Business Continuity Planning for Financial Institutions



Recent events in the United States and abroad have reaffirmed how vital it is for every type of business and institution to have a business continuity plan. For financial institutions, these attacks solidified the need to be prepared and equipped to respond in times of crisis, threat, disaster and other incidents.

It’s important to remember that major financial institutions do not operate in isolation and that there is a industry reliance on one another to be prepared in the event of threat or interruption. When banks and financial institutions fail to operate, businesses fail, jobs are lost, homes are lost, and communities fail to prosper.

Why Business Continuity Planning?

You want to know that your personal money, investments and financial concerns are secure. You want to know that the finances of your business are secure. Your bank needs to know that its finances are secure. There is an implied trust with financial institutions that measures are in place to protect everyone concerned during an incident.

Assessing The Risk

A financial institution is a business - there are clients, third-party vendors, contractors, employees, and other parties who are all concerned with the ongoing continuity of service. What are the possible threats or risk:

  • Natural disasters that are relevant to your area. For example hurricanes, snow storms, or earthquakes.
  • Human-driven threats such as theft, cyber-attacks (including digital viruses), or terrorism.
  • Technical infrastructure failure such as software or hardware failure, database loss, or online banking failures.

Each scenario requires a different response plan, including a different crisis communication plan. In the event of a hurricane or fire, you will need to be prepared to have an alternate location for business. With a cyber-attack, your information technology response must be prepared and your crisis communication plan with clients and media must be proven. Knowing how and where your data is backed-up is crucial in the event of a technological infrastructure failure.


The communications team and plan for any financial institution must be prepared for any and all types of incidents. Remember that front-line customers will want to know that they can access their daily banking accounts. Corporate customers want to ensure that their payments, loans, and transfers will still operate as expected. The financial institutions’s other banking partners need to know that the institution is stable and will resume continuity of service. The employees need to know that they are working in a safe environment and that there is business continuity plan in place.

Due to the sensitive nature of financial institutions, it is very likely that you’ll need to closely monitor all external communications during an incident. This means knowing what messaging will be used on social media, how emails to customers will be handled, what will be said during press conferences, what will be communicated with your corporate customers and finally, what will be communicated to all employees.

Many financial institutions are partnering and working together to ensure that continuity of service occurs during a threat or disaster. The reputation of banks and financial institutions is tenuous at best, so having a plan that ensures a solid back-up and partner with another institution only serves to strengthen the financial and banking industry.

For continued reading on this topic, refer to this thorough assessment of business continuity and risk by the Bank of Japan.

Issue and Crisis Management Monthly Newsletter