Back-up needs buck-up

Although the City’s top 35 financial institutions have adequate disaster recovery plans in place according to the Financial Services Authority, it still has major concerns about the readiness of the rest of the regulated sector. An FSA spokesman, quoted in the Financial Times last month, noted that “30 to 40 per cent [of the 11,500 firms that it regulates] haven’t got any sort of back-up plan at all.” This is especially worrying almost a year after the September 11th attacks. “None of us can afford to be complacent about the challenges that inevitably arise in an environment where the potential threat is so great,” said Michael Foot, managing director at the FSA. For its part the Authority now operates a back-up site at a secret location away from Canary Wharf and staff take part in emergency simulation exercises to ensure that the regulator is able to maintain contact with and ensure trading continuity for key institutions in the event of a crisis. CP142 “Operational risk systems and controls”, which was issued in July, contains proposals for additional guidance on business continuity to feature in the Systems and Controls (SYSC) section of the Handbook, and complement the high-level guidance in SYSC 3.2.19G. Firms should have a formal plan and management framework, regularly tested against the failure and recovery of both internal and external resources, whether people, systems or assets. They should cover areas such as succession of personnel, dual processing, alternative service providers, insurance and communications. The FSA notes in SYSC 3A.6.10G that the use of off-site arrangements is common and advises firms to take account of limits on availability when resources are shared. Comments on CP142 must be submitted by 31 October 2002 .