October 21, 2002
Ms. Jennifer J. Johnson
Office of the Comptroller of the Currency
Jonathan G. Katz
Re: Comments on Draft Interagency White Paper on Sound Practices
Dear Ladies and Gentlemen:
The PNC Financial Services Group, Inc. ("PNC"), Pittsburgh, Pennsylvania, appreciates the opportunity to submit comments on the Draft Interagency White Paper on Sound Practices
to Strengthen the Resilience of the U.S. Financial System (the "White Paper") issued by the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Securities and Exchange Commission (collectively the "Agencies") (67 Fed. Reg. 56,835 (Sept. 5, 2002)).
PNC is one of the largest diversified financial services companies in the United States, with $67.7 billion in assets as of September 30, 2002. Its major businesses include regional community banking, corporate banking, real estate finance, asset-based lending, wealth management, asset management and global fund services, including one of the largest full-service mutual fund transfer agents in the United States (PFPC Inc.). PNC's full-service subsidiary banks have offices in Delaware, Florida, Indiana, Kentucky, New Jersey, Ohio and Pennsylvania.
PNC participated in the drafting and review of the comment submitted by BITS and the Financial Services Roundtable (the "FSR comment letter"), and is generally supportive of that comment. In submitting this comment, PNC seeks to emphasize further some issues that were specific points of concern to PNC. PNC's comments are organized on the basis of the four topic headings suggested by the White Paper, along with an introductory comment section.
PNC commends the Agencies for taking a leadership role by focusing on the importance of business continuity issues generally, and on the risks and threats to the to the resilience of the financial services infrastructure in particular. PNC has always been a strong adopter of risk-based recovery for business functionality, and believes that it is integral part of business success. PNC has also heavily invested in infrastructure mitigation and resiliency.
PNC supports the view that best practices be implemented as recommendations and guidelines, and not as regulations. We believe it should be done in a very specific fashion, based on clearly identified industry goals. Institutions, products and recovery objectives must be objectively outlined for success in the effort. If formal "sound practices" are to be defined by regulation, they must be specific enough to identify those organizations to which they apply and the requirements for developing the plan and executing the large capital growth decisions necessary to support the directive.
The White Paper identifies certain critical core clearing and other critical markets that could present systemic risk to the national security and infrastructure. The resiliency improvements suggested by the White Paper can best be achieved if the markets, financial institutions, products, as well as the scenarios and scope of impact, are clearly documented.
Recovery for all other financial services should continue to be risk based and governed by the success to date of existing guidelines.
Scope of Application
Recovery and Resumption of Critical Activities
Depending upon the application and the outage, the end-of-business day dictated by Fed Fund Windows, etc., may be extended, as it was in fact on September 11. This can and should be factored into any mandated recovery windows.
The acceptable amount of lost data, and time required to recreate the data at time of disaster, must be addressed as part of the overall recovery time requirements. This is vital to effective recovery planning and staffing.
Time Table for Implementation
* * *
Thank you for providing us with an opportunity to comment on these important issues. Please feel free to contact John P. Ericksen, SVP, Security and Technology Risk Management, 412-762-7761, firstname.lastname@example.org or Charles F. Rodger, VP, Security and Technology Risk Management, 412-762-8741, email@example.com if you have any questions or would like to discuss further the comments set forth above.
cc: Joseph J. Abdelnour