1 / 36

Business Continuity and Crisis Management

De Nederlandsche Bank. Business Continuity and Crisis Management Michael van Doeveren and Paul Osse Conference Financial Sector of Macedonia on Payments and Securities Settlement Systems Ohrid 23 June 2008. Introduction The Dutch situation DNB Assessment Framework

amil
Télécharger la présentation

Business Continuity and Crisis Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. De Nederlandsche Bank Business Continuity and Crisis Management Michael van Doeveren and Paul Osse Conference Financial Sector of Macedonia on Payments and Securities Settlement Systems Ohrid 23 June 2008

  2. Introduction The Dutch situation DNB Assessment Framework Concepts of crisis management Arrangements and initiatives in the Netherlands The Escalation Committee for Payments and Securities Government initiatives on Critical Infrastructure Protection: Dutch Counterterrorism Alert System International context Concluding remarks Questions Agenda

  3. What is Business Continuity? • Business Continuity Management: a whole-of-business approach, that includes policies, standards, and procedures, to ensure (critical) operations can be maintained, or restored in a timely fashion, in the event of a disruption. • Its purpose is to minimise the financial, legal, reputational and other material consequences arising from disruptionSource: BIS 2005

  4. BCP in an international context • The American White Paper on Sound Practises to strengthen the Resilience of the US Financial System • The Tripartite Standing Committee on Financial Stability • Bank of Japan resilience plans • Initiatives of the Eurosystem • Joint Forum/Financial Stability Forum/BIS/CPSS’ work

  5. The Dutch situation • Small country, few large banks • DNB is bothcentral bankandprudential supervisorfor banks, pension funds and insurance companies • Financial core infrastructure for Payments and Securities, in NL defined as: • Central bank • CSD (Euroclear Netherlands) • CCP (LCH.Clearnet SA) • Stock exchange (NYSE Euronext Amsterdam) • ACH (Equens Netherlands) • Major banks (a.o. ABN AMRO, Fortis, ING, Rabobank)

  6. DNB BCP Assessment Framework

  7. DNB BCP Assessment Framework (1) • First version in 2004, new version in 2007; • Drafted in cooperation with the financial institutions • Commitment to use it on a high level • Assessment Framework consists of • 9 ‘principles’ • Guidance note Human Factor • Agreement between DNB and the financial sector for joint BCP initiatives • In line with international principles such as BIS • Used by supervisor and overseer to assess the institutions of the financial core infrastructure against these principles

  8. DNB BCP Assessment Framework (2) • BCP should beapprovedby the EB/senior management • Risk analysesof critical systems and activities should be made • Explicit attention should be paid to thehuman factor

  9. DNB BCP Assessment Framework (3) 4. Each institution should have acrisis organisation, including senior management • Single points of failure(SPOFs) should be identified • Critical processes and systems should beresumedas quickly as possible

  10. DNB BCP Assessment Framework (4) 7. Aback-up site/secondary siteshould be available 8. Alternate systems and contingency procedures should be regularlytested and exercised 9. Each institutions should have acommunication planfor all stakeholders

  11. Guidance Note Human factor • Assessment showed that institutions have problems with principle 3, paying explicit attention to the human factor • DNB developed a ‘Guidance note human factor’ to assess the human factor aspect for critical systems and business processes, depending on the level of knowledge that is required (specific in the extreme, highly specific, specific, not very specific, not specific) • Matrix with level of required knowledge and human factor strategy  see www.dnb.nl – payments - BCP

  12. GUIDANCE NOTE REGARDING IMPLEMENTATION CONTINUITY OF THE HUMAN FACTOR FOR CRITICAL SYSTEMS/ BUSINESS PROCESSES

  13. Required Knowledge • Specific in the extreme. • Highly specific. • Specific. • Not very specific. • Not specific.

  14. Concepts of crisis management (for payments)

  15. Concepts of crisis managementfor the payment system (1) • Basic assumption • Payments can be regarded as what oil is for an engine • Continuity of payments is essential for both the public and the financial system. • Consequences • Measures should be implemented that guarantee business continuity of the payment system • Implementation of a crisis management structure to prevent contagion and limitation the risks as for as possible

  16. Concepts of crisis managementfor the payment system (2) • Crisis management preconditions • Involvement required of critical participants of the whole payment system • Focus the continuation of the operation of the whole payment chain. • Implementation • Formation of crises management team • Prepare organisation. Discuss objectives, define concept crisis management, investigate objects, invest existing measures, define effectiveness measures, investigate alternatives • Prepare and perform tests. Both internal and sector wide. (include suppliers of critical services and local and national government)

  17. Arrangements and initiatives in the Netherlands The Escalation Committee for Payments and Securities

  18. Escalation Committee history: Why • Escalation Committee established around the euro- introduction in 1999 • Stand-by at millennium • To cooperate in case of problems • WHEN something could happen was rather clear • Today: The issue is back on the agenda • Overall agreement that sector-wide coordination and cooperation is needed to handle (operational) crises in payments and securities. • You need each other in times of crisis! • WHEN is not clear  Escalation Committee is Crisis management organisation for payments and securities

  19. Escalation Committee - Who • The Dutch financial core infrastructure: • Market infrastructures: Central bank, ACH, Stock Exchange, CSD, CCP • Major banks (a.o. ABN Amro, ING, Rabobank, Fortis) • Other members: Dutch banking association, representing other banks, scheme owner payment products • DNB is chairman and secretary, and linking pin ot other authorities • Members have decision-making mandate of their organisation for payments and securities issues

  20. Escalation Committee – What • Crisis management • Respond to payments and securities sector-wide (major) operational crises: procedures regarding (one voice) communication, decision making etc. • Members of the committee are linking pin to their own crisis organisations • ´Sector BCM´ • ´Peace time´ preparation for times of crises; plans, good overview of critical processes for the sector, alternatives and possibilities in case of a crisis, communication, knowing each other

  21. When market infrastructures or banks have a crisis, might not meet their Recovery Time Objectives (RTO) or when individual measures are insufficient, this can have sector-wide impact. The chairperson of the Escalation Committee needs to be notified. When outside-in crises (flood, pandemic, etc) have impact on more than one institution in the field of payments and securities, the Escalation Committee needs to assess the sector impact. Escalation Committee - When

  22. Escalation model

  23. Escalation Committee – How “Red Booklet” contains information about: • Crisis management, communication and decision making procedures • Wholesale, retail, securities alternatives However, not many viable alternatives: Possible alternatives based on rerouting of key processes: • CLS, TARGET1/2, EBA, correspondents • Cash/ATM´s, mass payments, one-off direct debit • Bilateral accounts for OTC etc. • In practice: combination of emergency procedures of the different parts of the chain • At the moment no viable alternative for SWIFT • Communication and trust is key!

  24. Example – Wholesale (1)

  25. Example – Wholesale (2) The following were regarded as the most important wholesale payments (per bank): • CLS incoming (and outgoing) payments • MM and FX transactions • Liquidity transfers to/from offices/agents abroad • EBA settlement payments and liquidity swaps • Payments for the clearing and settlement of securities • Critical payments for clients (corporates, pension funds) • ´Margin calls´ (collateral for securities clearing) Broadly speaking, around 20-30 critical payments per bank per day In case of one bank’s failure, this can be processed manually In case of TARGET2 failure, strict rules apply; only ‘very critical payments’ can be processed

  26. Arrangements and initiatives in the Netherlands Government project on critical infrastructure protection (CIP)

  27. CIP in the Netherlands • Government project on critical infrastructure protection was started in 2004 • In cooperation with the private sector, the government defined 12 infrastructures as critical: airports, public transport, energy, health care, etc. • Payments and securities processing is one of them • Follow up of the project in 2004, among others: Counterterrorism Alert System

  28. Dutch Counterterrorism Alert System (1) • Set up by the government in 2005 to ‘alert’ critical infrastructures in the event of heightened terrorist threat • Measures to be taken quickly in order to minimise the risk and to limit the potential impact of terrorist acts. • Cooperation between the government and private sectors • More than 10 sectors are currently connected (a.o. airports, harbours, public transport, oil and gas, etc.) • Financial core infrastructure (including Netherlands Bankers´ Association representing the other banks) connected as of May 1, 2006

  29. Dutch Counterterrorism Alert System (2) • Four levels of threat: standard, low, moderate, high • Each level comes with its own set of (additional) security measures, both for the sector and for the government • Government and sector agree together on the measures to be taken • Contacts with local authorities very important • Workshops, tests and exercises are organised per sector

  30. Experiences Counterterrorism Alert System • Formalised (communication) procedures to inform the sector about threats • Increased cooperation and information sharingwithin the financial sector in the area of security and with other sectors (such as energy and telecom) • Improved contacts and cooperation with local authorities and other stakeholders (police, community, fire brigade, neighbour companies etc.): who is doing what and going where in times of crisis?

  31. Exercising experienceThink BIG, start SMALL For Escalation Committee and Counterterrorism Alert System exercises increase in complexity and depth: • Connectivity/communication tests: several times a year • Crisis management workshops: Discussion, based on scenario • Table top exercises: simulation with ‘real play’ • Large scale government exercise regarding ICT and cybercrime • Operational exercise where security measures are taken for real • Next step: complete market wide exercise?

  32. International context for business continuity in payments and securities • “Dutch” market infrastructure is hardly Dutch anymore • This is due to the consolidation trend and the battle for efficiency • Not only for commercial institutions, but also for central banks • An operational crisis in Brussels/Frankfurt/Paris may impact the Dutch market more than a local crisis in Amsterdam

  33. Increasing (need for) interaction & cooperation • Linked to ESCB crisis management • Co-ordinated communication with market infrastructures en major participants • Possible international solutions to “domestic” problems • Central banks can help each other • Solving problems in cooperation

  34. Concluding remarks • Regular assessments work! • Increase your level of resilience by • Control – Top level commitment • Coordination – Central bank/regulator role • Cooperation – Financial core infrastructure • Communication – All stakeholders, both national and international • Exercising keeps BCP alive • Human factor is key for everything

  35. www.dnb.nl / payments / BCP Questions

More Related