Business Continuity Planning
Financial services is a critical infrastructure sector. Through SIFMA, the industry has a robust infrastructure for dealing with incidents that can interrupt business and market functions.
Third-Party Resilience: Increasing Transparency
This paper, published in partnership with Protiviti, identifies and examines the operational recovery capabilities that are increasingly becoming standard expectations for third parties providing services to financial institutions.
Data Protection Principles
Financial companies need to collect and share sensitive information to run their everyday business. Members of SIFMA’s Data Protection Working Group have developed a set of principles for the protection of sensitive data that align with the NIST Cybersecurity Framework.
Cloud Outsourcing Issues and Considerations
The Financial Sector Cloud Outsourcing Issues and Considerations document seeks to address challenges related to transparency, resource gaps, exposure to operational incidents originating at cloud service providers (CSPs), and contract negotiation dynamics.
Navigating Regulatory Challenges in Cloud Services Agreements
SIFMA, in partnership with Bortstein Legal Group, first developed this paper in 2020 and updated it in early 2024. Since 2020, the use of cloud infrastructure has grown significantly, and the attention of regulators to cloud — and the broader topics of operational risk and technology risk — remains high. In this paper, we examine the regulatory guidance in the United States, the European Union, the United Kingdom, and Canada, relevant to financial institutions’ relationships with providers of cloud services such as ‘Software as a Service’ (“SaaS”), ‘Infrastructure as a Service’ (“IaaS”), ‘Platform as a Service’ (“PaaS”).
Public Cloud Portability - GFMA White Paper
Financial Institutions’ (FIs’) growing reliance on cloud services raises regulatory concerns about concentration risk and financial stability. To address this, regulators are mandating portability of data and services between cloud providers. However, this paper details why portability – or any other resiliency solutions – should not be prescribed, and that regulators should take a risk-based approach.
Important Information for Essential Workers
Financial firms whose essential staff who may be traveling to critical facilities during hours when shelter-in-place directives are in force should physically carry on their persons:
- Memorandum on Identification of Essential Critical Infrastructure Workers During COVID-19 Response (CISA, March 28, 2020);
- Statement by Secretary Steven T. Mnuchin on Financial Services Sector Essential Critical Infrastructure Workers, (U.S. Department of the Treasury, March 22, 2020);
- Documentation, on company letterhead, detailing work-related travel and how it aligns with the financial services sector list of essential critical infrastructure workers; and
- A company identification card and government-issued ID.
Industry-Wide Business Continuity Test
SIFMA’s industry-wide business continuity test is a critical exercise that highlights our industry’s ability to operate through a significant emergency using backup sites, recovery facilities and backup communications capabilities across the industry. SIFMA urges all firms to participate in this important annual event.
The 2021 Industry Test was held on Saturday, October 23, 2021. Learn more.
The 2022 test will be held on Saturday, October 15, 2022.
Cybersecurity Resources
Cybersecurity is a top priority in the financial industry to ensure the security of customer assets and information and the efficient, reliable execution of transactions within markets.
Emergency Crisis Command Center
In the event of a significant incident that affects or has the potential to affect the operations of the financial system, SIFMA helps to coordinate the financial industry’s business continuity planning efforts.
These efforts are managed through SIFMA’s Emergency Crisis Management Command Center, which identifies the status of industry participants, disseminates vital information and facilitates actions to assist market response and recovery. Coordination is arranged amongst financial firms, exchanges, industry utilities, regulators, government agencies and public sector emergency managers. SIFMA also has an Emergency Site for industry alerts.
BCP Resources for COVID-19
Coronavirus (COVID-19) Resources
SIFMA is closely monitoring the Coronavirus (COVID-19) and its impact on our industry and the markets.
Financial services is a critical infrastructure sector as defined by the U.S. Department of Homeland Security. Its assets, systems and networks, whether physical or virtual, are so vital to the U.S. that their incapacitation or destruction would have a debilitating effect on security, national economic security and national public health or safety.
In the event of a significant incident that affects or has the potential to affect the operations of the financial system, SIFMA helps to coordinate the financial industry’s business continuity planning efforts. These efforts are managed through SIFMA’s Emergency Crisis Management Command Center, which identifies the status of industry participants, disseminates vital information and facilitates actions to assist market response and recovery. Coordination is arranged amongst financial firms, exchanges, industry utilities, regulators, government agencies and public sector emergency managers. SIFMA also has an Emergency Site for industry alerts. SIFMA regularly engages in BCP exercises and we have a high degree of confidence in the industry’s ability to respond to and recover from emergencies.
In addition to business continuity planning efforts on behalf of the industry, SIFMA has coordinated requests for regulatory relief, monitored market trends and metrics, and looked to how the markets and industry might be reshaped by the pandemic. View more information and resources on the COVID-19 response.
Contacts
- BCP Inquiries: Stephen Byron and Tom Wagner
- Media Inquiries: Katrina Cavalli