Question & Answer

Question: Our examiner has criticized our bank for lack of a contingency plans for Y2K. What exactly should be our contingency plan? Our disaster recovery plan is based on services being run off-site by our vendor.

Answer: You have a good plan for disaster recovery - as long as the vendor doesn't get hit by the same disaster. However, the problem for Y2K is that the bank and the vendor have the same vulnerability. If your system goes down, it's probably because theirs did. Thus, they won't be in a position to provide a back-up. They might even be the cause.

Your contingency plan for Y2K should involve alternative sites, and extra data back-up. You also might consider using a known new computer, such as a really powerful PC as an independent site within the bank. Check with your regulatory agencies and the Y2K agency web-sites for more information. Additional guidance comes out with regularity.

Copyright © 1998 Compliance Action. Originally appeared in Compliance Action, Vol. 3, No. 7, 5/98