New Regulatory Trends Encourage Succession Planning for Your Bank’s IT Administrator Too
While banks are accustomed to planning for the departure of the CEO, president, vice presidents, controller and/or other senior leaders, the critical and pervasive nature of IT systems is leading many examiners to require institutions to consider expanding succession planning to include IT administrators as well.
The reality is that today, community banks must address a mounting succession problem, especially as it relates to their IT department. As technology has become more operationally and strategically important, banks must now have a plan in place to ensure that the sudden departure of a critical IT employee is a manageable event and does not present a major organizational crisis.
Understanding Regulatory Expectations
Regulators recognize the important role that IT administrators and cybersecurity personnel play in the overall success and wellbeing of the financial institution. While there have not been any formal government mandates released (yet), regulators are now looking at — and in some cases, requiring — financial institutions to have a formal succession plan in place for their key IT personnel. In fact, the new FFIEC Management Handbook requires examiners to determine that there are “provisions for management succession that provide for an acceptable transition in the event of the loss of a key IT manager or staff member”.
A community bank’s IT administrator bears a great deal of responsibility as he or she must understand the ever-growing complexity of IT operations, and work closely with the Information Security Officer to ensure the institution remains compliant with continuously changing regulatory requirements. Even though the list of duties and level of complexity has grown substantially in recent years, many community banks have just one dedicated person on staff to manage all of their IT operations.
Employees may leave for any number of reasons, and IT personnel are no exception. There are a number of risks associated with the loss of an IT manager who is the sole individual with the knowledge of how the bank’s network runs. To help mitigate this risk, the FFIEC’s Cybersecurity Assessment Tool suggests that banks build “a program for talent recruitment, retention, and succession planning for the cybersecurity and resilience staffs.” In order to consistently comply with government regulations and examiner expectations in the long term, banks should have a succession plan that outlines how the bank will continue to function in an uninterrupted manner after the loss of an important IT employee.
What the Succession Plan Should Include
Bankers must understand that a community bank’s technological assets are every bit as valuable as the money in their vault. The success of the bank relies on its IT infrastructure, which is heavily dependent (and often over-dependent) on IT personnel. Regulators want to confirm that an institution can provide a constructive response detailing exactly what the bank will do to keep IT operations running efficiently if its key IT personnel leaves.
Again, the FFIEC Management Handbook states that “…Management should have backup staff for key positions and should cross-train additional personnel. The objective is to provide for a smooth transition in the event of turnover in vital IT management or IT operations.”
While the human element cannot be replaced, using automation to supplement IT personnel bolsters a bank’s succession plan. Automated systems don’t forget, get too busy, take vacations or sick days, and aren’t subject to human error or inconsistencies. And perhaps the biggest advantage of using automated processes to augment your succession plan, is to ensure your procedures are applied in a consistent and timely manner, regardless of personnel changes.
Dispelling 5 IT Outsourcing Myths within Financial Institutions
Choose a Partner To Support Your IT Department
Finding, training, and retaining qualified staff to manage an IT network can eat up considerable time and energy from your bank’s management team, taking away valuable time needed to support customers and banking operations. Not doing so quickly can open the bank up to additional security risk. In considering IT succession planning, many financial institutions are proactively turning to IT service providers to act as an extension of their organization and help augment internal IT resources.
The right solution provider can serve as a true partner and work alongside current IT staff to manage the network and streamline technology needs, while meeting regulators’ expectations and enabling the bank to meet all compliance mandates. At Safe Systems, we understand the ever-growing complexity of community banks’ IT operations and apply that knowledge to providing our customers with an in-depth view of their IT network environments and additional support in co-managing their IT operations. We want to provide bankers with assurance that their institution’s IT network is functioning efficiently, optimally, securely, and is in compliance with industry regulations.