The most remarkable thing about spacing and zoning regulations related to the locations of banks and their datacenters is their absence. In fact, banks are likely to face more stringent codes related to the building of datacenter structures. Considering the losses suffered by financial institutions as a result of the tragic events of 9/11, one might assume that government and other regulatory agencies would have been quick to develop a comprehensive list of codes or guidelines designed to ensure the safety of banking information.
In fact, authors of an interagency report on resilient IT infrastructures (compiled by the Federal Government, SEC, and OCC) originally considered mandating specific distances but decided instead that banks should place recovery sites as far away from primary datacenters as possible, allowing banks to determine how best to meet their fiduciary responsibilities within the bounds of acceptable risk. This approach was eminently practical since the evolution of bank IT and the way financial institutions use IT is anything but consistent. Complying with rigid mandates likely would have required many banks to begin long and complex IT projects whose value was uncertain.
Though this approach appears somewhat elastic, financial institutions have been aggressive in determining and pursuing appropriate measures. IT vendors who focus special attention on the financial sector, such as EMC, have reported that many banking clients pursuing multi-site strategies that use primary and secondary in-region datacenters to protect against operational or site failures, and out-of-region facilities to protect against regional disruptions. Some IT solutions, such as EMC's SRDF Star, are designed to help banking clients successfully achieve this strategic goal.
This was first published in March 2006