On November 14, 2019, the Federal Financial Institutions Examination Council (FFIEC) announced they updated and renamed the Business Continuity Planning booklet within their IT Examination Handbook to Business Continuity Management (BCM). According to a Press Release by the FFIEC, "the updated Business Continuity Management booklet focuses on enterprise-wide approaches that address technology, business operations, testing, and communication strategies critical to the continuity of the business."
According to the Glossary of the BCM booklet, Business Continuity Management (BCM) is a term developed by the FFIEC for supervisory purposes. They define BCM as, "the process for management to oversee and implement resilience, continuity, and response capabilities to safeguard employees, customers, and products and services."
This new definition expands on their previous booklet name, "Business Continuity Planning," by clarifying "business continuity focuses on more than just the planning process." The FFIEC suggests the BCM name clarifies the document's inclusion of "continued maintenance of systems and controls for the resilience and continuity of operations."
While elements of BCM have been addressed in previous booklets, the updated booklet places a renewed focus on the importance of not only planning for disruptive events (e.g., cyber events, natural disasters, man-made events, etc.), but also incorporating elements of resilience and recovery. This concept of business continuity extends beyond the boundaries of the individual organization and into the greater "financial services sector," which includes financial institutions, holding companies, and third party service providers. Business does not happen in isolation; managing business continuity should not be any different.
To learn more about the new booklet, read FFIEC Releases Updated Business Continuity Management Booklet.
