Does Your BCP Have a BCP?
They say when it rains, it pours—and when it comes to business continuity planning, that’s often the case.
I’m not talking about flash flooding in Las Vegas and other parts of the country (though that’s a very literal interpretation). I’m talking about how natural disasters and other emergencies have a way of stacking up.
It’s the extreme heat, droughts, and wildfires in some parts of the country that lead to rolling blackouts and power outages. It’s the way the COVID-19 pandemic has complicated responses to everything from tornadoes to hurricanes, with medical staff stretched thin and worries of disease spread in emergency shelters. It’s the way companies are dealing with staffing shortages while also responding to crisis like a major data breach or ransomware.
Is your financial institution’s business continuity plan (BCP) built to withstand multiple emergencies?
Keeping pace with changing conditions and ensuring your institution’s business continuity management (BCM) remains relevant requires taking a second look at your plan to ensure the procedures in place for supporting critical functions are up-to-date and up to the challenge of responding to more than one emergency at a time.
How can an FI be sure its business continuity management (BCM) keeps pace with these changing conditions?
It requires taking a second look at the plan to ensure the procedures in place for supporting critical functions still apply.
What do you need to look at? Areas include:
Remote work plans. Many staffers are still working from home, making electric and Internet service indispensable. Does the FI have a plan in case essential staff loses service? Perhaps it’s a backup location, hotel, or MiFi device. Is this connection secure enough to conduct business? Is the staff comfortable with the solution? Are human resources and IT prepared to deal with these questions?
Back-up locations. Your FI may have a back-up location in its BCP, but is that location still feasible in the pandemic environment? Does it have adequate space, ventilation, and supplies?
Cybersecurity. Cyber crooks love exploiting confusion and uncertainty. Is the staff well-trained in how you will communicate with them if current methods temporarily stop working? Do they know how to spot a phishing scam? If the staff is working from a new remote location, is the connection secure? Does the staff know to check? Make sure you’ve analyzed your cybersecurity maturity.
Third-party vendors. Have your critical third-party vendors updated their BCPs? If so, have you reviewed them to make sure they still align with your own BCPs? It’s basic vendor management. The same holds true for government crisis plans, including response times. If your plan hinges on someone else’s plan, make sure you know what that plan is.
Communications. Are your plans for communicating with consumers, employees, regulators, and others updated?
Supplies. Supplies can be hard to locate right now, and it’s often even worse after a disaster. Make sure you have adequate supplies such as plywood, cleaning supplies, and PPE.
Recovery team. Your plan likely includes a point person if an office is damaged or destroyed. Is that person still able to fill that role? If they or a loved one are a member of a vulnerable population, the employee might not be comfortable performing that role anymore. Make sure everyone can still perform their assigned roles and name backups who can.
Employee well-being. It’s been a tough year for everyone, and throwing another crisis on top of the pandemic is overwhelming. Chances are your FI has plans in place to function with less staff in the case of illness or having to take care of loved ones. Employees incurring other trauma, such as damage or loss of a home, trying to find shelter while maintaining social distance, or just feeling overwhelmed that yet another thing has gone wrong may not be able to perform as usual. Does your plan cover widespread absences due to two major disruptions at once?
If your FI hasn’t recently reviewed its BCP to understand how it may have to adapt in light of the ongoing pandemic, now is the time to re-examine it. Don’t be caught off guard. Make sure your BCP has a BCP.