Banking and Finance Law Daily Regulatory agencies adopt guidance on pandemic risk management
Monday, March 9, 2020

Regulatory agencies adopt guidance on pandemic risk management

By Richard A. Roth, J.D.

The FFIEC has updated its guidance from 2006 and 2007 on the need for business continuity plans that address the effects of pandemics.

The Federal Financial Institutions Examination Council has published an interagency statement on how financial institutions should plan to minimize the harmful effects of pandemics. The Federal Deposit Insurance Corporation and the Office of the Comptroller of the Currency, both FFIEC members, also have published advisories (OCC 2020-13FIL-14-2020).

The interagency statement says that "business continuity plans should address the threat of a pandemic outbreak and its potential impact on the delivery of critical financial services." This means that each institution’s BCP should include:

  • a preventive program,
  • a strategy that applies to the stages of the pandemic,
  • a comprehensive framework to ensure that the institution’s critical operations will continue,
  • testing, and
  • reviews and updates.

Planning. Planning for a pandemic presents challenges that are different from ordinary BCPs, the statement says. Most disasters will be limited in duration or scope, but a pandemic can be world-wide and last for several months. Absent workers could be the most significant problems institutions face, the statement notes.

Moreover, steps that would be appropriate for many disasters could be inappropriate for a pandemic, according to the FFIEC. For example, it might be impossible to move staff members to an unaffected location, or there might not be enough healthy staff members. The Department of Homeland Security has estimated that absenteeism could reach 40 percent during the peak period of an outbreak due to employees who are ill, who must care for family members who are ill, who must deal with children whose schools are closed, or who are afraid of being exposed to the disease.

Risk assessment and risk management are critical steps, the statement adds. This will require communication and coordination with third parties, strategies to protect employees, control processes such as previous cross-training and succession planning, and preparation for increased telecommuting.

MainStory: TopStory BankingOperations FederalReserveSystem FinancialStability

Back to Top

Interested in submitting an article?

Submit your information to us today!

Learn More

Banking and Finance Law Daily: Breaking legal news at your fingertips

Sign up today for your free trial to this daily reporting service created by attorneys, for attorneys. Stay up to date on banking and finance legal matters with same-day coverage of breaking news, court decisions, legislation, and regulatory activity with easy access through email or mobile app.