The purpose of this letter is to provide guidance to credit unions in developing comprehensive, written, updated and tested Disaster Recovery (DRP) and Business Resumption Contingency Plans (BRCP) referred to collectively as “contingency plans.” In preparation for the Year 2000, many credit unions developed contingency plans for their critical information systems. Credit unions should review their plans and update them. However, credit unions must go beyond their information systems and develop comprehensive contingency plans for all critical resources.
After the tragic events of September 11th, NCUA initiated a review of its own internal contingency plans. Various news sources indicate that financial service providers affected by the terrorist attack, who had tested contingency plans, were up and running, at least at a minimal level, very quickly. As primary financial institutions for millions of members, credit unions must ensure they can rapidly provide a minimally acceptable level of critical member services during a disaster.
Appendix 1 titled, Contingency Plan Best Practices, provides high-level guidance for credit unions developing and/or revising their contingency plans.
If you have any questions or concerns, please contact your NCUA Regional Office or State Supervisory Authority.