Your Questions about COVID-19 and Regulators

Your Questions about COVID-19 and Regulators
Today. Tomorrow. And Post-Pandemic

 

By this time, you have already activated your financial institution’s Pandemic and Business Continuity plans. Your regulators are contacting you for updates. You are addressing customer service and staff needs. You are also working with your vendors to determine how COVID-19 will impact the critical services they provide. It’s a strong start – but what’s next?

Everyone is working at top speed to answer that question and all the others that emerge in this rapidly changing crisis. Below are some of the more common regulatory questions we’re hearing and the responses we’re providing.

So, what IS next?

All the time you spent reviewing, training, and testing your Pandemic and Business Continuity plans helped you in the early days and will take you through the immediate short term. To some degree, today and tomorrow are covered; the trick now is that you must simultaneously begin preparing for the future. No one knows when this crisis will end. But we do know it will, marking the beginning of the post-pandemic period.

How do we bring closure to the current COVID-19 event?

Document everything. We cannot stress strongly enough how important it is to document your actions – from the day your management and/or crisis management team acknowledged the COVID-19 pandemic and enacted your pandemic and crisis continuity plans, to the day operations return to normal or the “new normal.” In the post-pandemic period, you’ll want to tell your story of how your financial institution survived.

We have updated our regulators throughout this COVID-19 event – what’s the benefit of documenting it now? 

You will be telling the story of how you and your team successfully managed the COVID-19 pandemic. Use it as your financial institution’s final report to your Board of Directors. This is your opportunity to demonstrate that your crisis management team was prepared for the COVID-19 outbreak and that the team was nimble enough to adapt and adjust, in real time, to a fast-changing crisis landscape as it led your bank through the crisis.

How should we document this and how much information is needed?

Although Pandemic Preparedness Plans have been required since 2006, you should document this first-in-our-lifetime high-risk event in the same manner, and at the same level, that you documented your ongoing testing prior to the pandemic. Remember to include a review of the plans, training material and testing process, as well as any action plans that were – and are still – being used.

What do regulators want from their financial institution regarding COVID-19?

Regulators want you to survive in a safe and sound matter. They want you to continue providing financial services to your customers, and to continue communicating clearly and frequently to staff, customers, vendors and the Board of Directors. Importantly, your regulators also want you to communicate regularly with them.

Where do we find regulators’ current guidance on pandemic planning?

On March 6, 2020, the FFIEC issued an Interagency Statement on Pandemic Planning.  This guidance was issued as a reminder that business continuity should address the threat of a pandemic outbreak and its impact on delivery of critical financial services. You should use the 2020 Statement on Pandemic Planning to verify that your financial institution plan has addressed the areas noted in the Statement. Also available from the Centers for Disease Control and Prevention (CDC) is a helpful checklist for Business Pandemic Influenza Planning.

Why does Business Continuity planning include pandemic outbreaks?

Business continuity planning considers the effect of various natural or man-made disasters on business operations. The COVID-19 outbreak is an example of a high-risk pandemic outbreak. Pandemic planning focuses on the adverse effect that a widespread communicable virus or infectious disease could have on a bank’s ability to provide critical financial services in the event of significant staff and executive absence due to illness. Because of variations in scale and duration, planning for a pandemic is a more challenging undertaking. Consider all three risk levels (high, moderate and low) in your pandemic risk assessment.

Is the business impact analysis and risk assessment process part the overall Business Continuity

Management/Disaster Recovery program (BC/DR) and is it updated prior to reviewing the program? Yes. For many of our clients, the business impact analysis (BIA) and risk assessment (RA) process are part of the business continuity and disaster recovery process and include the pandemic BIA and RA process.

Do we need to review and update our business impact analysis and risk assessment process as well as our Business Continuity Management/Disaster Recovery program (BC/DR) due to COVID-19?

Yes. The COVID-19 event may require revisions to your BIA, RA and the BC/DC program.

Where can we locate the most recent BC/DR guidance?

The FFIEC revised the Information Technology Examination Handbook for Business Continuity Management (BCM) on November 2019. This booklet replaced the booklet issued in February 2015.

What other areas do regulators expect financial institutions to monitor and address during a pandemic?

We recommend that you

  • Identify critical vendors, within your vendor management program; then detail the service provided, contact information, and the vendors’ ability to continue providing their services during a pandemic.
  • Maintain cybersecurity monitoring
  • Maintain communication
  • Maintain new and revised programs information for products and services.
  • Maintain logs of customers’ requests.
  • Maintain information on credit risk activities.
  • Maintain records detailing special needs for additional cash and funds.
  • Maintain information on human resource and management, particularly changes in staffing.
Does Artisan Advisors LLC provide services regarding the review and update of the BIA, RA, Pandemic Preparedness, BC/DR processes?

Yes. Artisan Advisors offers a comprehensive portfolio of services, including developing or updating BIA, RA, Business Continuity Management Programs, Pandemic Preparedness Plans, and related training materials.

At Artisan Advisors, we know what you are going through, because we’ve been there. And, we are here to help.

Scroll to Top