home
login
contact
about
Finance Dublin
Finance Jobs
 
Tuesday, 23rd April 2024
    Home             Archive             Publications             Our Services             Finance Jobs             Events             Surveys & Awards             
Business continuity plans post 9/11 Back  
The tragedy of 9/11 demonstrated the vulnerabilities in the global financial system Karen McEntegart writes. She says that comparable vulnerabilities may exist in the Irish financial services industry, and urges companies to prepare adequate business continuity programmes.
TThe Irish financial services industry can be characterised as well capitalised and sound and has successfully weathered the global economic downturn. The Central Bank has conducted stress tests simulating a major drop in growth, significant increases in unemployment and a fall in house prices and believe the industry capable of sustaining such financial shocks. These stress tests have the objective of ensuring the safeguarding of the deposit base in the Irish banking system.

However, the ability to weather disastrous situations or the existence of potential operational systemic risks has never been studied. Further, businesses in the financial arena also have a responsibility to shareholders to deliver a return on equity and to clients to safeguard data.

Concurrently, as many banking businesses continue to expand the provision of services through the telephone and internet, adequate business continuity management is essential to ensure customers do not see the adverse effects of outages before a business becomes aware.

Financial institutions in Ireland deliver time sensitive business functions and mission critical services for their businesses. For example, treasury and funding functions are the most critical functions performed by any institution. Failure to plan for the continuance of these functions in the event of a disaster could be costly, and, in the extreme, fatal.

At the catastrophic level, 9/11 exposed New York infrastructure vulnerabilities in the global financial services marketplace. Comparable vulnerabilities may exist in the Irish financial services industry and in individual businesses. Ignoring business continuity is also costly. Estimated cost to replace damaged computer hardware on 9/11 was $3.6 billion and estimates of insurance claims related to 9/11 range from $30 to $60 billion. In the US, the Fed and SEC have proposed guidelines to ensure the resiliency of the US financial markets requiring critical firms to recover critical activities in four hours immediately following a catastrophic event.

Not all potential disasters are at a catastrophic level. A recent survey of 855 US organisations found 38 per cent of respondents have activated their business continuity plans, and 50 per cent of respondents consider accidental disasters, such as power outages, to be their biggest business continuity threat. Additional research seems to confirm this somewhat showing 38 per cent of plan invocations are due to power outages, and 44 per cent are due to human errors. Worryingly though, the same study found only 38 per cent of companies carried out any kind of annual testing of plan and only 20 per cent of organisations believe their employees are trained to react to a crisis.

The financial services industry has unique business continuity requirements and therefore requires specialised business continuity expert skills. These requirements include:
• Time sensitive business functions that need to be maintained on a continuous basis or require high availability - recovery time of zero
• Unable to suffer any loss of data in some cases - recovery point of zero
• Market data
• Dealerboards

Today’s reality is that traditional disaster recovery models are insufficient. Business continuity strategies need to think the unthinkable and proactively anticipate a range of events and scenarios. Business continuity and IT continuity strategies need to account for all potential single points of failure, including people skills, as well as infrastructure.

An IT disaster recovery plan alone cannot address what critical business functions need to keep going in the event of an incident to minimise revenue; reputational risk and operational impacts; senior management decision making process in the event of an incident;or how to contact senior management, employees or client in the event of an incident. A business continuity strategy needs to assess risks to organisations, determine the impact to critical business functions if those risks occur, and put strategies and plans in place to mitigate these risks.

On the IT side, adequate business continuity IT strategies require appropriate data replication and mirroring, storage, hardware and high availability strategies, and protection of application source code. Email is a mission critical application. In addition, network diversification does not equal network redundancy, as evidenced in the collapse of the World Trade Centre and the loss of Verizon’s West St central office on 9/11.

The Bank of International Settlements defines Operational Risk as ‘the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events’. Prudent business continuity strategy and implementation can dramatically assist Basle II proposed requirements.Demonstrable business continuity and operational risk plans and processes assist in fulfilling the requirements of US Sarbanes Oxley Act 2002. Further, the Combined Code on corporate governance requires companies listed on the ISE and LSE to conduct annual reviews of their internal controls, including risk management.

Business continuity can also provide returns for organisations at a strategic level in a number of areas. Understanding critical business functions provides transparency for senior management to determine if the optimal mix of assets supports these functions. This transparency assists directors in the discharge of their corporate governance responsibilities. In addition, understanding critical business functions can positively impact many other decisions such as where to spend budget monies. It also opens opportunities for business process reengineering, IT process reengineering, outsourcing, and improved efficiencies for reduced costs.

The worst-case scenario for an individual business is an event that only affects the individual business. An inability to continue business functions could result in loss of clients, revenue, market share and reputation. Insurance alone cannot cover the opportunity costs of not being able to do business.

Digg.com Del.icio.us Stumbleupon.com Reddit.com Yahoo.com

Home | About Us | Privacy Statement | Contact
©2024 Fintel Publications Ltd. All rights reserved.