Download presentation
Presentation is loading. Please wait.
Published byFenna Wauters Modified over 5 years ago
1
University of Maryland Robert H. Smith School of Business
Presenter: Lorie Alioto, Wells Fargo Insurance Services Inc. April 10, 2015
2
Successful BCP Planning and Risk Management
Lorie Alioto, CBCP Wells Fargo Insurance BCP National Practice
3
Agenda Why do we plan? 5 Success Factors for BCP Risk Aggregation
4
Why do we plan?
5
Why do we plan? Prevent Loss of employees Loss of customers
Loss of reputation Loss of revenue Regulatory and legal penalties
6
Financial Institutions
Regulations FFIEC Federal Financial Institutions Examination Council BCP Booklet FFIEC Federal Financial Institutions IT Examination Booklet FINRA 4370 OCC Bulletin – Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System
7
Financial Institutions
Regulatory Agencies Office of the Comptroller of the Currency (OCC) Federal Reserve Bank (FRB) Security and Exchange Commission (SEC)
8
Our organization has a documented BCP
Are we all set?
9
Success Factor # 1 Business ownership and engagement
10
Business Ownership and Engagement
Everybody wants to pass the BCP buck Who is responsible? Functional management level Quality of plans
11
Business Ownership and Engagement
Does anyone in the company know we have a BCP? Make BCP cool
12
Success Factor # 2 Training and Testing
13
Training and Testing Do recovery members know what to do?
Annual training is critical Table top exercises
14
Training and Testing If you want to assess a BCP program at a company what documentation besides the BCP plan itself would you ask to see?
15
Training and Testing If we test our Business Continuity Plan are we recoverable?
16
Training and Testing How do you as an organization define a successful BCP or DR test?
17
Training and Testing What if the test was not successful?
18
Success Factor # 3 Integration of business and technology recovery
19
Integration of business and technology recovery
When does business require technology to be recovered?
20
Integration of business and technology recovery
What is technology recovery capability? Comparison of business need and technology capability
21
Success Factor # 4 BCP Risk Management
22
BCP Risk Management What is Risk? Possibility of harm or loss
23
BCP Risk Management BCP Risks Identification Mitigation or Acceptance
When and how will the risk be mitigated? How much risk is the business accepting?
24
BCP Risk Management Do all identified risks have to be mitigated?
Explain your reasoning
25
Example
26
Loan processing function
Financial Impact: 1 million loss daily Customer Impact: 1,000 external customers will be very unhappy Legal/Regulatory: XYZ regulation Function must resume within 1 day
27
Technology Risk Loan Processing function relies on:
Application A - RTO 3 days If Application A fails function cannot be resumed for 3 days Are you going to mitigate this risk?
28
Cost to mitigate risk 7 million dollars to upgrade the BCP technology environment for Application A to provide a 1 day Recovery Time Objective
29
Risk Management Risk appetite
Document risk and reasoning for acceptance
30
Success factor # 5 Reporting
31
Reporting Who should we report to?
32
Reporting Who should we report to? Senior Executives
Board of Directors Business Lines Responsible for BCP
33
Reporting What should we report on?
34
Reporting What should we report on? BCP State of affairs
Are we recoverable?
35
Reporting What should we report on? Business and technology BCP risk
Business and technology risks Accepted Mitigated
36
Reporting How do we measure recoverability? Successful simulations
Documented BCP plans with implemented strategies Appropriate level of risk acceptance
37
Reporting How do we prove to Executive Management that we are recoverable?
38
Reporting Where will we get the data from? How will we get the data?
39
Risk Aggregation BCP Risk Vendor Management Risk
Information Security Risk Operational Risk Compliance Risk Fraud Risk Payment Systems Risk Capital Risk Privacy Risk Records Management Risk Financial Crime Risk
40
Risk Aggregation Challenge for all organizations Enterprise wide
Risk definition and identification Report on all risks
41
Thank you! Lorie Alioto
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.