Disaster Recovery: Preparing for the Perfect Storm
October 26, 2017
In the midst of chaos created by catastrophic events such as hurricanes, earthquakes, and terrorism, financial institutions must be able to deliver critical services and provide the short-term support their customers and employees need. This can entail a high degree of flexibility – forgiving late payments, temporarily waiving fees, increasing limits on ATM withdrawals and credit cards and deferring loan payments, for example. Bankers also must anticipate increased demands for cash.
Prepare for disaster drills
Regularly-administered disaster drills – run-throughs of worst-case scenarios – are the linchpin to preparation. Questions to keep in mind include: What type of catastrophic event might occur in a specific location? How might facilities in a particular area be impacted? How might customers and employees be affected?
A typical disaster drill checklist should include:
- Conducting an internal review to ensure that functions are classified in appropriate tiers, with particular attention to critical Tier 1 functions, such as core banking and the ability to continue ACH processing
- Testing critical functions to determine how long it takes to bring a system back up in the wake of high customer demand
- Testing “what if” scenarios, such as what to do if an application is crippled – e.g., what if people cannot complete transactions without them timing out?
- Estimating how many customers will attempt to access cash and creating a plan to dispense cash in the event that ATMs are out of service or the vault is vulnerable to flooding
- Creating and testing a communications plan for customers and employees in the event that telecom systems fail
- Determining how to take care of employees’ basic needs – necessities, child care if schools close, transportation – so that employees can take care of customers’ needs
Post-mortems in the aftermath
Post-mortems provide valuable insight on how well institutions respond to times of crisis and the high demands those put on their systems. Every financial institution in recently affected areas should be conducting post-mortems on its own performance and the performance of its vendors following a crisis.
After Hurricane Katrina, The FDIC conducted its own post-mortem. It drafted a report, “Lessons Learned from Katrina,” to outline the many challenges that financial institutions faced in the wake of Katrina: communications outages, lack of transportation into restricted areas, inoperable computer systems, interrupted mail service, destruction of or damage to physical facilities including ATMs. The report found that nearly all the financial institutions that had become inoperable during the storm had backup systems located close to their main systems.
What financial institutions should look for in a provider
Disaster recovery should be a standard section in service agreements with providers. Financial institutions should review that section carefully and assess partner characteristics – scale, speed, flexibility, reliability, track record – in the context of catastrophic event scenarios.
FIS’ quick response to Irma
Hurricane Irma, which struck Florida at the end of August, increased the state’s number of SNAP benefit recipients by 35 percent overnight. That was on top of the 1.6 million people who already received the benefits. As the major provider of SNAP benefits in the state, FIS produced a half million cards within days. We shipped them to local offices that remained operational or worked through local agencies for distribution from temporary locations, including open-air stands.