Business Continuity Plan (BCM) plan should ensure that critical business processes are available and operational in the adverse events, which may disrupt the normal execution of the organisation. BCM in a banking environment is a very demanding and challenging job.
Working as consultant in the Middle East region is rewarding experience, where the best practices and state-of-art solutions are being implemented. One of the biggest advantages is that there is not much resources constraints as experienced in the other parts of the world.
I would definitely like to share some general experiences which I had in the role of a consultant with the biggest bank in the Middle East (in term of number of branches and infrastructure) which also happens to be the biggest Islamic bank in the world. Following are some experiences I would like to share.
BCM is not an Isolated Department: Gone are the days when we have to see BCM in isolation. In today's banking environment, BCM is an integral part of the Banking products and services development & operations. These days, we examine the entire banking products and services from four angles ie the Information security, Risk, Auditbility and Continuity. In our case, since we are Islamic Bank we further look it from the Sharia compliance perspective.
We, as consultants focus on development of the banking products and services. When any of the new product or service is being conceived by the marketing department, it goes through the process of 'Business Planning'. During this process the continuity of product or services is integral part and it is not overlooked.
In the Middle East region, we do not see ourselves as BCM experts but the bankers with the big picture. Our processes are so mature that we only focus on providing the innovative services and products to our valued customer and continuity is taken for granted.
MANAGEMENT COMMITMENT: Without strong commitment from the senior management, no BCM can be effective. Management should realise that BCM is not only IT's responsibility but it is a business function and it should be owned by the core bankers. Management should be committed to provide resources from the core-bankers who must be properly trained and equipped with right skills to deliver what is being expected by them.
BCM OWNERSHIP: BCM should be owned and managed by the Business Group rather than IT group. Unfortunately, in developing countries BCM and DRP (Disaster Recovery Planning) is used interchangeably and still most people think BCM as an IT function. It is seen that if one person from IT is being sent to training, it is thought that they have done there job and 'Due Care' is being taken.
From the experience of the Middle East, we should learn that it is not the case. In today's changing environment, it is the primary responsibility of the business units to ensure that they have enough information in their specific section for the continuity to enable them to recover from an incident and continue to provide services to the clients within acceptable timeframes. IT will act more like support units to ensure that they have right infra-structure and their readiness for contingency event. IT ensures this by doing regular testing in co-ordination with the business departments.
BUSINESS CONTINUITY STEERING COMMITTEE (BCSC): Some Financial institution have BCSC, which is usually led of he Sr. Manager. BCSC looks after BCM which is normally responsible for defining and maintaining the framework for Business Continuity Management (including policy, strategy, overall implementation, plan documentation structure - in some cases it also look for provision of business and support unit templates - tests and training concept, review and change management concept) and for initiating tests and reviews.
REMEMBER THE 7-RS OF BCM: Respond, Retrieve, Recover, Replace, Restore, Resume, Return.
RESPOND: When considering any of the BCM, initial response is very important. Typically this is the part of the ERP (Emergency Response Procedure).
RETRIEVE & RECOVER: In the worst case scenario, when there is total disaster it will be the primary responsibility of the 'BCM Salvage Team' to Retrieve and Recover as much of the critical asset as possible.
REPLACE: Once 'BCM Salvage Team' has done their job, it will be realised that not all of the components would be reusable, some of them need to the replaced.
RESTORE: Information and business processes are being restored on the alternate resources.
RESUME: Once the restoration process is complete, resumption take place after required testing is being done.
RETURN: After the processes are being restored and resumed, BCSC will decide if it is feasible to return to the primary site. . In most of the BCM implementation 'Return' part is missed.
T&T THE MOST IMPORTANT ASPECT OF BCM: Training & Testing are the most important aspect of any of BCM implementation. As discussed earlier training should not be limited only to the technical and IT staff. BCM belongs to the Business not to IT.
TAKE AWAY:
1. Core bankers should own the BCM and look after at the continuity from the products/services inception to BCM testing.
2. If you need to remember three most important words regarding BCM, it is testing, testing & testing.
3. "Gone are the days of the pigeon hole specialists. In today's world, 360-degree coverage & skills portfolio are the minimum requirements for survival"
Comments
Comments are closed.