search trigger icon
search close button
Reducing Risk & Fraud

How to Make Sure Your Disaster Recovery Plan Is Effective

Eric Flick
Nov 16, 2020

I really enjoy writing. So, when the opportunity to put down some words of wisdom presented itself, I jumped at the chance.

But, what to write about?

Let’s start with a simple question: What is the state of your financial institution’s (FI’s) mental health?

In defining that, let’s start with physical health. Hopefully, we can all agree that an FI’s physical health is comprised of things like total assets, total liabilities, return on assets, return on equity, brick and mortar locations, etc.

Regarding an FI’s mental health I would argue that it’s all about what keeps you up at night when it comes to your FI.

It’s 2020, so that list might be a bit longer than in other years. From PPP loans, to interest margin, to CRA scrutiny, to digital identity and engagement, the list can be daunting.

But what about the things that we don’t put on that list? The processes or systems that could disrupt the whole operation that we’re not thinking about because we don’t think we need to include them? The things in our minds that have already been taken care of.

Having a Plan Doesn’t Mean You Have a Good Plan

Here’s a question I ask that most always brings a predictable response: Do you have a disaster recovery (DR) plan?

Often, that question is met with an air of indignance. “Of course we do,” or “Absolutely,” are the most common responses. After all, who doesn’t have a DR plan?

I’ve been in banking since the mid-1980s, and the bank I worked for also had a DR plan. It wasn’t a good one, or a complete one, but we had one.

In those days, it was known as a reciprocal agreement. We partnered with another bank that was a reasonable distance away (about 50 miles) and agreed that if we or they had a hardware failure for an extended period of time, we could use each other’s system for however long we needed to.

I’d like to think that we each knew that wasn’t a viable long-term strategy, but hey, it checked the box with the internal auditor, the paid external auditor, and for a number of years the state, and federal examiners too.

And, for our small community bank, all that senior management cared about was checking the boxes for all the people and agencies looking.

A lot of you know what I’m talking about because you’ve been there, or sadly, maybe you’re still there.

Do You Have a Real DR Plan?

Let’s change the question a bit and see if your response differs. Instead of, “Do you have a DR plan?” how about: Do you have a DR plan that covers all of your technology and infrastructure and tests every component at least once a year?

Unfortunately, that question is often met with a creepy silence, the kind that would make the hair on the backs of the necks of your board of directors and largest shareholders stand up.

The truth is that over the last four decades, the business of banking hasn’t changed that much. However, the tools we use to interact with our customers and the tools we use to allow our customers to interact with us have changed dramatically.

Technology didn’t play a significant role back in the 1980s. Today, it’s difficult to articulate all the pieces involved in the banking technology landscape, with each and every one of them critical to the success of customer internal workflow interactions.

If 2020 has taught us anything, it’s that we have developed the ability to retain and grow our customer base without them physically coming into our facilities. COVID-19 has accelerated the pace of digital adoption.

In fact, odds are you now have customers that will only ever interact with you digitally. Does your DR plan cover all your digital interfaces?

DR Is an Invisible but Necessary Investment

Just as reciprocal agreements are a thing of the past when it comes to the mental health of an FI and their DR plan, 2020 has shown us that it’s time to abandon the check-the-box mentality when it comes to DR.

We were working with a prospect recently who was dreading their presentation to the IT Steering Committee. They were looking to deploy a private cloud backup and recovery solution that would protect all their Windows server infrastructure.

While helping them prepare the key bullet points of their presentation, they confessed that the whole presentation may be a waste of time. They confessed there was one member of the committee that would think the extra peace of mind and reliability of the solution wouldn’t outweigh the cost, and that once that person spoke up, the rest of the members of the committee would vote in line just to appease them!

What?

When you look at all the components that make up the critical infrastructure of today’s FI, it’s a challenge to put a solid DR in place, even if you want to.

The world today is as complicated as it ever has been. A pandemic, civil unrest, political and economic uncertainty. Executives aren’t the only ones concerned about an FI’s mental health when it comes to DR.

The folks in the trenches know. If for no other reason they know because they, like the executives, have their money in that FI. Money that they not only want to know is safe, but money that’s also accessible, even when a disaster happens.

Get Ahead of the Status Quo

The examiners finally put an end to reciprocal agreements. Their view evolved to the point where they saw that these agreements significantly increased the likelihood of turning one disaster into two.

The reality was that the healthy FI in this situation really didn’t have the computer capacity or infrastructure to do any more than help the other FI complete an annual test. They really couldn’t run the other bank without significantly impairing their own operation.

For those of us that have been around this business for a while, we know that technology has been ahead of the laws and regulations for decades, and that the regulations have been out ahead of what the examiners really crack down on.

It’s time for us to put an end to checking the box. Our customers, communities, employees, and their families count on FIs to be physically and mentally healthy. This year has shown us the importance of both physical and mental health for us as individuals, and that importance isn’t going to stop when the calendar turns to 2021.

And before you start to say you can’t afford real DR, ask yourself, can you afford not to have it?

As executives, leaders, and people that care about our co-workers and our communities, it’s time for us to do what we need to do to stop checking the box and take the necessary steps to improve the mental health of DR for our FI.

Who doesn’t want to sleep better at night?


subscribe to our blog

Stay up to date with the latest people-inspired innovation at Jack Henry.

blog subscription image
floating background gradient

contact us

Learn more about people-inspired innovation at Jack Henry.