 
confidence grows, end-to-end tests could be organized.

D. Implementation Considerations

    After September 11, financial firms naturally initiated a lessons 
learned process with a view towards strengthening their business 
continuity plans. Industry meetings with the agencies in February 2002 
and throughout the Spring confirmed that this process is nearing 
completion at many firms. The process has two components. First, firms 
are taking immediate steps to ensure that they address obvious gaps and 
refine plans to address near-term risks. Many are participating in 
industry initiatives aimed at improving private sector coordination and 
identifying sound practices with the intent of assuring that their 
plans are compatible with their peers. Some of these steps include 
sharing contact information; procuring alternative telecommunications 
facilities; and meeting with disaster recovery authorities to determine 
the availability of resources to facilitate business recovery 
activities. Second, firms are well along in reviewing and strengthening 
long-term strategic plans for business recovery and continuity of 
operations. A number of firms already are discussing alternative 
solutions at the most senior level to ensure that final plans are 
consistent with overall business objectives, risk management strategies 
and financial resources.
    Most firms indicate that they will complete their strategic plans 
and implementation timetables by year-end or shortly thereafter. Some 
core clearing and settlement organizations already are in the process 
of establishing out-of-region, fully staffed and operational back-up 
facilities and expect to be operational within the next year. Sound 
practice for all firms includes implementing long-range plans as soon 
as practicable in order to protect and enhance their franchise \11\ and 
promote confidence in the strength of the financial system. It also is 
important for firms that play significant roles in the financial 
markets and payments systems to ensure that their implementation plans 
are consistent with the expectations of those markets, systems and 
peers. Firms also are finding it appropriate to share information about 
the status of implementation with their core clearing and settlement 
organizations, counterparties and important customers.\12\
---------------------------------------------------------------------------

    \11\ Customers increasingly are seeking assurances that their 
financial firms have the necessary resilience to continue operations 
should a disaster occur, and firms are evaluating the resilience of 
counterparties for purpose of initiating or continuing business 
relationships.
    \12\ One way for firms to share such information is to provide 
periodic progress reports on the implementation of business recovery 
and resumption arrangements to their utilities and others who are 
dependent upon the strength of their business continuity 
arrangements for critical activities, including customers, 
counterparties and vendors.

---------------------------------------------------------------------------

[[Page 56841]]

IV. Next Steps

    Financial industry participants, and in particular those firms that 
were affected directly or indirectly by the September 11 attacks, are 
committed to ensuring the continued viability of the U.S. financial 
system by strengthening their own business continuity plans and 
improving the resilience of domestic markets and payments systems in 
the event of a wide-scale, regional disruption. Many firms are taking 
steps to integrate the broader objectives discussed above into their 
business continuity plans while balancing the costs associated with 
achieving same-day recovery capabilities for critical activities. Core 
clearing organizations are exploring their intra-day business 
resumption capabilities. It is important to ensure that plans are 
flexible enough to incorporate evolving technologies that provide 
greater resilience of critical business functions and processes.
    The agencies believe that the lessons of September 11 are relevant 
to all financial system participants. Accordingly, it is incumbent upon 
all firms to determine the extent to which it would be practicable to 
achieve the broader business recovery objectives for critical 
activities in the near future. To the extent that these sound practices 
require revisions of the plans, firms should largely complete the 
planning process, including adoption of implementation plans, no later 
than 180 days after issuance of the agencies' final views and implement 
them as soon as practicable. The agencies recognize that firms that 
play significant roles in critical financial markets are in different 
stages of their planning and investment cycles regarding new 
facilities, technology, staffing, and business processes. Furthermore, 
some have built, or are in the process of establishing, back-up sites 
or other arrangements that, while improving resilience, may not be 
fully consistent with these sound practices. Given their different 
circumstances, it may take some firms longer than others to implement 
all of these sound practices in a cost-effective manner. Accordingly, 
while the agencies recognize the need for some flexibility in 
implementation timetables, firms that play significant roles in 
critical markets nevertheless should strive to achieve these sound 
practices as soon as practicable. All core clearing and settlement 
organizations, however, should begin to implement plans to establish 
out-of-region back-up resources within the next year. Meeting these 
planning and implementation goals will require the continued oversight 
and commitment of senior management.
    The agencies will expect core clearing and settlement organizations 
and other financial firms that play a significant role in critical 
financial markets to adopt the sound practices outlined in this paper. 
Furthermore, the agencies intend to incorporate these sound practices 
into supervisory expectations or other forms of guidance for purposes 
of reviewing the overall adequacy of those portions of business 
continuity plans that address the recovery of critical activities 
necessary to ensure the resilience of the financial system. Firms can 
expect the agencies to review plans for their reasonableness and to 
take a keen interest in the appropriateness of plans to address risk 
relative to the firm's position in a critical market or in effecting 
large value payments. This will include consideration of the probable 
effects a disruption of a firm's activities would have on the financial 
system. As part of their ongoing review process, the agencies will 
consider how firms identify their critical activities, the 
appropriateness of the recovery and resumption objectives they set, and 
the adequacy of their plans for achieving those objectives. The 
agencies will include consideration of whether recovery-time and 
resumption-time targets and implementation schedules are consistent 
with market and peer expectations. Finally, the agencies will review 
the firm's assessment of test plans and results to confirm that the 
firm is appropriately able to manage its business risks should a wide-
scale, regional disruption occur.

V. Request for Comments

    The agencies invite comments on the appropriate scope and 
application of the sound practices and implementation timetable 
discussed above, as well as other issues relevant to strengthening the 
resilience of the financial system in the face of wide-scale regional 
disasters. In particular the agencies invite comment in the following 
areas:
    Scope of application. Have the agencies excluded any critical 
markets? Have the agencies sufficiently defined the term ``core 
clearing and settlement organizations'' for such organizations to 
identify themselves? Have the agencies provided sufficient guidance for 
firms to determine whether they play ``significant roles in critical 
financial markets?'' Are there other measures or additional facts or 
circumstances that should be used to determine whether a firm plays a 
significant role or acts as a core clearing organization? Should the 
agencies establish an average daily dollar volume (e.g., $20 billion, 
$50 billion, $150 billion or some larger amount) or a market share test 
(e.g., 3, 5, 7, 10 percent market share or some larger amount) as a 
benchmark for either or both of these categories? Should such 
benchmarks differ by market or activity? In some market segments, there 
are geographic concentrations of primary and back-up facilities of 
firms with relatively small market shares. Should sound practices take 
into consideration the geographic concentration of the back-up sites of 
firms that as a group could play a significant role in critical 
markets?
    One of the reasons core clearing organizations are expected to 
recover and resume is that there are no effective substitutes that can 
assume their critical activities; is this also true for some or all 
firms that play significant roles in critical markets? Should any firms 
that play significant roles in critical markets be required to meet an 
intra-day standard for recovery and resumption because of the size of 
their market share or volume, or the significance of the services they 
perform for other firms (e.g. as a correspondent bank or clearing 
broker) in clearing and settling material amounts of transactions and 
large-value payments?
    Does the paper's definition of a ``wide-scale, regional 
disruption'' provide sufficient guidance for planning for wide-scale, 
regional disruptions? Is there a need to provide some sense of duration 
of a wide-scale, regional disruption? If so, what should it be?
    Recovery and Resumption of Critical Activities. Have the agencies 
identified the critical activities needed to recover and resume 
operation in critical markets? Is there a need to define the term 
``material'' in this context? If so, what should be used?
    Sound practice seems to require firms that play significant roles 
in critical markets to establish recovery targets of four hours after 
an event for their critical activities. Is this a realistic and 
achievable recovery-time objective for firms that play significant 
roles in critical markets? If not, what would be? Similarly, sound 
practice seems to require core clearing and settlement organizations to 
establish recovery and resumption targets of two hours for critical 
activities. Is this a realistic and achievable resumption-time 
objective for core clearing and settlement organizations? Should 
recovery- and resumption-time objectives differ according to critical 
markets?

[[Page 56842]]

    Sound practices. Have the agencies sufficiently described 
expectations regarding out-of-region back-up resources? Should some 
minimum distance from primary sites be specified for back-up facilities 
for core clearing and settlement organizations and firms that play 
significant roles in critical markets (e.g., 200-300 miles between 
primary and back-up sites)? What factors should be used to identify 
such a minimum distance? Should the agencies specify other requirements 
(e.g., back-up sites not be dependent on the same labor pools or 
infrastructure components, including power grid, water supply and 
transportation systems)? Are there alternative arrangements (i.e., 
within a region) that would provide sufficient resilience in a wide-
scale, regional disruption? What are they? Are there other arrangements 
that core clearing and settlement organizations should consider, such 
as common communication protocols, that would provide greater assurance 
that critical activities will be recovered and resumed?
    Timetable for Implementation. To ensure that enhanced business 
continuity plans are sufficiently coordinated among participants in 
critical markets, should specific implementation timeframes be 
considered? Is it reasonable to expect firms that play significant 
roles in critical financial markets to achieve sound practices within 
the next few years? Should the agencies specify an outside date (e.g. 
2007) for achieving sound practices to accommodate those firms that may 
require more time to adopt sound practices in a cost-effective manner? 
Would such distant dates communicate a sufficient sense of urgency for 
addressing the risk of a wide-scale, regional disruption?
    By order of the Board of Governors of the Federal Reserve System.

    Dated: August 29, 2002.
Jennifer J. Johnson,
Secretary of the Board.
    Dated: August 30, 2002.
John D. Hawke, Jr.,
Comptroller of the Currency.
    By the Securities and Exchange Commission.
    Dated: August 29, 2002.
Margaret H. McFarland,
Deputy Secretary.
[FR Doc. 02-22633 Filed 9-4-02; 8:45 am]
BILLING CODE 6210-01-P; 4810-33-P; 8010-01-P