Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Maryland Robert H. Smith School of Business

Similar presentations


Presentation on theme: "University of Maryland Robert H. Smith School of Business"— Presentation transcript:

1 University of Maryland Robert H. Smith School of Business
Presenter: Lorie Alioto, Wells Fargo Insurance Services Inc. April 10, 2015

2 Successful BCP Planning and Risk Management
Lorie Alioto, CBCP Wells Fargo Insurance BCP National Practice

3 Agenda Why do we plan? 5 Success Factors for BCP Risk Aggregation

4 Why do we plan?

5 Why do we plan? Prevent Loss of employees Loss of customers
Loss of reputation Loss of revenue Regulatory and legal penalties

6 Financial Institutions
Regulations FFIEC Federal Financial Institutions Examination Council BCP Booklet FFIEC Federal Financial Institutions IT Examination Booklet FINRA 4370 OCC Bulletin – Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System

7 Financial Institutions
Regulatory Agencies Office of the Comptroller of the Currency (OCC) Federal Reserve Bank (FRB) Security and Exchange Commission (SEC)

8 Our organization has a documented BCP
Are we all set?

9 Success Factor # 1 Business ownership and engagement

10 Business Ownership and Engagement
Everybody wants to pass the BCP buck Who is responsible? Functional management level Quality of plans

11 Business Ownership and Engagement
Does anyone in the company know we have a BCP? Make BCP cool

12 Success Factor # 2 Training and Testing

13 Training and Testing Do recovery members know what to do?
Annual training is critical Table top exercises

14 Training and Testing If you want to assess a BCP program at a company what documentation besides the BCP plan itself would you ask to see?

15 Training and Testing If we test our Business Continuity Plan are we recoverable?

16 Training and Testing How do you as an organization define a successful BCP or DR test?

17 Training and Testing What if the test was not successful?

18 Success Factor # 3 Integration of business and technology recovery

19 Integration of business and technology recovery
When does business require technology to be recovered?

20 Integration of business and technology recovery
What is technology recovery capability? Comparison of business need and technology capability

21 Success Factor # 4 BCP Risk Management

22 BCP Risk Management What is Risk? Possibility of harm or loss

23 BCP Risk Management BCP Risks Identification Mitigation or Acceptance
When and how will the risk be mitigated? How much risk is the business accepting?

24 BCP Risk Management Do all identified risks have to be mitigated?
Explain your reasoning

25 Example

26 Loan processing function
Financial Impact: 1 million loss daily Customer Impact: 1,000 external customers will be very unhappy Legal/Regulatory: XYZ regulation Function must resume within 1 day

27 Technology Risk Loan Processing function relies on:
Application A - RTO 3 days If Application A fails function cannot be resumed for 3 days Are you going to mitigate this risk?

28 Cost to mitigate risk 7 million dollars to upgrade the BCP technology environment for Application A to provide a 1 day Recovery Time Objective

29 Risk Management Risk appetite
Document risk and reasoning for acceptance

30 Success factor # 5 Reporting

31 Reporting Who should we report to?

32 Reporting Who should we report to? Senior Executives
Board of Directors Business Lines Responsible for BCP

33 Reporting What should we report on?

34 Reporting What should we report on? BCP State of affairs
Are we recoverable?

35 Reporting What should we report on? Business and technology BCP risk
Business and technology risks Accepted Mitigated

36 Reporting How do we measure recoverability? Successful simulations
Documented BCP plans with implemented strategies Appropriate level of risk acceptance

37 Reporting How do we prove to Executive Management that we are recoverable?

38 Reporting Where will we get the data from? How will we get the data?

39 Risk Aggregation BCP Risk Vendor Management Risk
Information Security Risk Operational Risk Compliance Risk Fraud Risk Payment Systems Risk Capital Risk Privacy Risk Records Management Risk Financial Crime Risk

40 Risk Aggregation Challenge for all organizations Enterprise wide
Risk definition and identification Report on all risks

41 Thank you! Lorie Alioto


Download ppt "University of Maryland Robert H. Smith School of Business"

Similar presentations


Ads by Google