Swedish regulator tells banks to step up disaster planning

Sweden’s regulator FI has told banks to improve their continuity management strategy, suggesting they include it as an integral part of their risk strategy.

Finansinspektionen (FI) recommended the changes in a supervisory report released on 9 June.

It said banks have “generally established structures and processes for continuity management” and conduct it in a “systematic way” but outlined several improvements.

FI wants banks to include continuity management in their risk strategy and called on boards and management committees to set out strategies in line with their institutions’ risk appetites.

The regulator earmarked key areas it said banks should consider when determining their ability to continue amid serious disorder – including the number of data centres a bank uses, availability of backup workplaces and remote working arrangements.

FI also recommended that banks clarify the types of events that require continuity measures to be taken, which parts of the business are priorities, and explicitly set out events that cannot feasibly be prepared for, including the risks connected to these.

The report also advises financial institutions to improve the documentation of their impact assessments. FI noted that poor documentation can make it hard to track a bank's motivations and reasoning in a crisis situation.

Outsourced operations, and other activities deemed critical to the company, have also been overlooked, it said, warning this renders assessments incorrect and inaccurate.

Regulations already require banks to draw up contingency, continuity and recovery plans, but FI states in its report that the quality of existing plans can be improved.

FI encourages institutions to highlight which measures take priority and establish a clear order, as well as identifying staff members that have experience of navigating business disruption situations.

The regulator also warns that many banks’ continuity plans vary across their departments. It said this creates a lack of uniformity, produces administrative burdens and makes the guides less user-friendly and efficient.

To remedy this, FI says banks should apply a top-down strategy to reduce duplication, by working across departmental boundaries and ensuring that intra-bank plans are harmonised and less confusing. It also wants banks to update them more regularly.

FI says it will review Swedish banks’ continuity management on a rolling basis and follow up on the changes identified in the report.  

Get unlimited access to all Global Banking Regulation Review content