Compliance Guru • FFIEC Guidance
  • Ask the Guru
  • The Guru Speaks
  • About
  • Ask the Guru
  • The Guru Speaks
  • About
By Tom Hinkel In Hot Topics

FFIEC Issues Stealth Update to BCP Handbook

iStock_000037119762_Med

This caught me by surprise as it was not formally announced in the “What’s New” section, but the Appendix J update to the Business Continuity Planning Handbook apparently constituted a complete update to the Handbook.  Here is what the press release said in part:

The Federal Financial Institutions Examination Council (FFIEC) members today issued a revised Business Continuity Planning Booklet (BCP Booklet), which is part of the FFIEC Information Technology Examination Handbook (IT Handbook). The update consists of the addition of a new appendix, entitled Strengthening the Resilience of Outsourced Technology Services. (emphasis added)

If you only focused on the last sentence (as I did), you would think all they did was add an appendix to the existing booklet.  But the first sentence states that they issued a revised booklet.  And sure enough, they changed the date.

Here is the old booklet:

Cover page from 2008 FFIEC_IT_Booklet_BusinessContinuityPlanning

And here is the new booklet:

Cover page from 2015 FFIEC_IT_Booklet_BusinessContinuityPlanning

I’ve written about the wide-ranging implications of “Appendix J” previously.  In comparing the old and new BCP booklets I was unable to find any other changes in the document except the addition of Appendix J, and some changes to Appendix A.  Regular readers know that each of the 11 booklets has an Appendix A which contains the examination procedures. The message here is that the FFIEC considered the addition of Appendix J significant enough to warrant new examination procedures, and a whole new handbook with a new revision date!


7 Reasons Why Small Community Banks Should Outsource IT Network Management



7 Reasons Why Small Community Banks Should Outsource IT Network Management



7 Reasons Why Small Community Banks Should Outsource IT Network Management

I’ve gone through Appendix A of both the new booklet and the previous booklet and highlighted all of the changes.  If you’re interested in how your next BCP exam might differ, you can download a copy of my marked-up document here.  The complete BCP Handbook is here.

Print Friendly, PDF & Email

Share this:

  • Facebook
  • LinkedIn
  • Twitter
  • Print
Appendix A Appendix J BCP business continuity Examination Procedures FFIEC

Article by Tom Hinkel

As author of the Compliance Guru website, Hinkel shares easy to digest information security tidbits with financial institutions across the country. With almost twenty years’ experience, Hinkel’s areas of expertise spans the entire spectrum of information technology. He is also the VP of Compliance Services at Safe Systems, a community banking tech company, where he ensures that their services incorporate the appropriate financial industry regulations and best practices.

Related Articles

  • Testing or Exercise?
    Compliance Quick Bites – Tests vs. Exercises, and the Resiliency Factor
  • Reading Between the Lines
    Reading Between the Lines: The Interagency Examiner Guidance for Assessing Safety and Soundness During COVID-19

6 replies added

  1. Marilyn Brooks April 29, 2015 Log in to Reply

    Tom, I read the same thing you did I thought appendix J was the only addition. Thanks for the update.

    • Tom April 29, 2015 Log in to Reply

      Hi Marilyn, this one took me by surprise as well. I wonder if future booklet updates will be done this way? Guess I’ll have to pay even closer attention!

  2. Leesa April 30, 2015 Log in to Reply

    The Appendix A changes are significant, in my opinion. The focus continues to be on third-party oversight and cybersecurity. Although this isn’t brand new, it confirms that these two areas will come under ever-increasing scrutiny. Thank you for pointing this out, Tom! 🙂

    • Tom April 30, 2015 Log in to Reply

      Agreed, and as a second-tier TSP we have already made significant changes to accommodate Appendix J’s oversight expectations for financial institutions. The only question is when will the Appendix A changes make their way into examinations?

  3. Carol July 13, 2016 Log in to Reply

    Thanks Tom.. this is a lot to update and consider.

    • Tom Hinkel July 14, 2016 Log in to Reply

      Hi Carol! Yes it is, and it will be interesting (to say the least) to see how this actually looks when the examiners fully digest it.

Leave your comment Cancel Reply

You must be logged in to post a comment.

Join Our Community

Browse Posts

  • Ask the Guru
  • Ask the ISO
  • From the Field
  • Hot Topics
  • Reading Between the Lines
  • Resources

Copyright © Compliance Guru®.
All Rights Reserved.

Powered by Safe Systems. Privacy Policy

Stay up to date with these pandemic resources for community banking.See COVID-19 Resources
+