By W.B. King
In mid-October, the Federal government approved $2 billion in assistance to six states—Florida, South Carolina, Georgia, North Carolina, Tennessee, and Virginia—that were hit hardest by Hurricanes Helene and Milton. Experts estimate that these deadly, colossal storms caused upwards of $50 billion in damage each (though these figures continue to increase).
Countless credit unions were impacted by these events. True to the “people helping people” ethos, the industry has been working shoulder to shoulder to offer support. The Carolinas Credit Union League, in coordination with the Carolinas Credit Union Foundation, for example, has received and has been responding to reports from affected member credit unions, the League noted. Losses are related to flooding, power outages, structural damage at branches and administrative offices as well as loss of internet and other technological applications critical to operations, such as mobile banking access and lending programs. The greatest impact occurred in the upstate region of South Carolina and in Western North Carolina.
“Wide-spread power outages are presenting the greatest challenges to credit unions in South Carolina’s Upstate at this point,” noted League President and CEO Dan Schline. “We do know that credit unions are, of course, actively reaching out to help and support the communities they serve. It will be a long road to recovery and the League will be working side by side with the Carolinas Foundation to support credit union employees that need assistance.”
In recent years, the Carolinas Credit Union Foundation’s Disaster Relief Fund has raised more than $3 million. These monies help to cover food, temporary shelter, housing, gas, transportation, insurance deductibles, lodging/relocation and personal property losses incurred, which were not reimbursed by insurance, the Foundation noted.
Disaster Recovery as a Service
In an effort to remind and/or prepare organizations for future disasters, the Spring, Texas-based-based Zerto, a Hewlett Packard Enterprise company, recently published its Disaster Recovery Guide.
“In today’s digital-centric landscape, organizations depend on infrastructure, applications, and data that are up and running 24/7. Disasters that cause IT downtime and data loss range in size and scope from local cyberattacks to regional natural disasters,” the Guide noted. “Thorough security and business resilience strategies are crucial for organizations looking to compete, thrive, and face these threats in the coming decades.”
Among topics covered in the Guide is disaster recovery as a service (DRaaS), commonly used by organizations that do not have a suitable site for disaster recovery (DR) or the expertise to implement a solution—on-premise or via cloud. This option could be especially useful for small to mid-sized credit unions.
“DRaaS provides a resilient, remote, cloud-based location for DR; DR specialists who manage the solution; and a predictable recurring cost. But not all DRaaS solutions are created equal,” the Guide stated. “Different DRaaS solutions have different degrees of service management. With some services, you may self-manage part of the DR solution. Depending on your organization’s needs, you may benefit more or less from different levels of management.”
NCUA Preparedness Reminders
Due to historic storms like Hurricane Katrina and Superstorm Sandy, among countless others, the NCUA has long been a proponent of underscoring the importance of disaster
preparedness. The organization has issued numerous calls of action over the years, including one in early 2024—well before the noted two hurricanes hit or before September, also known as “National Preparedness Month.”
To this end, the NCUA expects federally insured credit unions (FICUs) to have disaster recovery and business resumption contingency plans in place to address all types of operational disruptions. While the NCUA has minimal control or the authority to enforce policies, it does suggest that credit unions refer to its Catastrophic Act Preparedness Guidelines (Appendix B to Part 749 of the Code of Federal Regulations). Considering recent events, the following five components are worth revisiting, according to the NCUA.
1. A business impact analysis to evaluate potential threats.
2. A risk assessment to determine critical systems and necessary resources.
3. A written plan addressing:
i. Persons with authority to enact the plan;
ii. Preservation and ability to restore vital records;
iii. A method for restoring vital member services through identification of alternate operating location(s) or mediums to provide services, such as telephone centers, shared service centers, agreements with other credit unions, or other appropriate methods;
iv. Communication methods for employees and members;
v. Notification of regulators as addressed in 12 CFR 748.1(b);
vi. Training and documentation of training to ensure all employees and volunteer officials are aware of procedures to follow in the event of
destruction of vital records or loss of vital member services; and
vii. Testing procedures, including a means for documenting the testing results.
4. Internal controls for reviewing the plan at least annually and for revising the plan as
circumstances warrant, for example, to address changes in the credit union's operations.
5. Annual testing.
“The program should be developed with oversight and approval of the board of directors,” the NCUA noted.