(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.data-privacy-src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-P7RK2W');
Home / Banking Strategies / Community banks and effective business continuity

Community banks and effective business continuity

Oct 29, 2020 / Consumer Banking

As COVID-19 swept across the nation, federal agencies issued guidelines to help institutions create and maintain effective business continuity and disaster recovery (BC/DR) plans in light of changes brought on by the pandemic.

To effectively keep employees safe and consumer data secure, it’s critical to also renew these policies and plans, including considerations around data security, protection, backup and recovery.

Community banks should start by reviewing all current technology when assessing (or refreshing) their BC plans and policies. To assess the technology infrastructure and ensure it’s ready to handle a remote workforce or office closures, community institutions should perform a gap analysis of the tools that their remote workers need and compare this to their current infrastructure.

To operate in a remote environment, employees will need a laptop, monitor, phone, video conferencing webcam equipment and much more. It’s important to explain whether employees can use their own devices or if the institution will provide devices for remote employees. Encrypted, secure-access methods – such as a virtual private network (VPN), secure cloud technologies or remote desktop infrastructures – will further protect consumer data. Any implemented solution should be paired with multifactor authentication (MFA).

In the event of a disaster situation, employees need access to communication tools, so institutions need to evaluate this technology when updating their BC policies. In a case where the workforce is dispersed, it is important to consider how your employees will best work together and how they will most effectively communicate with customers. Options include incorporating a company intranet, corporate social networks, internal messaging systems, video conferencing tools and client messaging systems into your BC plans and WFH strategy.

Refresh backup and disaster recovery plans

It’s also important for institutions to update their backup and disaster recovery plans. The ability to perform comprehensive backups of system data is crucial to DR efforts, but these efforts can be challenged by having a dispersed workforce. When considering a backup strategy, it is important to analyze where data resides and how it is backed up.

There are many questions for the institution to consider when refreshing their plans. First, it’s important to decide whether data will be backed up in a corporate data center, in the cloud or a combination of both.

For centralized data in the corporate data center, how will your remote employees access this data? Is the data replicated to the data center regularly and are the backups image-based or file-based? For cloud-based data, how can remote employees access the data and is there a standardized policy requiring data to reside in specific places to ensure they are properly backed up? These questions can help banks consider all their options and build out a successful disaster recovery strategy.

Planning and testing your updates

The most important aspect of BC/DR plans is to continuously plan and execute recovery tests for all situations. Testing strategies should detail the conditions and parameters for testing applications and functionality at least annually, and these tests should include various scenarios that stress availability and security of all systems that might affect business continuity. The institution should set objectives, recovery goals and timely schedules to ensure that their plans and policies are ready for any situation that comes their way.

Because a community bank’s DR/BC plan is a dynamic document, it should be updated at least annually to ensure the bank’s plans and policies align with the ever-changing needs of the institution as well as the constant evolution of technology.

It’s also important to store the DR/BC plan in a secure location easily available to members of the recovery team, and backup copies of the plan should be kept offsite. This way, no matter what disaster strikes, the institution is ready to enact their BC/DR plans and seamlessly continue operations.

With what we’ve all learned since the start of the pandemic, banks should update and test their BC/DR plans and operations, keeping critical aspects of business continuity, backup and recovery in mind.

In updating plans, institutions need to conduct regularly planning to consider both internal and external needs, thoroughly analyze business impact, address the recovery of business operations and technology, test the plan regularly to ensure its effectiveness and continuously update the plan to reflect changes in the business and operating environment.

Jeremy Baumruk is director of professional services at Xamin.

Subscribe to the BAI Banking Strategies newsletter and podcast.

See More Insights

See all Banking Strategies


Feb 2, 2023

Financial institutions are facing new challenges to keep their customers both happy and loyal. Download the Verint Experience Index: Banking Report to learn more about the consumer trends that can help you improve and grow. Download Now...


Upcoming: Feb 15, 2023

Holly Hughes, BAI CMO, will share BAI’s latest banking channel research and host a conversation with Colleen Wilson, Vice President, Product at MANTL, on what the trends mean for financial services leaders....


Jan 24, 2023

Providing accurate consumer information to credit-reporting agencies can be challenging for financial services organizations due to the volume and complexity involved. Establishing a Fair Credit Reporting Act (FCRA) center of excellence can help ensure accuracy and reduce regulatory risk. It can...

How People Learn and Grow

Compliance training and professional development courses that are efficient, effective and on-point. Give your people the latest industry-approved tools they need to improve performance, reduce operational risk and better serve your customers.

Learn More About Compliance and Training
Contact Our Compliance and Training Team

How Organizations Exceed Expectations

Benchmarking resources to help you better understand your organization’s relative performance. Tailor your preferred reports and leverage the insights to make data-driven decisions with confidence.

Learn More About Benchmarking
Download an Overview