What Is a Contingency Funding Plan? A Plain-Language Guide for Risk & Compliance Teams
Table of Contents
TL;DR
- A contingency funding plan (CFP) is a documented playbook for how your institution will access enough cash to survive a liquidity crisis — before that crisis actually hits.
- Every federally regulated bank, credit union over $50 million in assets, and (soon) certain broker-dealers needs one.
- The 2023 bank failures made regulators significantly more aggressive about CFP expectations. If your plan hasn’t been updated since then, you’re already behind.
$42 Billion in One Day — And No Plan to Stop It
On March 9, 2023, depositors pulled $42 billion out of Silicon Valley Bank in a single day. The next morning, California regulators shut it down. The Federal Reserve’s own post-mortem found that SVB “lacked several foundational liquidity risk management elements” — including a contingency funding plan that could actually function under stress.
SVB had $209 billion in assets. It had a treasury department. It had risk committees. What it didn’t have was a plan that could deliver cash fast enough when depositors panicked.
That’s what a contingency funding plan is supposed to prevent. And if yours can’t answer the question “where does the money come from in the next 24 hours?” — it’s not really a plan at all.
What Is a Contingency Funding Plan?
A contingency funding plan (CFP) is a written, board-approved document that identifies how a financial institution will meet its funding obligations during a liquidity stress event. It maps out your alternative funding sources, the triggers that activate them, who’s responsible for executing each step, and how the institution communicates during a crisis.
Think of it as an emergency operations manual — but specifically for cash. While a business continuity plan keeps your operations running during a disruption, a CFP keeps your institution solvent.
The 2010 Interagency Policy Statement on Funding and Liquidity Risk Management, issued jointly by the OCC, Federal Reserve, FDIC, and NCUA, established the baseline expectation: every depository institution should maintain “a formal, well-developed contingency funding plan as [a] primary tool for measuring and managing liquidity risk.”
That wasn’t a suggestion. It was the starting line.
Why Does a CFP Matter Right Now?
Three things changed the CFP landscape permanently:
1. The 2023 Bank Failures Rewrote the Playbook
SVB, Signature Bank, and First Republic collectively held over $500 billion in assets. Their failures weren’t caused by credit losses — they were liquidity events. Social media-driven bank runs moved at speeds no historical stress model anticipated. The GAO found that SVB had not conducted “comprehensive testing of its contingent funding plan to assess the feasibility of funding” access under stress.
The lesson was brutal and clear: untested plans are no plans at all.
2. The 2023 Interagency Addendum
Four months after SVB’s failure, the OCC, Fed, FDIC, and NCUA issued OCC Bulletin 2023-25 — an addendum to the 2010 policy statement specifically focused on CFPs. The addendum emphasized that institutions must:
- Assess funding stability and maintain a broad range of funding sources accessible in adverse circumstances
- Ensure access to contingent funding sources, recognizing that some lines may be unavailable during stress
- Review and revise CFPs periodically, and more frequently when market conditions or strategic initiatives change
- Maintain operational readiness to borrow from federal funding facilities, including the Federal Reserve discount window
That last point was a direct response to SVB’s failure — the bank reportedly hadn’t pre-positioned enough collateral at the discount window and couldn’t access emergency funding fast enough.
3. FINRA Is Coming for Broker-Dealers
On June 12, 2023, FINRA released Regulatory Notice 23-11 — a concept proposal for new Rule 4610 that would require certain broker-dealers to maintain liquidity risk management programs, including contingency funding plans and liquidity stress testing. This would be the first formal CFP requirement for the securities industry, targeting firms with the largest customer and counterparty exposures.
The message across all regulators: CFPs aren’t optional, they aren’t static documents, and they’d better actually work when you need them.
Who Needs a Contingency Funding Plan?
Short answer: virtually every regulated financial institution. Here’s the breakdown:
| Institution Type | Regulatory Authority | CFP Requirement | Key Citation |
|---|---|---|---|
| National banks & federal savings associations | OCC | Required | OCC Bulletin 2010-13; 2023 Addendum (Bulletin 2023-25) |
| State member banks | Federal Reserve | Required | SR 10-6 |
| State non-member banks | FDIC | Required | 2010 Interagency Policy Statement |
| Credit unions (≥$50M assets) | NCUA | Required — formal CFP | 12 CFR § 741.12(b) |
| Credit unions (<$50M assets) | NCUA | Required — basic liquidity policy with contingent sources | 12 CFR § 741.12(a) |
| Broker-dealers (large) | FINRA | Proposed — Rule 4610 concept | Regulatory Notice 23-11 |
| Internationally active banks | Basel Committee | Required | Principles for Sound Liquidity Risk Management (BCBS 144) |
Note for credit unions: NCUA § 741.12 creates a two-tier system. All federally insured credit unions need a board-approved liquidity policy with contingent funding sources listed. Credit unions with $50 million or more in assets need a full CFP with stress testing, early warning indicators, and action plans.
If you’re reading this and thinking “we have a liquidity policy but not a formal CFP” — that gap is exactly what examiners are looking for post-2023.
The Core Components of a Contingency Funding Plan
A CFP isn’t one thing — it’s a system of interconnected elements. Here’s what regulators expect to see:
1. Liquidity Risk Assessment
Before you plan for a crisis, you need to understand your baseline. What’s your current liquidity position? Where are the concentrations? What happens to your funding if your largest depositor leaves?
This means analyzing:
- Deposit concentration by customer, product, and channel
- Maturity mismatches between assets and liabilities
- Off-balance-sheet commitments (unfunded loan commitments, letters of credit)
- Pledged vs. unencumbered assets available as collateral
2. Stress Scenarios
Your plan needs to account for multiple types of stress — not just one generic “bad day.” Regulators expect at least three:
- Idiosyncratic stress: Something goes wrong at your institution specifically — a fraud event, a credit downgrade, a viral social media post about your bank
- Systemic/market-wide stress: A broader crisis hits — rising rates, a peer bank failure, market liquidity drying up
- Combined stress: Both hit simultaneously (this is what actually happened in March 2023)
Each scenario should model specific deposit outflow rates, collateral haircuts, and funding line availability. We’ll cover liquidity stress testing methodology in detail later in this series.
3. Contingent Funding Sources
This is the heart of the plan: where does the money actually come from? Your CFP should inventory every available source, ranked by:
- Speed — How quickly can you access it? (Hours? Days? Weeks?)
- Capacity — How much can you draw?
- Cost — What’s the spread or penalty?
- Reliability under stress — Will this source actually be available when you need it?
- Stigma — Does using it signal trouble? (The discount window historically carried stigma, though regulators are actively trying to normalize it post-2023)
Common contingent funding sources include:
- Federal Reserve discount window
- Federal Home Loan Bank (FHLB) advances
- Repurchase (repo) agreements
- Lines of credit from correspondent banks
- Brokered deposits
- Asset sales (investment securities, loan portfolio sales)
The 2023 interagency addendum specifically emphasized that institutions must “ensure that they have access to a range of contingent sources” and “understand requirements and maintain operational readiness to borrow from federal funding facilities.” Translation: you can’t list the discount window in your CFP if you’ve never actually tested borrowing from it.
4. Early Warning Indicators (EWIs)
Your CFP needs triggers — quantitative thresholds that tell you when to start paying attention and when to start acting. These fall into tiers:
- Green (monitoring): Normal operations, routine tracking
- Yellow (heightened awareness): Metrics approaching stress thresholds — increase monitoring frequency, alert senior management
- Red (crisis activation): Execute the contingency plan — activate funding sources, escalate to the board, begin crisis communications
Typical EWIs include deposit runoff rates, funding cost spreads, uninsured deposit ratios, net cash outflow projections, and credit rating watch notifications. We’ll detail how to set these triggers in a dedicated article.
5. Action Plans & Escalation Protocols
For each trigger level, the CFP must spell out exactly who does what:
- Who authorizes drawing on the discount window?
- Who contacts FHLB to increase borrowing capacity?
- Who communicates with the board? With regulators? With the media?
- What’s the order of operations for liquidating assets?
- Who has authority to halt new lending or restrict large withdrawals?
Vague plans (“management will assess the situation”) are the single most common exam finding. Examiners want names, titles, phone numbers, and decision trees.
6. Governance & Testing
A CFP isn’t a document you write once and file away. It requires:
- Board approval — at least annually
- Regular updates — after material changes in strategy, risk profile, or market conditions
- Testing — tabletop exercises, operational tests (actually drawing on borrowing lines), and after-action reviews
- Clear ownership — typically Treasury/ALM manages the plan, with second-line risk providing oversight
The 2023 addendum was explicit: institutions must “review and revise contingency funding plans periodically, and more frequently as market conditions or strategic initiatives change.”
Common Mistakes That Get Flagged in Exams
Based on regulatory feedback and exam findings, here’s what examiners consistently flag:
-
Listing funding sources you’ve never tested. If the discount window is in your CFP but you’ve never pre-positioned collateral or completed a test borrow, examiners will cite it. Post-2023, this is essentially a guaranteed finding.
-
Stale assumptions. Using deposit runoff rates from 2019 in a post-SVB world? Those assumptions don’t account for social media-driven bank runs or instant mobile transfers. Update them.
-
No early warning indicators. A CFP without quantitative triggers is just a wish list. Examiners expect tiered alerting with specific thresholds.
-
Insufficient board reporting. The board should receive regular updates on liquidity risk and CFP testing results — not just a one-slide summary at the annual meeting.
-
CFP disconnected from BCP. A liquidity crisis often coincides with operational disruptions. If your CFP and BCP don’t reference each other, you have a coordination gap.
Where This Series Goes Next
This is article 1 of a 13-part series on contingency funding plans. Coming up:
- Regulatory requirements deep-dive — OCC, Fed, FDIC, NCUA, FINRA requirements mapped out by institution type
- CFP vs. BCP — Why you need both and where they connect
- How to build a CFP step-by-step — The pillar guide with a complete implementation framework
Each article links forward and backward, building a complete knowledge base for anyone responsible for liquidity risk management at their institution.
So What? Your Next Steps
If you don’t have a CFP, you need one — yesterday. If you have one, ask yourself these three questions:
- When was it last updated? If the answer is “before March 2023,” it doesn’t reflect current regulatory expectations.
- Has it been tested? Not reviewed — tested. Have you actually drawn on your contingent funding sources? Run a tabletop exercise?
- Does it have teeth? Real trigger levels, named owners, and specific action plans — or is it a generic document that says “management will take appropriate action”?
The institutions that failed in 2023 all had risk management programs on paper. What they lacked was a plan that could execute at the speed a real crisis demands.
Don’t be the team that finds out your plan doesn’t work when you need it most.
Need a framework to build on? The Enterprise Risk Management Framework (ERMF) includes liquidity risk management templates, governance structures, and risk assessment tools — giving you the foundation to build a CFP that actually passes examination scrutiny.
Frequently Asked Questions
What is the difference between a contingency funding plan and a liquidity risk management policy?
A liquidity risk management policy is the broader governance framework — it sets your institution’s risk appetite, defines roles and responsibilities, and establishes the overall approach to managing liquidity. A contingency funding plan is a specific component within that framework. The CFP focuses exclusively on crisis response: what happens when normal funding sources dry up, which alternative sources you’ll tap, and who executes each step. Think of the policy as the constitution and the CFP as the emergency response manual.
How often should a contingency funding plan be updated?
At minimum, annually with board re-approval. But the 2023 interagency addendum made clear that institutions should update “more frequently as market conditions or strategic initiatives change.” In practice, that means any time you experience a material change — a significant deposit shift, a new product launch, a change in funding strategy, a peer institution’s failure, or a shift in interest rate environment. Post-2023, examiners expect living documents, not annual check-the-box exercises.
Do community banks really need a full contingency funding plan?
Yes. The 2023 addendum explicitly states that it “applies to community banks.” While the complexity of your CFP should be proportionate to your institution’s size and risk profile, regulators expect every community bank to have identified contingent funding sources, tested access to those sources (including the discount window), established early warning indicators, and documented action plans. A simpler institution gets a simpler plan — but “we’re small” is not an exemption.
Rebecca Leung
Rebecca Leung has 8+ years of risk and compliance experience across first and second line roles at commercial banks, asset managers, and fintechs. Former management consultant advising financial institutions on risk strategy. Founder of RiskTemplates.
Keep Reading
AI Kill Switch: When, Why, and How to Shut Down a Model in Production
How to build AI kill switch controls for production models — decision criteria, technical implementation, fallback operations, and regulatory requirements from the EU AI Act.
Apr 1, 2026
Operational RiskDeepfake Detection and Controls for Financial Services: A Risk Manager's Guide
How financial institutions can detect and defend against deepfake fraud — from voice cloning scams to KYC bypass attacks. Practical controls, FinCEN red flags, and detection tech.
Apr 1, 2026
Operational RiskHow to Build an Operational Risk Management Framework From Scratch
A practical guide to building an operational risk management framework — RCSA, KRIs, loss event tracking, and the ORM lifecycle for mid-size banks and fintechs.
Mar 19, 2026
Immaterial Findings ✉️
Weekly newsletter
Sharp risk & compliance insights practitioners actually read. Enforcement actions, regulatory shifts, and practical frameworks — no fluff, no filler.
Join practitioners from banks, fintechs, and asset managers. Delivered weekly.