Financial Industry Summit on Business Continuity Federal Reserve Bank of New York February 26, Meeting Summary

Similar documents
US Business Continuity Safeguarding Your Business from a Disaster

BCP Methodology Benefits realisation

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

BUSINESS CONTINUITY PLANNING WORKPROGRAM

The Economics of the Cloud: A View from the Field

Madison Consulting Group. An Introduction to AML Compliance Consulting Services

INTERNATIONAL COOPERATION AND COORDINATION IN THE AREA OF FINANCIAL MARKET SUPERVISION AND SURVEILLANCE

Business Continuity Management for Singapore s Logistics Sector. By Singapore Business Federation and Singapore Logistics Association

Towards the Next Agricultural Policy Framework

Financial Mechanisms COORDINATORS. J. Oppenaeu (France) P. Vellinga (Netherlands) A. Ibrahim (Egypt)

Stepping Into the Future of Pharmacovigilance

Madison Consulting Group. An Introduction to Our Compliance and Regulatory Consulting Services

Ms. Judie A. Scalise, CEcD, FM, HLM AEDC Chair, IEDC Interview Conducted with Nancy Moorman

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

Citizens Property Insurance Corporation Business Continuity Framework

30.X CLIMATE CHANGE - Council conclusions. The Council adopted the following conclusions: "The Council of the European Union,

Protecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets

Open Access Transmission Tariff ATTACHMENT K

Tier I assesses an institution's process for identifying and managing risks. Tier II provides additional verification where risk is eviden

Enterprise Risk Management 2016

Business Continuity Planning and Disaster Recovery Planning

Terms of Reference. Projects Outputs Evaluation

KEY. riskupdate PREDICTIONS FOR Risk Reward. Jan 2011

Exploring Chat as a Support Channel

INTERNATIONAL CORPORATE GOVERNANCE NETWORK

Enterprise risk management for consumer products companies

Planning and design for smarter cities

Department of the Treasury Division of Pensions and Benefits State Health Information Processing System (SHIPS)

Basel Committee on Banking Supervision. Consultative Document. Stress testing principles. Issued for comment by 23 March 2018

Multisource Management in the Cloud Age Keys to MSI and SIAM success in Hybrid IT environments

Improving Model Risk Management at Investment Advisers

Guidance for Leadership and Management: Application of World Vision s Development Programme Approach. January 2012

THE AUCKLAND CHALLENGE APEC ECONOMIC LEADERS DECLARATION AUCKLAND, NEW ZEALAND 13 SEPTEMBER, 1999

VANTAGE SOFTWARE OFFERS THE ONLY MODULAR APPLICATIONS DESIGNED TO CAPTURE AND ENHANCE THE UNIQUE QUALITIES THAT GIVE

NEWMOA & NERC Joint Strategic Action Plan Working Together on Sustainable Materials Management

Sarbanes-Oxley Act of 2002 Can private businesses benefit from it?

Basel Committee on Banking Supervision. Consultative document. Good Practice Principles on Supervisory Colleges

Forward Resilience: Protecting Society in an Interconnected World Working Paper Series

Business Continuity and Natural Disaster Resilience: Where Are We Heading? Adopting best practices for weather safety based on new science

Informal Senior Officials Meeting

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

My name is Sam Mulholland and I am the Managing Director of Standby Consulting.

ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK. of 4 October 2017

Leading Strategic Change European Association Summit 2017

Law Firm Procurement Survey Executive Summary

Good Corporate Governance (GCG) Being a good corporate citizen is good risk management

Charter of the Financial Stability Board 1

Investment Professionals, Inc. Business Continuity Plan (BCP)

A Guide to. Cogeneration. Plant Solutions. Plant Solutions A Guide to Cogeneration

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Head of Protective Services Specialist Operations. Business Continuity Manager

FIVE REASONS TO LIKE PERFORMANCE SHARES (AND ONE REASON TO THINK TWICE)

Information Technology Services Project Management Office Operations Guide

Product Frontier Reconciliation

A guide to assessing your risk data aggregation strategies. How effectively are you complying with BCBS 239?

MINISTÈRE DES AFFAIRES ÉTRANGÈRES ET EUROPÉENNES 20 December /5 6th World Water Forum Ministerial Process Draft document

IT Due Diligence in an Era of Mergers and Acquisitions

A Cloud Migration Checklist

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Strategic Business Continuity Management

THE IMPORTANCE OF DEVELOPING A SOCIAL MEDIA COMPLIANCE POLICY

The Strategy Alignment Model: Defining Real Estate Strategies in the Context of Organizational Outcomes

Draft Internal Audit Plan 2012/13 Audit Committee (September 2012) Airedale NHS Foundation Trust

A New Model for Delivering Cash Relief FINDINGS FROM THE IRC S CASH RESEARCH & DEVELOPMENT PROGRAM

Cybersecurity Awareness. Implementing Effective Staff Training and Communications. Treasury and Trade Solutions

NBIM Workshop Report. Implementing the UN Guiding Principles on Business and Human Rights

Payments solutions for the innovation era: A renewed commitment to our cooperative system

Supply Chain Management: New Opportunities for Risk Managers

Minimizing Risk and Ensuring Continuity of Operations with Help from Symantec Consulting Services Business Continuity Management Practice

Corporate governance. codes compared. Corporate governance codes compared 01

Business Resilience: Proactive measures for forward-looking enterprises

PRESIDENT S CLOSING REMARKS

S U R V E Y I D C O P I N I O N. Cushing Anderson

Disaster Preparedness & Your Supply Chain

Best Practices for Establishing a Cost-Effective Internal Audit Function. Article by Heidi Wier June 2016

CORPORATE PROFILE Salzedo Street, Ste. 200, Coral Gables, FL Phone / Tel.: (305) Fax: (305)

MISSION STATEMENT. Board Mission Statement and Charter February DTCC Public (White)

Sodexo s Gender Balance Study 2018 EXPANDED OUTCOMES OVER 5 YEARS

Emerging Technology and Security Update

Governance in a Multi-Supplier Environment

Innovative Technology Solutions and Intelligent Property Solutions for the financial services industry.

FEI Behavioral Health, Inc. Job Description

Building a Standard for Business Continuity Planning

Managing reputation risk. Laura Toni, Deloitte Romania November 28, 2014

Automating payment processes to deliver bottom line cost savings in a weak economy.

Re: PCAOB Rulemaking Docket Matter No. 37

INFORMATION SERVICES FY 2018 FY 2020

Business Continuity Management Policy. Guidance

The DAC s main findings and recommendations. Extract from: OECD Development Co-operation Peer Reviews

Improved Risk Management via Data Quality Improvement

<Project Name> Business Case

Chief Executive Officers and Compliance Officers of All National Banks, Department and Division Heads, and All Examining Personnel

Legal Project Management: COMMUNICATION BASED on a NEED TO SHARE

The Future of Internal Auditing:

2014 Updates to the Branch Office Business Continuity Plan Template:

Managed IT Services. Eliminating technology pains for small businesses

Business Continuity: Can Orange County Stay Open for Business After a Disaster?

Rights to Remedies Structures and Strategies for Implementing International Human Rights Decisions

Governance It s Role in Building Company Resilience Capacity. Executive Dialogue Series I: Resilience Management. Organized by Skytop Strategies

Upgrading emergency service communications: the Emergency Services Network

FINANCE - CORPORATE FINANCIAL MANAGEMENT SYSTEM (CFMS)

Transcription:

Financial Industry Summit on Business Continuity Federal Reserve Bank of New York February 26, 2002 Meeting Summary 1. Welcoming Remarks and Summit Focus The Financial Industry Summit on Business Continuity was sponsored by the Board of Governors of the Federal Reserve System, the Federal Reserve Bank of New York, the Office of the Comptroller of the Currency, the New York State Banking Department, and the Securities and Exchange Commission. Senior officials from The Federal Reserve Banks of Boston, Cleveland, Richmond, and Chicago; the Economic Development Corporation of the City of New York; and the Office of the Mayor of the City of New York were also present. President William J. McDonough of the FRBNY welcomed the participants to the meeting. Vice Chairman Roger W. Ferguson, Jr., of the Board of Governors, acted as moderator for the meeting. The other sponsoring agencies were represented by John D. Hawke, Jr., Comptroller of the Currency, OCC; Elizabeth McCaul, Superintendent of Banks, NYSBD; and Annette Nazareth, Director of the Division of Market Regulation, SEC. The meeting provided a forum to bring together the public and private sectors to discuss emerging business continuity issues. Roger Ferguson noted three objectives of the meeting: to share lessons learned and analysis to date on the impact of September 11 on business continuity planning, to explore room for consensus on system-wide approaches to deal with these issues, and to exchange views on how participants can act as catalysts within their own organizations and for the industry. There is a need to resist the tendency to return to the status quo and to assume these problems can never happen again. Several industry groups are also working on business continuity issues, including the SIA, the FRBNY-sponsored Payments Risk Committee, and BITS. 2. Identifying Institutional and Financial Infrastructure Vulnerabilities Roger Ferguson summarized the key vulnerabilities that regulators and institutions have seen in the aftermath of September 11. First, contingency planning generally did not account for region-wide events. Some firms found they lost both primary and back-up sites. There were significant concerns about the loss or inaccessibility of staff. Second, concentrations, both market-based and geographic, were readily evident and became a source of vulnerability. Third, the critical interdependencies across the industry, although understood in the context of planning for the Year 2000, were never so readily apparent. This was evident in the impact of problems at key infrastructure providers on a wide range of financial institutions. Even institutions far removed from New York City were significantly affected by interdependencies.

Overall, a number of lessons learned need to be incorporated into business continuity planning going forward. 3. Business Continuity Approaches There are different approaches to business continuity, including the traditional active/backup model and the split-operations (or active/active) model. What are the costs and benefits of these different models, and what would lead firms to adopt one or the other? There are also issues as to how evolving technologies will affect business continuity planning. One firm noted that the most critical institutions may need both split operations with two active hot sites in different geographic regions and also one or two more cold sites to handle additional contingencies. Important technical or staffing issues, however, may exist for the split-operations model for some firms and activities. Another firm indicated that some technologies are currently limited in their ability to support multiple active sites over significant distances. However, some activities need to be more geographically diversified than they are presently. Others noted that these choices are institutionspecific and depend on how firms are able to use their geographic footprint. It was noted that there are three general areas of business operations that may need to be analyzed differently: (1) capital markets and trading, which are more easily moved between locations, (2) data centers, which pose technological issues, and (3) operational activities, such as clearing and settlement, where split operations may be preferable. One firm favored developing industry-wide best practices and noted that it is important that institutions in the same tier take the same approach. Several institutions noted that the financial utilities, markets, and clearinghouses are the most critical elements. Others stressed the importance of interconnectivity and readiness of counterparties, which argues for a consistent approach. Several participants stressed that it has become increasingly important for firms to know what others are doing with respect to business continuity in critical activities, so that all understand each other s strategic approaches. One firm noted that many disaster recovery professionals do not understand all of the interdependencies. Several firms felt that a consensus on basic strategic business continuity objectives is needed quickly, as firms are currently conducting strategic reviews and soon will be making strategic decisions. In addition, there is a near-term need to shore up current business continuity tactics within and across firms even as new strategic approaches are being defined and implemented; industry groups may be most helpful in this regard. Care needs to be taken, however, that this work is consistent. Roger Ferguson summarized the following points from the discussion relating to business continuity approaches: Some institutions are beginning to use a broad national footprint for some key business lines. Some institutions also favor an active/active model for some critical activities, with an additional warm or even hot site as a backup. However,

technical and cost questions are important issues for some firms considering an active/active architecture, and retrofitting legacy systems may present challenges. There is a sense that tiering of lines of business is important in business continuity planning. Different issues may be raised for trading, data centers, and operational activities. Human resource elements need to be recognized, including the importance of cultural and staff training issues in implementing business continuity plans. Identifying particular disaster scenarios is not as important as understanding the range of possible outcomes on infrastructure, operations, and staff. Institutions need to plan for continuity of operations under a range of outcomes. 4. Identifying Practices to Reduce Vulnerabilities What are the key practices on which the industry should focus in the effort to strengthen business continuity? What are reasonable recovery times for critical operations, and do these need to be consistent across the industry? One institution stated that there is a need for benchmark guidelines on when firms need to be up and running following a disruption. For example, should trading, operations, and settlement be up within 24 hours, or should recovery be more rapid? It was also noted that the experience of September 11 showed that different business lines may need different recovery times. For example, equity trading was closed for several days and that did not appear to cause major problems. However, the commercial paper market ran into some dislocations after only a very short period. Industry utilities may need to consider setting specific recovery standards, which could vary by market and by size of the participant in that market. One institution noted that it is appropriate for institutions that play a critical role to hold themselves to higher standards. There is also a need for industry-wide standards. It was noted that market pressure, from customers and counterparties, should also help institutions make the appropriate investments. Clients are now asking major firms about their business continuity practices. One institution noted that before September 11, business continuity planning was just a matter of regulatory compliance. Now it is a business line in itself. The key challenge is for institutions to develop and maintain effective solutions and to make the appropriate investments. Another noted again that before September 11, firms were not generally familiar with each other s backup plans. Even today, institutions cannot say for certain how soon they could recover from various disruptions or commit to their customers a specific recovery time. As a result, consistency and transparency are the most important steps to take now. This could help address the significant perceived disparity of key planning assumptions across institutions. However, some institutions noted that security is a constraint on the level of transparency or disclosure of backup plans.

Overall, there was consensus on the need to have a broader understanding of where institutions are today with respect to their business continuity practices and recovery objectives. Roger Ferguson summarized the following points relating to the identification of practices to reduce vulnerabilities: There is a recognition that some operations are more time-critical than others. Trading and settlement appear to take priority. These priorities need to be set collectively for the industry, and institution by institution. There are significant concerns about staff surrounding the duration and severity of disruptions. There is a need to do more effective internal and cross-industry testing in a way that maximizes efficiency. Key financial utilities may need to take on additional work regarding testing to assist the industry. (It was noted that the limited number of testing dates may pose challenges.) The industry and regulators need to discuss how to maintain the focus and improve transparency of business continuity planning. 5. Implementation and Crisis Management Issues What decisions are firms making now and how prepared is the industry today? What can be done to improve crisis management? One firm stated that their greatest areas of concern are telecommunications, clearing and settlement utilities, trading markets, large firms, and government entities. The firm suggested forming ad hoc industry groups to address each of the critical areas, such as human resources, data centers, audit, and testing. It was noted, however, that other committees and industry groups are also addressing many of the same issues, including the FRBNY-sponsored Payments Risk Committee, SIA, BITS, and others. A strong desire was expressed to ensure that these groups work together, avoid duplication of effort, and arrive at consistent results. Some participants suggested that it may be important to formalize how institutions can work with cities and states in a crisis situation. In particular, there was some concern that mid-sized cities may not have the same sense of urgency as New York City and other major cities. Telecommunications vulnerabilities are still seen as a significant area of concern. There is concern that even the telecommunications companies do not have the information they need to provide assurances to financial institutions. One institution expressed a desire for a coordinated approach to dealing with technology and telecommunications vendors so that they understand the financial industry s needs. Several participants noted that foreign authorities are also interested in developments in the United States with respect to business continuity planning.

6. Summing Up Regulators are in a learning phase and taking a pragmatic approach. They are trying to maintain as much flexibility as possible. Roger Ferguson summarized areas of consensus from the meeting: There is agreement that the focus of business continuity plans should be on outcomes, rather than specific scenarios, to ensure the smooth functioning of the financial system, especially core elements of the wholesale and retail markets. There is significant interest in new business continuity models, but firms also need to be aware of creating new single points of failure. Institutions are considering a variety of approaches for different activities, with a significant interest in an active/active approach with one or two additional levels of backup. But issues remain. All institutions are important and interdependent, but infrastructure providers, utilities, and government deserve special focus. Some degree of tiering of business continuity standards by activities, institutions, and markets may also be necessary. Rapid resumption is needed for the most critical activities. However, the industry needs to develop more specific recovery standards with support of regulators. Transparency is important to help ensure the coherence and compatibility of business continuity strategies. Customers and counterparties will demand it. There is a willingness to do more meaningful internal and cross-industry testing. This may extend to key service and infrastructure providers, including the telecommunications industry. He also noted some areas of concern: There is a need to address the issue of what happens if there is a crisis in the near term. There is also a potential concern, which was mitigated by the meeting, that the further we get from September 11, there will be less support to address business continuity issues. There is also a concern that additional testing will not take place. But there appears to be genuine support for additional realistic testing. Next steps include the following: Institutions should keep pushing forward with their strategic reviews and implementation plans. Regulators need to continue the dialogue and to discuss detailed issues with individual institutions. Industry work groups need to share their preliminary conclusions with one another and to ensure that their work is transparent and well coordinated. The industry needs to interact with major infrastructure providers such as telecommunications firms. The industry and key utilities should pursue coordinated industry testing. Regulators will need to put forward their views on sound practices as soon as possible. To this end, they will continue to engage in bilateral dialogues with the industry in order to understand developments and issues as firms advance their

strategic business continuity reviews and plans. This active, ongoing phase should be completed no later than the end of the summer. There is a need to make public the discussion paper prepared for the meeting.

Financial Industry Summit on Business Continuity Participant List Meeting Sponsors: Board of Governors of the Federal Reserve System Federal Reserve Bank of New York Office of the Comptroller of the Currency New York State Banking Department Securities and Exchange Commission Attendees: Federal Reserve Bank of Boston Federal Reserve Bank of Cleveland Federal Reserve Bank of Richmond Federal Reserve Bank of Chicago Economic Development Corporation of the City of New York Office of the Mayor of the City of New York Represented Organizations: Bank of America Bank of New York Bank One Bear Stearns Citigroup CLS Bank Depository Trust and Clearing Corporation Deutsche Bank FleetBoston Goldman Sachs HSBC USA JP Morgan Chase Lehman Brothers Mellon Merrill Lynch Morgan Stanley National City Corporation New York Clearing House Northern Trust Corporation State Street UBS Warburg Wachovia

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback