Monday, March 16, 2020

Lenders Compliance Group issues complimentary Business Continuity Plan Checklist (Includes COVID-19 Pandemic Response)


Modules directly address the specific requirements needed to maintain business continuity in general as well as provide business continuity during the COVID-19 Pandemic in particular.

Lenders Compliance Group (LCG), the first and only full-service compliance firm with a suite of compliance solutions for residential mortgage lenders and originators, has issued today a valuable tool, entitled Business Continuity Plan Checklist & Workbook (Includes COVID-19 Pandemic Response).

The checklist is a valuable development tool to chart the progress in developing a Business Continuity Plan. This is a 60-page, form-fillable document that provides the basic compliance elements and due diligence essentials at this most critical time in the outbreak of the COVID-19 Pandemic.

There are distinct differences between pandemic planning and traditional business continuity planning. Pandemic planning presents unique challenges. Unlike natural disasters, technical disasters, malicious acts, or terrorist events, the impact of a pandemic is much more difficult to determine because of the anticipated difference in scale and duration.

Lenders Compliance Group is providing the Business Continuity Plan Checklist & Workbook (Includes COVID-19 Pandemic Response) on a complimentary basis to the financial services industry.

There are five modules, as follows:

Module 1: Business Continuity Team

Module 2: Facilities Continuity

Module 3: Recovery Requirements

Module 4: Pandemic Planning for COVID-19

Module 5: Generalized Pandemic Response based on NYS Model

Additional sections, some of which contain subsections, provide:

  • Team Alert List
  • Employee Call List Instructions
  • Critical Vendors List (Sample Format)
  • Key Customer Description
  • Meeting Place Description
  • Model Risk Matrix (Sample Format)
The Business Continuity Plan Checklist & Workbook (Includes COVID-19 Pandemic Response) is meant as a means toward building a functionally adequate Business Continuity Plan. Each financial institution is different and processes will vary. However, management should consider how to accomplish the following:

  • Prevention and preparedness;
  • Reconciling recovery times with business unit requirements;
  • Disaster declaration and plan implementation processes;
  • Recovery progress reporting; and
  • Testing of the plans.
Lenders Compliance Group has established a dedicated form to request a complimentary copy of the Business Continuity Plan Checklist & Workbook (Includes COVID-19 Pandemic Response) directly from its website Home Page at

Wednesday, March 11, 2020

Announcement: NYS/DFS issues Guidance and Requirements for Coronavirus Risk

The New York State Department of Financial Services (DFS) has issued guidance and a request for assurance to ensure that financial institutions are identifying, monitoring, and managing the potential financial risk arising from the spread of a novel coronavirus known as “COVID-19”.

To that end, DFS is requiring each regulated institution to submit a response to DFS describing the institution’s plan regarding managing the potential financial risk arising from COVID-19. 

Responses are to be provided to DFS as soon as possible, 
but in no event later than thirty (30) days from March 10, 2020.  

We have previously published information to manage the coronavirus risk to financial institutions HERE.

The issuance, Guidance to New York State Regulated Institutions and Request for Assurance Relating to Potential Financial Risk Arising from the Outbreak of the Novel Coronavirus, sets forth specific compliance requirements.

Review the NYS/DFS Industry Letter 

According to the Department of Financial Services, it is critical that your risk management programs include a plan to assess and monitor the potential financial risk that may arise from the outbreak of COVID-19.  

Such a plan, at a minimum, should include the following assessments:

  1. Assessment of the credit risk ratings of the customers, counterparties and business sectors impacted by COVID-19;
  2. Assessment of the credit exposure to customers, counterparties and business sectors impacted by COVID-19, arising from lending, trading, investing, hedging and other financial transactions, including any credit modifications, extensions and restructurings (including capitalizations of interest);
  3. Assessment of the scope and the size of credits adversely impacted by COVID-19 that currently are in, or potentially may move to, non-performing/delinquent status, including consideration of stress testing and/or sensitivity analysis of loan portfolios and the adequacy of loan loss reserves;
  4. Assessment of the valuation of assets and investments that may be, or have been, impacted by COVID-19; 
  5. Assessment of the overall impact of COVID-19 on earnings, profits, capital, and liquidity (including impact on loan-to-deposit ratio) of your institutions; and
  6. Assessment of reasonable and prudent steps to assist those adversely impacted by COVID-19.  

The boards of directors or the equivalents of your institutions are responsible for ensuring that appropriate plans are in place and that sufficient resources are allocated to implement such plans.  

The senior management of institutions is responsible for ensuring effective policies, processes and procedures are in place to execute the plan and for communicating the plan throughout the institution to ensure consistency in approach so that employees understand their roles and responsibilities. 

If you need assistance, we can help with a cost-effective Busines Continuity Plan. We also provide a Disaster Recovery & Business Continuity Plan or, separately, just the Business Continuity Plan. 

You will work with a Subject Matter Expert to conform the plan to your business model.

We have reduced our fees for these policies to ensure that financial institutions are able to implement protective and preventive measures as well as comply with regulatory expectations.

Contact us HERE! We will send you a presentation and proposal. 

Or, send us an email HERE to discuss your particular compliance needs.

Monday, March 9, 2020

Announcement: Interagency Statement on Pandemic Planning


FFIEC has issued guidance on pandemic planning, entitled Interagency Statement on Pandemic Planning (“Guidance”). This issuance is meant to heighten the response of financial institutions to the coronavirus pandemic. The Guidance identifies actions that financial institutions should take to minimize the potential adverse effects of a pandemic. Specifically, the institution’s business continuity plan (BCP) should address pandemics and provide for a preventive program, a documented strategy scaled to the stages of a pandemic outbreak, a comprehensive framework to ensure the continuance of critical operations, a testing program and an oversight program to ensure that the plan is reviewed and updated.
We have been notifying you on how to protect your companies, customers, employees, families, and communities HERE. Please review those articles and act accordingly. 
If you want to discuss your specific pandemic preparation requirements, please contact us at
We believe that Disaster Recovery and Business Continuity should be combined, but, as the Guidance states “pandemic planning activities should involve senior business management from all functional, business and product areas, including administrative, human resources, legal, IT support functions, and key product lines.”

The pandemic segment of the BCP must be "sufficiently flexible to address a wide range of possible effects that could result from a pandemic," and also be reflective of the institution’s size, complexity, and business activities. 

Our position is that there are two types of BCPs: standard and enhanced. 

The standard version lacks due diligence and independent risk assessment but does provide a basic outline to follow to ensure business continuity. 

The enhanced version is preferred by regulators because it contains due diligence and independent risk assessment. The enhanced version is obviously preferable to the standard version, because it provides specific due diligence, auditing done by subject matter experts, and leads to an independent risk assessment. The risk assessment reveals strengths and weaknesses further provides actionable recommendations. The standard version is less expensive to draft than the latter, but can be used as a baseline to ensure that your company is taking some affirmative actions to contain the spread of the coronavirus.

The Guidance is unequivocal in its directives: 
The adverse economic effects of a pandemic could be significant, both nationally and internationally. Due to their crucial financial and economic role, financial institutions should have plans in place that describe how they will manage through a pandemic event. Sound planning should minimize the disruptions to the local and national economy and should help the institution maintain the trust and confidence of its customers. [Emphasis in original.]
According to the Guidance, “pandemic planning presents unique challenges to financial institution management. Unlike natural disasters, technical disasters, malicious acts, or terrorist events, the impact of a pandemic is much more difficult to determine because of the anticipated difference in scale and duration.”
The following constitute the actions that management should be undertaking, per the Guidance:
1. A preventive program to reduce the likelihood that an institution’s operations will be significantly affected by a pandemic event, including the monitoring of potential outbreaks, educating employees, communicating and coordinating with critical service providers and suppliers, in addition to providing appropriate hygiene training and tools to employees.
2. A documented strategy that provides for scaling the institution’s pandemic efforts so they are consistent with the effects of a particular stage of a pandemic outbreak, such as first cases of humans contracting the disease overseas, first cases within the United States, and first cases within the organization itself. The strategy will also need to outline plans that state how to recover from a pandemic wave and proper preparations for any following wave(s).
3. A comprehensive framework of facilities, systems, or procedures that provide the organization the capability to continue its critical operations in the event that large numbers of the institution’s staff are unavailable for prolonged periods. Such procedures could include social distancing to minimize staff contact, telecommuting, redirecting customers from branch to electronic banking services, or conducting operations from alternative sites. The framework should consider the impact of customer reactions and the potential demand for, and increased reliance on, online banking, telephone banking, ATMs, and call support services. In addition, consideration should be given to possible actions by public health and other government authorities that may affect critical business functions of a financial institution.
4. A testing program to ensure that the institution’s pandemic planning practices and capabilities are effective and will allow critical operations to continue.
5. An oversight program to ensure ongoing review and updates to the pandemic plan so that policies, standards, and procedures include up-to-date, relevant information provided by governmental sources or by the institution’s monitoring program.
The Guidance provides helpful and important links to information resources, as follows:
1. The National Strategy for Pandemic Influenza (National Strategy) and the Implementation Plan for the National Strategy for Pandemic Influenza  (National Implementation Plan) issued by the federal government provide a complete guide to pandemic planning.