Tuesday, February 14, 2012

Bank Regulatory Examinations: Most Common BCP Findings 2012

Each year I spend a lot of time helping BCP Coordinators in banks prepare for regulatory examinations and audits. I also spend a lot of time preparing responses to examination findings.
So I have anecdotal evidence that I use to predict what the regulatory hot buttons will be in the coming examination cycle, at least as far as BCP is concerned.

In 2008 it was testing, specifically DR Testing. Examiners were trying to spot banks that were using tabletop testing exclusively and skipping the DR tests.

It was Pandemic Planning in 2009 and again in 2010 (can anyone guess why?).

In 2011, back to DR Testing.

We are starting 2012 with a focus on overall documentation: A written policy that includes planning role assignments, a proper Business Impact Analysis, a Threat Assessment, a Communications Plan (internal and external).

Expect that examiners will read every word in your plan documents. Be prepared to address any inconsistencies in language and terminology.

If you need to call for reinforcements you can reach us though Skype, Google Talk, Google +, eMail, Twitter, and telephone.

About the only thing we don't have is a Facebook page. I'm resisting that for now.