Back in the summer of 2021, during an especially active hurricane season, the Federal Deposit Insurance Corporation’s FDITECH unit launched a program to speed development of digital capabilities to bolster the operational resilience of financial institutions during a natural disaster or other type of major disruption.
Because “the U.S. financial sector is facing a growing number of threats to its information technology systems, operations, people and facilities,” the FDIC said, institutions need “to respond to and recover from these disruptions in a timely, consistent and reliable manner.” The agency kicked off the initiative with a question for program participants to contemplate: “What would be the most helpful set of measures, data, tools or other capabilities for financial institutions…to use to determine and to test their operational resilience against a disruption?”
It’s a question banks would have been wise to ask themselves in advance of this year’s hurricane season, which as of early September was on pace to exceed the 12 to 17 named storms that the National Oceanic and Atmospheric Administrative (NOAA) predicted for the region this year. And that’s not including Hurricane Hilary’s unprecedented swamping of parts of Southern California and Mexico in August.
Even for businesses that weren’t impacted by Hurricane Hillary or the procession of storms in the Atlantic, the operational disruption that disasters like these can cause provides a powerful reminder of how crucial business continuity planning is, particularly for financial institutions. A network outage can render an organization practically invisible — not an acceptable outcome for banks whose customers (and employees) expect always-on, 24/7/365 network, application and account access.
In a 2021 report, ITIC found that for the vast majority of large and midsized enterprises that experienced an unplanned server outage, the cost of a single hour of downtime totaled $300,000 or more. According to widely cited estimates from Gartner, a network outage costs organizations an average of $5,600 per minute.
With so much at stake, and with hurricanes and other events posing a very real risk to IT and communications infrastructure, it’s critical that financial institutions proactively develop a plan for protecting that infrastructure so they can continue serving their customers and communities should disaster strike. Here, based on my work supporting financial institutions in developing resilient IT and network infrastructure, along with my own experience coping with hurricanes as a bank executive, is a look at what the preparation process might entail:
- Conduct a risk assessment. In its 2021 tech sprint, FDITECH chose to support development of six solutions, among them an operational resilience assessment tool. Whether they use such a tool, a third-party consultant or their own internal team, it’s vital that banks conduct a formal risk assessment to determine how well protected their IT infrastructure and network are from disruption related to a hurricane or any kind of extreme event.
- Develop a formal plan. Based on the aforementioned assessment, create a detailed plan for how your organization will handle various likely crisis scenarios, including a strategy specifying how, and by whom, information will be communicated internally and externally. The plan also should identify critical on-premises hardware and brick-and-mortar IT infrastructure (such as data centers) that must be protected, and how they will be protected. Organizations that already have a plan should revisit it annually — well in advance of each hurricane season — and update it accordingly.
- Ensure the bank’s communications network is capable of securely accommodating more remote work. To continue to provide service to customers during and after a disaster, a bank may need more of its employees to work remotely. Besides providing workers with reliable remote connectivity to access the apps and data they need to continue serving customers, the network also must be secure all the way out to the edge. This level of scalable, secure connectivity might not be possible for banks that rely on older network infrastructure. If that’s the case, moving to a cloud-based network such as SD-WAN (software-defined wide area network) that’s packaged with a leading-edge cybersecurity solution like SASE (secure access service edge) can be critical to preserving secure connectivity and communications when disaster strikes.
- Enlist a third-party expert to swing into action and support your IT team. One reason more banks are turning to managed IT services (managed network, security, unified communications, contact center, etc.) is the support that accompanies these services. Essentially, they give an institution another first responder to support their internal IT team with hands-on troubleshooting, repairs and other forms of support during a hurricane or other major disruption, freeing people within the organization to focus on other high-priority business continuity issues. This can be especially important for organizations with lean or understaffed IT teams.
- Ensure your contact center is a reliable communications lifeline. During and after a disaster, a bank’s contact center may need to rapidly scale up capacity to respond to a likely spike in customer inquiries. A cloud-based contact center service provides a high degree of reliability and scalability.
- Keep a firm handle on the status of all network circuits. Full real-time visibility into the status of every circuit across the communications network is a must during and after a hurricane. With the visibility provided by a dashboard-based network portal, a bank’s IT team can quickly mobilize to address any issues that are disrupting connectivity.
- Keep multiple communications channels open for employees and customers. Hurricanes and other disasters can quickly expose the limitations of aging legacy communications networks. With a modern, cloud-based unified communications platform, banks can preserve communications with employees and customers, from any device over multiple channels (voice, video, messaging, etc.).
- Stress-test your plan and your network. Now it’s time to conduct a simulation to find out how well all these elements are likely to work together to provide the resilience and reliability you seek. Some type of incident simulation software can help you make such an assessment, so you can make any needed adjustments before the big “What if?” becomes the big “What now?”
Bucky Porter is a financial services industry analyst with Windstream Enterprise (https://www.windstreamenterprise.com/), which provides cloud-optimized managed services and network and communications solutions. He has more than 20 years of banking experience in roles such as regional branch leadership, technology consultant, and senior lending officer. He has worked with community, regional and national banks.
- Third-Party Risk Management “Essential” As More Banks Partner with FinTechs
- M&A: First Western Announces Purchase of State Bank of Lismore
- Majority of Americans Reliant on Credit Card Rewards During Holidays
- Congress Votes to Scrap CFPB Small Business Lending Data Rule
- FDIC “Missed Opportunities” in First Republic Bank Supervision