These dramatic examples of BCM in action were spelled out by Bob Piggott, HSBC’s head of group crisis management, at a mini-conference last month organised by The Banker and FT Business.
The event, “Continuity or crisis: benchmarking resilience in financial services”, was sponsored by telecoms company BT in London and business continuity specialists spoke on the key issues facing banks.
Think the unthinkable
HSBC’s continuity plans failed in the Caymans because staff did not believe hurricanes ever hit that part of the Caribbean. “So you have to think the unthinkable, and regularly test your plans,” said Mr Piggott.
John Sharp, policy and development director at the resource centre Continuity Forum, chaired the event. He claimed that, across industry as a whole, not enough companies conduct regular plan rehearsals. “A recent study in the UK showed that when rehearsals are performed, in 88% of cases they revealed shortcomings,” said Mr Sharp.
John Milne, head of business continuity at the UK’s Financial Services Authority, said his key objective for 2005 was to improve the ability of the financial system to deal with unforeseen events. The FSA’s work in this area centres on a project to benchmark the resilience of the key parts of the financial system and an annual market-wide test.
The next speaker, Malcolm Baker, a superintendent at the counterterrorism section of the the Metropolitan Police’s anti-terrorist branch explained how his unit offers advice on all aspects of counterterrorism security to businesses. “To avoid an attack you have to be lucky all the time, but a terrorist only has to be lucky once,” he said. “There are many things you can do to minimise the risk.”
Victor Meyer, global head of business continuity management at Deutsche Bank, was the US Navy’s chief of counterterrorism and contingency plans for Europe and Africa until last October, and is a former Navy SEAL.
Military approach
In an unorthodox approach to business continuity, Mr Meyer showed how he has introduced military theories, including “manoeuvre warfare” and “the OODA loop” (observe, orient, decide, act), to the work he does at Deutsche. “How does an investment bank benefit from manoeuvre warfare theory? It’s a question of building a team and using your internal and external resources to better effect,” he said.
Laurence Petty, vice president, operations, at MasterCard Europe, said his company was focused on ensuring the integrity of its technology at all times. “If a system goes down, we have a cut-over site immediately available,” he said. “If we can’t transmit financial data, we’re failing our customers.”
Vicki Gavin, associate director, front office business continuity relationship management at Barclays Capital, said “providing continuity plans is easy”, and testing them is not the real issue. The big challenge was convincing business areas to “buy into” business continuity: “You have to ‘sell’ the plan to them.”
BT’s crisis management skills were tested at the end of the conference. Head of global security practice Ray Stanton was due to close with a presentation on what the company does for its clients regarding business continuity and security but had been struck by flu and couldn’t attend.
His emergency plan was dusted off and Bill Rann, BT’s expert on global strategy and business development, stepped in to make the address. His main point was: “You don’t do business continuity management by yourself, you need partners,” meaning that banks must ensure their IT and telecoms suppliers can deliver both “resilient” and “secure” solutions.
