From: Robert.Duncan@sungard.com
Sent: Monday, September 23, 2002 2:05 PM
To: regs.comments@federalreserve.gov; regs.comments@occ.treas.gov;
rule-comments@sec.gov; Senator_Max_Cleland@Cleland.senate.gov
Subject: ( S7-32-02) Draft Interagency White Paper On Sound Practices to
Strengthen the Resilience Of the US Financial System, Docket No. R-1128.

I have reviewed the subject document and would provide the following
comments.

While this is an excellent initiative, it lacks specifics and therein
requires more focus.  More specifically:

1.  The definition of "core clearing and settlement organizations" must be
much clearer and leave no wiggle room.  There is not sufficient guidance of
what constitutes a "core clearing and settlement organization" to prevent
firms from defining themselves out of the requirements proposed in this
draft.  In addition, Agencies should establish an average daily dollar
volume as a benchmark for both categories to ensure the regulation is
comprehensive, but not overly encompassing on small organizations.

2.  Given the potential costs and effort involved in this initiative, we
should establish short term strategies and requirements for same, and long
range strategies (say 3-5 years) and requirements.

3.  We need to decide whether we want to require backup facilities
(probably not), or distributed processing with some level of spare
capacity. Backup facilities can range from hot sites to cold sites, and the
issue of staff training, etc must be addressed.  A better approach would be
to require distributed processing wherein the loss of a single company
facility will not decrease critical business or support functions by more
than 50%.

4.  The distance between facilities should be specified for long term
strategy implementation.  The distance required should be a function of
what the worst case scenario is we are preparing for.  Given a biological
attack which is effective and requires a substantial quarantine, a 500 mile
range might be quite reasonable.

5.  Security at processing sites should have minimum standards established.

6.  The duration of reduced service levels (see number 3 above) should be
limited.  Full capacity should be restorable in 90 days and be sustainable
thereafter.

7.  Full failover testing for a specified amount of time at each corporate
site should occur at least once per year.  This could be accomplished in
low volume times of year for the financial industry involved.

8.  Funding for implementing distributed processing with hot failover, and
testing of same, should receive tax breaks to help pay for implementation
and testing.

Hope these thought of use.




Robert E. " Skip" Duncan, CBCP, PMP

SunGard Planning Solutions
Project Manager and Managing Consultant, Disaster Recovery Planning
600 Colonial Park Drive
Roswell, GA 30075

(770) 640-2347 SunGard Roswell Office
(404) 245-7610 Cell
(404) 845-0905 Atlanta Office
robert.duncan@sungard.com