Our Business Continuity Plan does not define the difference between business interruption and pandemic challenges. We are a small mortgage lender in
the mid-west, and we were caught blind-sided with needing procedures to deal
with the coronavirus pandemic.
We started to update our BCP and found that we
actually did not know if our regulator would expect us to have procedures to
address both business interruption and pandemic disruption. Since you literally
wrote the book on business continuity, our staff asked me to find out the
difference by asking you.
So, what is the difference between business interruption and pandemic disruption?
Also, what are some of the actions we should
take in protecting our company during a pandemic event?
ANSWER
It is kind of you to state that we “wrote the book” on business
continuity but our Checklist and Workbook (“Checklist”) is just a small
contribution toward a more stable business environment. Indeed, we did not
charge – and will not be charging – a fee for the Checklist. It is free. We are
living in a pandemic – what until relatively recently was usually called a “plague”
– and providing a way to preserve your business is the least we could do.
The Checklist was first published on March 16th, and the most recent version is Update # 6, published on April 16th. It is 183 pages of checklists, workbook space, and resources. We even provided a webinar on April 16th!
With regards to clarifying the difference between business and pandemic disruption, there are distinct differences between pandemic planning and traditional business continuity planning.
The Checklist was first published on March 16th, and the most recent version is Update # 6, published on April 16th. It is 183 pages of checklists, workbook space, and resources. We even provided a webinar on April 16th!
- Download the Checklist - Update # 6, webinar video and slides, and some supporting documents HERE.
- For a Business Continuity Plan – standard, customized, or enhanced – go HERE.
- And for a BCP Tune-up to check if your business continuity plans are sufficient, go HERE.
With regards to clarifying the difference between business and pandemic disruption, there are distinct differences between pandemic planning and traditional business continuity planning.
When developing business continuity plans, financial institution
management typically considers the effect of various natural or man-made
disasters that may differ in their severity. These disasters may or may not be
predictable, but they are usually short in duration or limited in scope. In
most cases, malicious activity, technical disruptions, and natural/man-made
disasters typically will only affect a specific geographic area, facility, or
system. These threats can usually be mitigated by focusing on resiliency and
recovery considerations.
However, pandemic planning presents unique challenges to financial institution
management. Unlike natural disasters, technical disasters, malicious acts, or
terrorist events, the impact of a pandemic is much more difficult to determine
because of the anticipated difference in scale and duration. We are currently
in the midst of only the first wave of the COVID-19 plague. There will be other
waves.
The death count, and, by extension, inevitable effects on businesses, of the second
and subsequent waves will be orders of magnitude greater than the first wave
unless (1) there is universal testing, (2) proper hygiene, social distancing,
and sheltering are practiced, and (3) until a vaccine is created and effectively distributed.
The nature
of the global economy virtually ensures that the effects of a pandemic event
will be widespread and threaten not just a limited geographical region or area,
but potentially every continent. In addition, while traditional disasters and
disruptions normally have limited time durations, pandemics generally occur in
multiple waves, each lasting two to three months. Consequently, no individual
or organization is safe from the adverse effects that might result from the
plague.
Experts
predict that perhaps the most significant challenge likely from a severe
pandemic event will be staffing shortages due to absenteeism. These differences
and challenges highlight the need for all financial institutions, no matter
their size, to plan for a pandemic event when developing their BCP.
Don’t let
your guard down! The BCP is a dynamic document that requires periodic updating
in response to changing conditions. There are at least five primary actions to
managing your way through a pandemic event.
1) A preventive program to reduce the
likelihood that an institution’s operations will be significantly affected by a
pandemic event, including: monitoring of potential outbreaks, educating
employees, communicating and coordinating with critical service providers and
suppliers, in addition to providing appropriate hygiene training and tools to
employees.
2) A documented strategy that provides for
scaling the institution’s pandemic efforts so they are consistent with the
effects of a particular stage of a pandemic outbreak, such as first cases of
humans contracting the disease overseas, first cases within the United States,
and first cases within the organization itself. The strategy will also need to
outline plans that state how to recover from a pandemic wave and proper
preparations for any following wave(s).
3) A comprehensive framework of facilities,
systems, or procedures that provide the organization the capability to continue
its critical operations in the event that large numbers of the institution’s
staff are unavailable for prolonged periods. Such procedures could include
social distancing to minimize staff contact, telecommuting, redirecting
customers from branch to electronic banking services, or conducting operations
from alternative sites. The framework should consider the impact of customer
reactions and the potential demand for, and increased reliance on, online
banking, telephone banking, ATMs, and call support services. In addition,
consideration should be given to possible actions by public health and other
government authorities that may affect critical business functions of a
financial institution.
4) A testing program to ensure that the
institution’s pandemic planning practices and capabilities are effective and
will allow critical operations to continue.
5) An oversight program to ensure ongoing
review and updates to the pandemic plan so that policies, standards, and
procedures include up-to-date, relevant.
Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group
