WASHINGTON—After weeks of hurricanes and now wildfires, federally insured credit unions are being reminded they are required to have disaster recovery and business resumption plans to address all types of disruptions.
According to NCUA, a disaster preparedness program should:
- Be commensurate with the institution’s complexity of operations
- Minimize interruptions of service to members and maintain member confidence in times of emergency
- Be reviewed at least annually, and address changes in the credit union’s operations
NCUA’s Catastrophic Act Preparedness Guidelines (NCUA's Part 749, Appendix B) provides recommendations for developing and maintaining a disaster recovery program with the oversight and approval of the board of directors, noted CUNA, pointing out the program should include:
-
A business impact analysis to evaluate potential threats. After evaluating exposure to a full range of possible disasters, the cost, duration and impact of critical service/system disruptions should be considered
-
A risk assessment to determine critical systems and necessary resources. Credit unions should prioritize the risks to critical systems/services and develop contingency plans accordingly
- A written plan addressing:
- Individuals with authority to enact the plan
- Preservation and ability to restore vital records
- A method for restoring of services through identification of alternate operating location(s) or mediums to provide services
- Communication methods for employees and members
- Notification of regulators
- Training and documentation of training; and
-
Testing procedures, including a means for documenting the testing results
-
Internal controls for reviewing the plan at least annually and for revising the plan
- Annual testing to determine if the credit union could recover to an acceptable level of business within the time-frame stated in the disaster recovery plan