Business Continuity Planning at Financial Institutions
July 25, 2003
Bank of Japan
Click on fsk0307a.pdf (72KB) to download the full text.
Financial institutions could face the suspension of critical operations due to natural disasters, terrorist attacks, computer problems, and other causes and hence need to secure business continuity by formulating action plans in advance to ensure quick recovery. The events of September 11 in the US demonstrated the need for such robust business continuity in many countries. This holds true for Japan which has been subject to many natural disasters, including earthquakes and typhoons, and also computer problems at financial institutions in recent years.
Most Japanese financial institutions have some form of business continuity plan in place. However, those plans still focus mainly on individual operating systems or facilities. Thus, the events of September 11 have prompted financial institutions to strengthen their business continuity so that they can cope with even larger scale disruption than previously planned for.
This paper delineates 'sound practice' in terms of business continuity planning at financial institutions. It should be noted at the start that individual financial institutions might be impacted differently depending on their location and nature of their business, and hence there could be various approaches to business continuity planning. It should also be noted that implementation issues are still being debated, and that practical methods are evolving. Therefore, it is desirable for financial institutions themselves to design their own management framework that addresses their own particular risk profile, and to review such framework on an ongoing basis. The Bank of Japan (the Bank) will promote discussion with financial institutions regarding business continuity planning.
Section 1 gives the Bank's basic view of business continuity planning and Section 2 details more specific and practical aspects such as how planning could be accomplished.