Changeflow GovPing Banking & Finance FFIEC Business Continuity Management Guidance f...
Routine Guidance Added Final

FFIEC Business Continuity Management Guidance for Financial Institutions

Favicon for ithandbook.ffiec.gov FFIEC IT Examination Handbook Updates
Detected March 20th, 2026
Email

Summary

The FFIEC has released a new booklet providing guidance to examiners on evaluating business continuity management processes for financial institutions and service providers. The booklet aims to ensure the availability of critical financial services during disruptions.

View original document View source feed page

What changed

The Federal Financial Institutions Examination Council (FFIEC) has published a new booklet titled "Business Continuity Management" as part of its IT Examination Handbook series. This guidance is intended to assist examiners in assessing the risk management processes of financial institutions and their service providers concerning business continuity. It covers various aspects including governance, risk assessment, impact analysis, and strategies for resilience, aiming to ensure the continuity of critical financial services.

Financial institutions and their service providers should review this guidance to understand the expectations for their business continuity management programs. While this is guidance for examiners, it outlines best practices and areas of focus for institutions to ensure their resilience and the availability of services during disruptions. Compliance officers should familiarize themselves with the content to align their internal policies and procedures with the FFIEC's recommendations.

What to do next

  1. Review the FFIEC Business Continuity Management booklet
  2. Assess current business continuity management programs against booklet guidance
  3. Update internal policies and procedures as necessary

Source document (simplified)

Business Continuity Management

This "Business Continuity Management" booklet is one in a series of booklets that comprise the Federal Financial Institutions Examination Council (FFIEC) Information Technology (IT) Examination Handbook. This booklet provides guidance to assist examiners in evaluating financial institution and service provider risk management processes to ensure the availability of critical financial services.

Go to Introduction Download Booklet Download IT WorkProgram

Booklet Contents
- Introduction
- I Business Continuity Management
- II Business Continuity Management Governance
- II.A Board and Senior Management Responsibilities
- II.B Audit
- III Risk Management
- III.A Business Impact Analysis
- III.A.1 Identification of Critical Business Functions
- III.A.2 Interdependency Analysis
- III.A.3 Impact of Disruption
- III.B Risk Assessment
- III.B.1 Risk Identification
- III.B.2 Likelihood and Impact
- IV Business Continuity Strategies
- IV.A Resilience
- IV.A.1 Physical
- IV.A.2 Cyber Resilience
- IV.A.3 Data Backup and Replication
- IV.A.4 Personnel
- IV.A.5 Third-Party Service Providers
- IV.A.6 Telecommunications
- IV.A.7 Power
- IV.A.8 Change Management
- IV.B Communications
- V Business Continuity Plan
- V.A Event Management
- V.B Continuity and Recovery
- V.C Facilities and Infrastructure
- V.C.1 Data Center Recovery Alternatives
- V.C.2 Branch Relocation
- V.D Payment Systems
- V.E Liquidity Considerations
- V.F Other Components
- V.F.1 Incident Response
- V.F.2 Disaster Recovery
- V.F.3 Crisis or Emergency Management
- VI Training
- VII Exercises and Tests
- VII.A Exercise and Test Program
- VII.B Exercise and Test Policy
- VII.C Exercise and Test Strategies
- VII.D Exercise and Test Objectives
- VII.E Exercise and Test Plans
- VII.F Exercise and Test Scenarios
- VII.G Exercise and Test Methods
- VII.G.1 Full-Scale Exercise
- VII.G.2 Limited-Scale Exercise
- VII.G.3 Tabletop Exercise
- VII.G.4 Tests
- VII.H Industry Exercises and Resilience
- VII.I Third-Party Service Provider Testing
- VII.J Testing for Core and Significant Firms
- VII.K Post-Exercise and Post-Test Actions
- VIII Maintenance and Improvement
- IX Board Reporting
- Appendix A: Examination Procedures
- Appendix B: Glossary
- Appendix C: Abbreviations
- Appendix D: References

Named provisions

Business Continuity Management Introduction Business Continuity Management Governance Board and Senior Management Responsibilities Audit Risk Management Business Impact Analysis Identification of Critical Business Functions Interdependency Analysis Impact of Disruption Risk Assessment Risk Identification Likelihood and Impact Business Continuity Strategies Resilience Physical Cyber Resilience Data Backup and Replication Personnel Third-Party Service Providers Telecommunications Power Change Management Communications

Related changes

Favicon for ithandbook.ffiec.gov FFIEC IT Handbook - Architecture, Infrastructure, and Operations Booklet Updated
Routine Mar 20, 2026 FFIEC IT Examination Handbook Updates Banking & Finance
Favicon for ithandbook.ffiec.gov FFIEC IT Handbook: Development, Acquisition, and Maintenance Booklet
Routine Mar 20, 2026 FFIEC IT Examination Handbook Updates Banking & Finance
Favicon for ithandbook.ffiec.gov FFIEC IT Examination Handbook Updates
Routine Mar 20, 2026 FFIEC IT Examination Handbook Updates Banking & Finance
Favicon for www.gazzettaufficiale.it Italy Official Gazette - March 19, 2026
Routine Mar 20, 2026 Italy Official Gazette (Gazzetta Ufficiale) Government & Legislation
Favicon for www.regulations.gov SBA Updates Program Fraud Civil Remedies Act Regulations
Priority review Mar 20, 2026 Regs.gov: Small Business Administration Government & Legislation
Favicon for eur-lex.europa.eu Directory of European Union Legislation
Routine Mar 20, 2026 EUR-Lex Recent Legal Acts Government & Legislation

Source

Favicon for ithandbook.ffiec.gov
FFIEC IT Examination Handbook Updates ithandbook.ffiec.gov/rss-whatsnew
Banking & Finance
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
FFIEC
Instrument
Guidance
Legal weight
Non-binding
Stage
Final
Change scope
Minor

Who this affects

Applies to
Financial advisers Banks Insurers Fund managers
Industry sector
5221 Commercial Banking 5223 Credit Unions 5239 Asset Management 5241 Insurance
Activity scope
Business Continuity Management Risk Management IT Operations
Geographic scope
United States US

Taxonomy

Primary area
Financial Services
Operational domain
Compliance
Compliance frameworks
NIST CSF
Topics
Cybersecurity Risk Management

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 212 Consumer Protection 35 Courts & Legal 261 Data Privacy & Cybersecurity 60 Defense & National Security 48 Education 20 Energy 102 Environment 82 Government & Legislation 251 Healthcare 116 Housing 15 Immigration 9 Insurance 58 Labor & Employment 110 Pharma & Drug Safety 77 Securities & Markets 74 Tax 54 Telecom & Technology 34 Trade & Sanctions 122 Transportation 56

Get Banking & Finance alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when FFIEC IT Examination Handbook Updates publishes new changes.

Free. Unsubscribe anytime.