Business Continuity Planning

Financial services is a critical infrastructure sector. Through SIFMA, the industry has a robust infrastructure for dealing with incidents that can interrupt business and market functions.

Third-Party Resilience: Increasing Transparency

This paper, published in partnership with Protiviti, identifies and examines the operational recovery capabilities that are increasingly becoming standard expectations for third parties providing services to financial institutions.

Data Protection Principles

Financial companies need to collect and share sensitive information to run their everyday business. Members of SIFMA’s Data Protection Working Group have developed a set of principles for the protection of sensitive data that align with the NIST Cybersecurity Framework.

Cloud Outsourcing Issues and Considerations

The Financial Sector Cloud Outsourcing Issues and Considerations document seeks to address challenges related to transparency, resource gaps, exposure to operational incidents originating at cloud service providers (CSPs), and contract negotiation dynamics.

SIFMA, in partnership with Bortstein Legal Group, first developed this paper in 2020 and updated it in early 2024. Since 2020, the use of cloud infrastructure has grown significantly, and the attention of regulators to cloud — and the broader topics of operational risk and technology risk — remains high. In this paper, we examine the regulatory guidance in the United States, the European Union, the United Kingdom, and Canada, relevant to financial institutions’ relationships with providers of cloud services such as ‘Software as a Service’ (“SaaS”), ‘Infrastructure as a Service’ (“IaaS”), ‘Platform as a Service’ (“PaaS”).

Public Cloud Portability - GFMA White Paper

Financial Institutions’ (FIs’) growing reliance on cloud services raises regulatory concerns about concentration risk and financial stability. To address this, regulators are mandating portability of data and services between cloud providers. However, this paper details why portability – or any other resiliency solutions – should not be prescribed, and that regulators should take a risk-based approach.

Important Information for Essential Workers

Financial firms whose essential staff who may be traveling to critical facilities during hours when shelter-in-place directives are in force should physically carry on their persons:

Industry-Wide Business Continuity Test

SIFMA’s industry-wide business continuity test is a critical exercise that highlights our industry’s ability to operate through a significant emergency using backup sites, recovery facilities and backup communications capabilities across the industry. SIFMA urges all firms to participate in this important annual event.

The 2021 Industry Test was held on Saturday, October 23, 2021. Learn more.

The 2022 test will be held on Saturday, October 15, 2022.

Cybersecurity Resources

Cybersecurity is a top priority in the financial industry to ensure the security of customer assets and information and the efficient, reliable execution of transactions within markets.

Emergency Crisis Command Center

In the event of a significant incident that affects or has the potential to affect the operations of the financial system, SIFMA helps to coordinate the financial industry’s business continuity planning efforts.

These efforts are managed through SIFMA’s Emergency Crisis Management Command Center, which identifies the status of industry participants, disseminates vital information and facilitates actions to assist market response and recovery. Coordination is arranged amongst financial firms, exchanges, industry utilities, regulators, government agencies and public sector emergency managers. SIFMA also has an Emergency Site for industry alerts.

BCP Resources for COVID-19

Coronavirus (COVID-19) Resources

SIFMA is closely monitoring the Coronavirus (COVID-19) and its impact on our industry and the markets.

Financial services is a critical infrastructure sector as defined by the U.S. Department of Homeland Security. Its assets, systems and networks, whether physical or virtual, are so vital to the U.S. that their incapacitation or destruction would have a debilitating effect on security, national economic security and national public health or safety.

In the event of a significant incident that affects or has the potential to affect the operations of the financial system, SIFMA helps to coordinate the financial industry’s business continuity planning efforts. These efforts are managed through SIFMA’s Emergency Crisis Management Command Center, which identifies the status of industry participants, disseminates vital information and facilitates actions to assist market response and recovery. Coordination is arranged amongst financial firms, exchanges, industry utilities, regulators, government agencies and public sector emergency managers. SIFMA also has an Emergency Site for industry alerts. SIFMA regularly engages in BCP exercises and we have a high degree of confidence in the industry’s ability to respond to and recover from emergencies.

In addition to business continuity planning efforts on behalf of the industry, SIFMA has coordinated requests for regulatory relief, monitored market trends and metrics, and looked to how the markets and industry might be reshaped by the pandemic. View more information and resources on the COVID-19 response.

Contacts