Annual testing to become mandatory

FINRA, the US Financial Industry Regulatory Authority, has filed a rule with the Securities and Exchange Commission to enable it to require firms to participate in FINRA’s business continuity and disaster recovery testing.

This means that all members will have to participate in an annual business continuity and disaster recovery test under rule FINRA’s rule 4380 which is based on established standards. According the the regulatory notice, “Regulation SCI requires that FINRA, as an SCI entity, establish, maintain, and enforce written policies and procedures that address, among other things, “business continuity and disaster recovery plans that include maintaining backup and recovery capabilities sufficiently resilient and geographically diverse….” In addition, Regulation SCI contains a separate, corresponding requirement that each SCI entity, including FINRA, designate firms that must participate in the testing of the entity’s BC/DR plans.”

This demonstrates that the financial sector is actively reducing the risks associated with backup plan activation and to ensure that such plans operate as intended, if activated.

Plan B’s recent disaster recovery report demonstrates that 24% of DR tests are still unsuccessful, a statistic that has remained relatively unchanged over the past 2 years. Even though awareness of the requirement for testing seems to be improving, the actual testing regime in the UK is not following suit. This announcements from FINRA is a positive step to reducing risk in the US that may hopefully follow suit in the UK. Plan B however feels that a yearly test is not enough. Managing Director, Tim Dunger says ” The likelihood of a successful IT systems recovery following a failure is closely linked to the recency of the last Disaster Recovery test. A company that has not tested for 11 months is highly likely to experience difficulties during the recovery process. Quarterly tests should really be promoted as the norm, instead of annual tests. This is something the financial market should strive to achieve.”

Read the full FINRA notice regarding business continuity and disaster recovery testing