Any breakdown in payment or securities systems has an impact on our safety. This is why it is of paramount importance to protect these systems against breakdowns and disruptions caused by technical failures, disasters or attacks. Institutions must have an adequate BCM programme in place, enabling them to protect their critical operating processes and systems and to manage the related risks. These programmes must meet specific continuity requirements, laid down in the applicable laws and regulations.
Legislative and regulatory requirements and assessment framework
Each type of institution is subject to different continuity requirements (see the downloads). Institutions that are not governed by specific legislative or regulatory requirement may nevertheless use them as guidance for their risk management processes. Examples include:
- the Joint Forum’s high-level principles for business continuity for banks
- the principles for financial market infrastructures (PFMIs) for financial market infrastructures (FMIs) such as payment, clearing and settlement systems
- DNB’s financial core infrastructure (FCI) BCM assessment framework for institutions that are part of the FCI.
DNB and the Netherlands Authority for the Financial Markets (Autoriteit Financiële Markten – AFM) use the assessment framework in their supervision of FCI institutions’ compliance with the standards. The institutions that make up the FCI are responsible for the principal transaction flows and principal payment and securities settlement systems in the Netherlands.
Institutions must also have an adequate crisis management programme in place. In addition, the sector as a whole has set up a tripartite crisis management body(TCO), which becomes operational in the event of an actual or imminent major disruption of the payment or securities systems. Its tasks include taking and announcing measures, and liaising with stakeholders. The TCO comprises DNB, the AFM and the Dutch Ministry of Finance.