Business Continuity Management Transformation Strategy in the Financial Services Industry

Introduction

Business continuity (BC) refers to sustaining or immediately resuming business operations in the event of a significant interruption, whether triggered by a disaster, storm, or cybercriminal malicious attack. In the midst of these crises, a business continuity plan describes the policies and guidelines that a company will follow; it includes operational structures, assets, personnel, business associates, and more.[1]

Why is business continuity important? The aim of any business is to remain profitable and competitive. It’s absolutely important that a business retains its customers immediately after facing adversity and even increase more customers. Testing this ability is vital in business continuity. Information Technology is vital to many businesses and these have necessitated various solutions for disaster recovery to be put in place. However, other components of the business are vital as well as your business processes and the people who carry them out. Being able to cope successfully with any event will have a beneficial impact on the credibility and brand appeal of the company, which can improve consumer trust.[2]

Business Continuity in the Financial Services Industry

The Financial Services Industry is unique in its approach to developing a business continuity approach because of the regulations involved and business processes that are exclusive to the sector. There are standards of regulation in all the countries that need to be considered. As a matter of fact, the finance sector is a field in which the growth of Information Technology (IT) and Information Systems (IS) has had a significant impact on productivity. Unfortunately for some, organizations in this sector are becoming dependent on technologies they don't fully understand. IS and IT in this sector are part of the production process and have contributed to boosting the way services are rendered to customers. Therefore, planning for business continuity is crucial for protecting customers and complying with international regulatory standards.[3]

In addition, for three other specific reasons, as highlighted by the Bank of Japan in 2003, BC planning is important and at the same time distinct from other industries in the Financial Services Industry as follows:

·        Making sure that customers are able to continue getting financial services during and after the impending disaster so that their businesses can continue operating.

·        Avoiding widespread payment and settlement chaos or avoiding structural threats, by reducing financial institutions' inability to carry out payment transactions in a crisis area.

·        Reduce management risks, for example, by restricting banks' difficulties in taking income opportunities and reducing their client credibility.

The financial sector sees business continuity not only as a technological or risk management problem but as a catalyst for any conversation of mergers and acquisitions; the ability to handle Business Continuity should also be recognized as a strategic tool for reducing the time period for acquisitions and shortening the consolidation of data centers, also considered one of the top issues in fast wins and information and communication technology.[4]

Lessons Learned During COVID19 Pandemic

Covid19 pandemic has come with many lessons to the business community including the Financial Services Industry. Initially, the business continuity strategies focused on crises like disaster, storm, or cybercriminal but the Covid19 pandemic has been an eye-opener. The business sector has now learned that there are threats that can occur that no one had anticipated or thought about. Companies are now facing the challenge of dealing with the new threat and its impact. They are now looking at different outlooks and scenarios of testing for their business continuity management transformation strategies.[5]

The aim of business continuity management is to ensure that the people, technology and process involved in the organization continue functioning normally in the event of a crisis. This is done by by ensuring implementation of prevention, detection, and response controls. There is need for these to be done in an agile manner, meaning that continuous testing should be part of the process. One of the key lessons learnt is how to include the suppliers and vendors as part of the process. It has been realized that even if the bank itself has all the continuity plans in place, this is not enough as it works with third party vendors who might not be as prepared and this will in turn affect the business. Therefore, measures need to be put in place to mitigate these risks.[6]

Another lesson learnt is that there are many risks involved in terms of cyber security besides the normal external threats that many businesses foresee and take measures against. With the advent of Covid19, many employees have been forced to now work from home; this has never crossed anyone’s mind that it could happen in the Financial Services Industry and that it would take such a long time. It’s difficult to manage security when workers are not within the office location which has been secured and can easily be monitored. In this scenario, information can easily leak, and at the same time, there are increased threats from social engineering and disruption of critical services. This therefore means that business need to rethink their business continuity strategies as the current threats are beyond what had been planned for and imagined.[7]

The banks have learnt that they need to transform their digital programs going forward as more customers will prefer digital products as compared to going to the bank physically. The question is, are the existing digital products enough to sustain their customers? The answer is no, some banks that had started digital transformation earlier might be having an advantage although this is a call for all the banks to evaluate their digital strategies and come up with new products and services that meet the new evolving customer needs.[8]

Transformation Strategies for Business Continuity Management function

Almost all organizations worldwide have been caught flatfooted by the pandemic and in the Financial Services Industry, one of the transformational strategies that are being considered as a solution is engaging in data and analytics more deeply as a business continuity strategy. Data is very crucial in performing analysis of different scenarios, forecasting and having a better visualization of data in operations. Banks can create data specific teams that will focus on different operational functions. Another way is to empower employees to be champions of data in their specific areas.

There needs to be a fusion between operational flexibility plans and business continuity plans because in times of disaster, there is a thin line between the two. New situations need to be reviewed and assessments should be taken to comply with organizational readiness for future developments. Changes to post-COVID-19 business continuity plans should concentrate on alignment of the risk control system, and further testing / exercise.[9]

It’s acknowledged that there are existing continuity strategies already in place that were put in place by the crisis management committees. But the current pandemic has dismantled most of the strategies therefore creating a need for revisiting the effectiveness of these strategies and their roles in the organization. This calls for a reevaluation and consideration of other effective risk management strategies for the current pandemic as well as other emerging risks. 

The cloud is an important aspect of utilizing technology in the process of building resiliency. We’ve seen employees working from home longer than it was anticipated and this has been possible because of the infrastructure powering remote working. However, this is not enough and banks have the opportunity to now make an evaluation on how to build the resiliency further.[10]

Another strategy that will ensure business continuity management is transforming the whole process to not only focus on the customer experience and regulators but also employees. Employees are crucial in the success of any business as they can make or break it. The bank should ensure that their work processes are smooth, their welfare is met and the environment that they work in is conducive. Businesses need employees to carry out all these processes, to attend to customers and therefore also considering them as part of the equation will go a long way to transform the business continuity strategy.

Considering business resilience will help in the continuity management strategies. To enhance continuity, the business processes should be put into consideration and these should include third party management as well as customer experience. If done well, they will be beneficial to the business in the long run.

Tactics to Achieve and Implements the Strategies

One of the tactics that banks need to use is communication. Communication is the backbone of fusion between operational flexibility plans and business continuity plans. Communication to customers is key to keeping them abreast of any impacts on service and product delivery. Employees also need to be looped into the communication so as to balance between exercising caution and continuing with normal business schedule.[11]

High level business continuity committees should be formed or reenacted if they existed before to meet and discuss progress of the organization’s strategy. In the event that there are any challenges, the heads will discuss about it and come up with measures on how to mitigate the risks. 

It’s important to regularly review the business continuity strategies to see where the organization is heading and how it’s performing. Therefore, the business continuity head should give a report of the status of the organization in terms of risks, plans and challenges to the board at least annually. This will bring any issues to the limelight and prevent any surprises.

Going forward, companies need to expand on their work from home or flexible work schedules so that in future with such a scenario, it will not be a shocker but just a continuation of a routine. This should be an ongoing strategy where resources are allocated, teams are enacted and programs that support a safe working environment implemented.[12]

The bank can use data analytics to take measures to analysis how the crisis will affect the business plans and budgets in order to make key decisions early. Data can also be used to evaluate monetary and operational risks. This type of data is crucial in determining the strategies for responding to the situation at hand.

Another important tactic is to look at the strategies related to business continuity. This should then feed into the risk strategy to form risk appetites and key risk indicators that should be always considered when making key decisions. Having seen the way Covid19 has affected businesses, all the strategies will be helpful if they are all looked at from a risk perspective and how the risks can be mitigated in future.

Communication with suppliers is also key so that in case they are not able to meet their obligations, the bank can seek alternative suppliers in good time. Communication with creditors and investors is vital to make decisions on whether loan contracts can be met or not.[13]

Other tactics include performing a gap investigation to determine what needs to be done in order to adjust accordingly, increase on cyber protection strategies to protect the bank from the increasing cyber-attacks, and consider adding new services and products that can be done digitally.[14]

Conclusion

Having looked at how Covid19 pandemic has changed the business scenario, it’s imperative that banks perform a situational analysis on themselves to see where they are and how they can improve in order to meet the customers’ needs that have now changed. Business continuity strategies from before Covid19 might not work anymore as this is a type of crisis that no one imagined will end up this way. In future, another type of crisis might emerge and the greatest lesson learnt is that businesses should always prepare for the unimaginable using data analysis.

References

Arduini, F., & Morabito, V. (2010). Business continuity and the banking industry. Communications Of The ACM, 53(3), 121-125. https://dl.acm.org/doi/10.1145/1666420.1666452

Basnayake, H., Mack, C., & Tong, I. (2020). COVID-19 business continuity plan: Five ways to reshape. Retrieved 6 June 2020, from https://www.ey.com/en_sa/transactions/companies-can-reshape-results-and-plan-for-covid-19-recovery

Enterprise & Market Resilience during COVID-19 - Middle East Forum (Session 3): Business Continuity Management and Cyber Security Resilience | Protiviti - Saudi Arabia. (2020). Retrieved 6 June 2020, from https://www.protiviti.com/SA-en/insights/pov-enterprise-market-resilience-during-covid-19-session-3

Lindros, K. and Tittel, E., (2017). How To Create An Effective Business Continuity Plan. [online] CIO. Available at: <https://www.cio.com/article/2381021/best-practices-how-to-create-an-effective-business-continuity-plan.html> [Accessed 6 June 2020].

The Impact of Covid-10 On the Banking Sector of Saudi Arabia. (2020).KPMG Retrieved 6 June 2020, from https://assets.kpmg/content/dam/kpmg/sa/pdf/2020/the-impact-of-covid-19-on-the-banking-sector-of-saudi-arabia.pdf

[1] https://www.cio.com/article/2381021/best-practices-how-to-create-an-effective-business-continuity-plan.html

[2] https://www.cio.com/article/2381021/best-practices-how-to-create-an-effective-business-continuity-plan.html

[3] https://dl.acm.org/doi/10.1145/1666420.1666452

[4] https://dl.acm.org/doi/10.1145/1666420.1666452

[5] https://www.protiviti.com/SA-en/insights/pov-enterprise-market-resilience-during-covid-19-session-3

[6] https://www.protiviti.com/SA-en/insights/pov-enterprise-market-resilience-during-covid-19-session-3

[7]https://www.protiviti.com/SA-en/insights/pov-enterprise-market-resilience-during-covid-19-session-3

[8] https://assets.kpmg/content/dam/kpmg/sa/pdf/2020/the-impact-of-covid-19-on-the-banking-sector-of-saudi-arabia.pdf

[9] https://www.protiviti.com/SA-en/insights/pov-enterprise-market-resilience-during-covid-19-session-3

[10] https://www.protiviti.com/SA-en/insights/pov-enterprise-market-resilience-during-covid-19-session-3

[11] https://www.ey.com/en_sa/transactions/companies-can-reshape-results-and-plan-for-covid-19-recovery

[12] https://www.ey.com/en_sa/transactions/companies-can-reshape-results-and-plan-for-covid-19-recovery

[13] https://www.ey.com/en_sa/transactions/companies-can-reshape-results-and-plan-for-covid-19-recovery

[14] https://assets.kpmg/content/dam/kpmg/sa/pdf/2020/the-impact-of-covid-19-on-the-banking-sector-of-saudi-arabia.pdf