THE MOST COMPREHENSIVE MORTGAGE COMPLIANCE SOLUTIONS IN THE UNITED STATES.

LENDERS COMPLIANCE GROUP belongs to these National Organizations:

ABA | MBA | NAMB | AARMR | MISMO | ARMCP | ALTA | IIA | ACAMS | IAPP | MERSCORP

Thursday, April 30, 2020

Business Continuity and Pandemic Events

QUESTION
Our Business Continuity Plan does not define the difference between business interruption and pandemic challenges. We are a small mortgage lender in the mid-west, and we were caught blind-sided with needing procedures to deal with the coronavirus pandemic. 

We started to update our BCP and found that we actually did not know if our regulator would expect us to have procedures to address both business interruption and pandemic disruption. Since you literally wrote the book on business continuity, our staff asked me to find out the difference by asking you. 

So, what is the difference between business interruption and pandemic disruption? 

Also, what are some of the actions we should take in protecting our company during a pandemic event?

ANSWER
It is kind of you to state that we “wrote the book” on business continuity but our Checklist and Workbook (“Checklist”) is just a small contribution toward a more stable business environment. Indeed, we did not charge – and will not be charging – a fee for the Checklist. It is free. We are living in a pandemic – what until relatively recently was usually called a “plague” – and providing a way to preserve your business is the least we could do. 

The Checklist was first published on March 16th, and the most recent version is Update # 6, published on April 16th. It is 183 pages of checklists, workbook space, and resources. We even provided a webinar on April 16th!
  • Download the Checklist - Update # 6, webinar video and slides, and some supporting documents HERE.
  • For a Business Continuity Plan – standard, customized, or enhanced – go HERE.
  • And for a BCP Tune-up to check if your business continuity plans are sufficient, go HERE.

With regards to clarifying the difference between business and pandemic disruption, there are distinct differences between pandemic planning and traditional business continuity planning.

When developing business continuity plans, financial institution management typically considers the effect of various natural or man-made disasters that may differ in their severity. These disasters may or may not be predictable, but they are usually short in duration or limited in scope. In most cases, malicious activity, technical disruptions, and natural/man-made disasters typically will only affect a specific geographic area, facility, or system. These threats can usually be mitigated by focusing on resiliency and recovery considerations.

However, pandemic planning presents unique challenges to financial institution management. Unlike natural disasters, technical disasters, malicious acts, or terrorist events, the impact of a pandemic is much more difficult to determine because of the anticipated difference in scale and duration. We are currently in the midst of only the first wave of the COVID-19 plague. There will be other waves. 

The death count, and, by extension, inevitable effects on businesses, of the second and subsequent waves will be orders of magnitude greater than the first wave unless (1) there is universal testing, (2) proper hygiene, social distancing, and sheltering are practiced, and (3) until a vaccine is created and effectively distributed.  

The nature of the global economy virtually ensures that the effects of a pandemic event will be widespread and threaten not just a limited geographical region or area, but potentially every continent. In addition, while traditional disasters and disruptions normally have limited time durations, pandemics generally occur in multiple waves, each lasting two to three months. Consequently, no individual or organization is safe from the adverse effects that might result from the plague.

Experts predict that perhaps the most significant challenge likely from a severe pandemic event will be staffing shortages due to absenteeism. These differences and challenges highlight the need for all financial institutions, no matter their size, to plan for a pandemic event when developing their BCP.

Don’t let your guard down! The BCP is a dynamic document that requires periodic updating in response to changing conditions. There are at least five primary actions to managing your way through a pandemic event.

1) A preventive program to reduce the likelihood that an institution’s operations will be significantly affected by a pandemic event, including: monitoring of potential outbreaks, educating employees, communicating and coordinating with critical service providers and suppliers, in addition to providing appropriate hygiene training and tools to employees.

2) A documented strategy that provides for scaling the institution’s pandemic efforts so they are consistent with the effects of a particular stage of a pandemic outbreak, such as first cases of humans contracting the disease overseas, first cases within the United States, and first cases within the organization itself. The strategy will also need to outline plans that state how to recover from a pandemic wave and proper preparations for any following wave(s).

3) A comprehensive framework of facilities, systems, or procedures that provide the organization the capability to continue its critical operations in the event that large numbers of the institution’s staff are unavailable for prolonged periods. Such procedures could include social distancing to minimize staff contact, telecommuting, redirecting customers from branch to electronic banking services, or conducting operations from alternative sites. The framework should consider the impact of customer reactions and the potential demand for, and increased reliance on, online banking, telephone banking, ATMs, and call support services. In addition, consideration should be given to possible actions by public health and other government authorities that may affect critical business functions of a financial institution.

4) A testing program to ensure that the institution’s pandemic planning practices and capabilities are effective and will allow critical operations to continue.

5) An oversight program to ensure ongoing review and updates to the pandemic plan so that policies, standards, and procedures include up-to-date, relevant.

Jonathan Foxx, Ph.D., MBA
Chairman & Managing Director
Lenders Compliance Group