In the face of ever-increasing cybersecurity challenges, the issue of business continuity evolves and becomes more and more complex. Nowhere is this more true than in financial services. The stakes for banks, brokers, insurers, and other financial intermediaries are high, and regulators across the globe are introducing new rules and regulations that mandate business continuity — including communications requirements.
When disaster strikes, enterprises must address the challenge of maintaining collaboration resilience with communication as the centerpiece of their business continuity plan. It’s important to understand what regulators require, trends in how regulations are evolving, and how a plan for collaboration resilience can keep a business humming in the face of a disruptive event.
What You Need to Know About Business Continuity Regulations
Regulatory interests and activities related to business continuity are broad, and the rules and regulations regarding compliance continue to expand. Here are some of the ways regulators mandate business continuity practices:
There are long-standing requirements in Finra Rule 4370 for establishing and maintaining a business continuity plan and four of ten plan requirements relate to communication. With enforcement actions, the lack of a business continuity communication plan was one factor in a record-setting $70 million fine against Robinhood Financial in July 2021.
Gensler and SEC
Without question, Gary Gensler is the most proactive chairman of the U.S. Securities and Exchange Commission (SEC) in recent memory. In addition to his efforts to put his stamp on seemingly everything — from cryptocurrencies to trading in general — he has endorsed an expansive increase in requirements regarding business continuity.
In recent remarks on cybersecurity delivered at Northwestern University Law School Gensler specifically called out business continuity as one factor that needs to be addressed as the SEC works “to improve the overall cybersecurity posture and resiliency of the financial sector.” Specifically, he spoke of an opportunity to “freshen up Regulation Systems Compliance and Integrity (Reg SCI)”, including extending requirements to “other large, significant entities it doesn’t currently cover” as well as taking a look at the cybersecurity efforts of all public companies. Under a Gensler regime, business continuity and collaboration resilience requirements will both expand and increase.
The U.S. Commodity Futures Trading Commission (CFTC) is not nearly as aggressive or adversarial as the SEC but they too have very specific rules regarding business continuity plans. Specifically, Rule 23.603 spells out a long list of personnel, including regulatory representatives, that must be included “in the event of an emergency or other disruption.”
The International Organization of Securities Commissions (IOSCO) has a big impact on how national regulators address their home markets. In May 2021, IOSCO released its “Thematic Review on Business Continuity Plans,” which included, in part, an examination of the “resiliency, reliability, and integrity (including security) of critical systems”. By grading financial intermediaries on their business continuity regimes, IOSCO sets a standard that may often be applied to other, non-regulated entities.
In the annual Allianz Risk Barometer survey of the global insurance industry for 2022, 42% of respondents ranked business interruption as a top risk facing the industry, trailing only cyber incidents at 44%.
Regulators are taking notice, with the New York Department of Financial Services (DFS) acting as a bellwether. DFS issued Circular 6 and Circular 7 in July 2021 to spell out “new regulations about how insurance companies work during a disaster through rules covering disaster planning, preparation, and response.” Clearly, there is mounting pressure on all insurance companies to have comprehensive business continuity plans in place, and communication and collaboration resilience are fundamental to these plans.
Managing Collaboration Resilience for Business Continuity
With a relentless increase in cybersecurity threats and ever more prescriptive rules and regulations from industry regulators, businesses must address their business continuity plans thoroughly and comprehensively. The challenges are dynamic and broad, and one area that deserves special attention is having a communication plan that stresses collaboration resilience.
A robust plan for maintaining collaboration resilience is a foundational piece of a business continuity plan and an effective solution will ensure that internal staff as well as partners, customers, and regulators are informed on a timely basis. Fortunately, cost-effective solutions exist without placing a heavy burden on already stretched IT functions — all while remaining flexible and constantly evolving to meet new challenges.
Maven Wave Partners, an Atos Company, has extensive experience in developing and deploying collaboration resilience for the financial services and insurance industries. To learn more about how collaboration resilience applies to your enterprise, click here and download our latest white paper “Communication in a Crisis: A New Approach for Business Continuity”.
Get the latest industry news and insights delivered straight to your inbox.