Business Resiliency

JPMorgan Chase's program to assure continuity of business operations
and services

 

Dear Valued Customer,

JPMorgan Chase (JPMC) is committed to providing the highest level of uninterrupted service to our customers and clients and has developed a rigorous program to do so. We are committed to meeting our legal and regulatory obligations in each of the jurisdictions where we do business, as well as to maintaining the highest standards of resiliency at all times during our daily practices.

Our Global Business Resiliency (GBR) program is designed to provide an integrated, firm-wide resiliency program aligned to our business strategy and principles and the requirements of our customers and clients globally. We do this by:

  • Providing continuity of client and customer services while protecting the firm's employees
    and assets
  • Engaging senior management on all aspects of the program including determining the resiliency risk appetite, strategy, leadership and program oversight
  • Proactively managing resiliency risk and ensuring adequate mitigation and controls exist
  • Maintaining legal and regulatory compliance globally
  • Developing and maintaining resiliency plans based on impact analysis and criticality
  • Helping employees understand their role in a recovery scenario and undertake validation tests and exercises for all critical functions and locations
 

The information below provides details about the key aspects of our program.

Regulation and Compliance

Our GBR policies and standards establish rules for resiliency planning, response and recovery across the firm.

  • The program is managed by a firm-wide GBR Board, comprised of Senior Management of each line of business as well as JPMC corporate functions.
  • The program is reviewed and approved by the Audit Committee of the Board of Directors of JPMC on an annual basis.
  • Our GBR program is subject to risk-based examinations by JPMC Internal Auditors.
  • The program is subject to regular inspection by regulatory authorities, including the U.S. Office of the Comptroller of the Currency (OCC), the Federal Reserve Board (FBR), the U.K. Financial Services Authority (FSA) and other national regulatory authorities.

Crisis Management Processes

A robust crisis management process is in place to ensure efficient, effective and timely response to incidents of varying severity and types.

  • A firm-wide notification tool is used internally to communicate in crises; escalation processes are in place and are routinely tested.
  • Post-event reviews are undertaken to ensure event management procedures and resiliency capabilities are continually enhanced.

Resiliency Planning

Managers throughout the firm develop and maintain resiliency plans as part of the GBR program.

  • Annually, impact analyses are performed to determine and confirm the relative criticality
    of processes.
  • All businesses develop recovery plans, based on their business impact analysis and risk assessments, addressing business, operations and technology components (including critical services provided by third parties).
  • Quality assurance reviews and audit assessments are undertaken and where appropriate corrective measures implemented.
  • Senior management approves resiliency plans annually.

Testing and Exercising

The firm employs a "risk-based testing" model, ensuring that various scenarios are used on a regular basis to confirm the effectiveness of the recovery program in different incident types.

  • Tests include tabletop simulations, simulated outages and full-scale disaster recovery and work-transfer exercises.
  • Test results are communicated to the firm's senior management for all business and technology functions in all critical locations.

Special Contingencies

Plans address high-level absenteeism events, including pandemic and severe weather.

  • JPMC businesses have incorporated special contingency events into their resiliency planning.
  • The firm has participated in several market-wide and regulatory exercises and responded effectively to the 2009 influenza pandemic and 2003 SARS outbreak.

I sincerely hope that this letter answers your questions about our program to safeguard our operations and services. We value the relationships we have built with our customers and we strive to maintain and enhance those relationships every day. Should you have any questions regarding this letter, or our GBR program in general, please contact your JPMC representative.

Thank you for your continued confidence in JPMorgan Chase.

Roseann McSorley
Global Head of Business Resiliency
JPMorgan Chase & Co.