A sound disaster recovery plan is critical to any credit union’s long-term success. While most credit unions recognize the importance of being well prepared for an unforeseen event, some credit unions are better equipped to navigate these waters than others.
Ultimately, the right investments in time, resources and planning can make all the difference in how well your credit union – and its members – weather the impact.
According to Ann Morgan, Business Development, CO-OP Shared Branching, an effective disaster recovery plan first and foremost includes all the necessary policies and procedures to enable full recovery of vital technologies following any disaster, whether natural or manmade.
“Because these events can occur anytime, anywhere, credit unions need to be prepared with a comprehensive, modernized approach that ensures member access to accounts,” she said.
While making technologies available to members is critical, Morgan emphasizes that the plan should extend to all aspects of the business.
“A disaster recovery plan should be thoroughly tested to evaluate its effectiveness as well,” she said. “It should include directives on the actions employees need to take to both address incidents and prevent them from occurring in the first place. And when a disaster strikes, it is critically important to continue operating the credit union as smoothly as possible, and to quickly bring processes back to normal.”
Compliance with FFIEC Guidelines
To achieve these objectives, Morgan notes that a credit union’s plan should ensure that every employee knows exactly what to do in an emergency, and where to find the information they need to carry out their assigned tasks.
“Credit unions also need to analyze the business impact of their plan on a regular basis to ensure that it stays in compliance with all FFIEC guidelines,” she said. “The most common mistake credit unions make related to disaster recovery is not providing enough regulatory protection for themselves or their members.”
Morgan recommends revising the plan whenever there are changes in business processes or audit recommendations – or when any weaknesses are uncovered through internal testing.
“And credit unions always need to look at disaster recovery from the membership’s point of view,” she said. “Technological advancements are yielding faster and more efficient processing today. As a result, consumers are not used to waiting for anything, and they have very little tolerance for system downtime.”
The Competitive Landscape
Morgan adds that many financial institutions are investing in technology specifically designed to shorten recovery periods.
“Your competitors are working hard to minimize the impact of disasters on their customers,” she said. “As a credit union, you should provide members with the same level of service.”
She emphasizes that contracting with a third-party call center, such as the CO-OP Member Center, can give credit unions the added staffing and technical support they need in the event of a disaster.
Shared Branching Basics
And to keep shared branching up and running network-wide, Morgan has some specific recommendations.
“Credit unions should have a shared branching plan in place for their standard in-house and EFT processes,” she said. “The disaster recovery plan should cover the issuer interface at a minimum, and should ideally support the acquirer interface at other branches as well.”
And if a credit union has its own standard backup site, she adds, a VPN should be installed at that facility.
“Credit unions using a service bureau or third-party data center should ensure that the vendor has a permanent VPN connection with CO-OP Shared Branching,” she said. “And when moving in and out of disaster recovery, credit unions should provide CO-OP with as much notice as they can, and an estimate of their anticipated downtime.”
She also advises credit unions to select an employee to serve as the point person for communicating with the CO-OP Shared Branching network services team.
“Your credit union disaster recovery plan should be dynamic, and should evolve along with your growth and advancement,” she said. “Training employees, deploying the right technologies and keeping procedures in regulatory compliance will serve your interests well and ensure that members can regain full access to your products and services as quickly as possible.”