Tuesday, February 28, 2012

Model-based Business Continuity Planning

If you need to develop a plan quickly from scratch, or if you need a major overhaul of an existing plan, we can help. We have a fast-track, remote delivery, model-based program that will produce a fully compliant, customized BCP for your bank
The key is our extensive database of business functions for every possible size, complexity and business orientation.

So, if you are a $1 billion bank that serves household customers on the deposit side and commercial borrowers on the asset side, with a little mortgage banking thrown in, we can find a model that will work perfectly for you!

Give us a call -- we'll quickly set up a BCP project online, put together a virtual team consisting of bankers and consultants, and begin construction.

You'll be finished long before the your examiners show up for the Spring inspection!

Thursday, February 23, 2012

Want to make bank regulators mad? Encrypt your DR Resource List.

When I'm asked to review a bank's BCP/DR Plans, one of the first things I want to look at is the "Resource Inventory". Called by various names, this is the list of critical systems and services that are prioritized for recovery.

DR/BCP Coordinators are asserting that, if their building gets flattened, the items on this list can be restored to a production state within a time frame that they have assigned.

So it helps your cause immensely if the list makes sense. Not just to insiders, but to outsiders who must form a judgement as to whether or not the bank staff can actually accomplish what is proposed.

Sadly, some of these lists look like encoded spy messages.

Enigma Cipher Machine - Portable Version
Are you using this to encode Resource Lists?
For instance, what is an examiner to make of these:

3 T System

Presumably, someone in the organization knows what this stuff is. But to an outsider it looks like gibberish.

Some of these lists are so bad that the best you can expect is a frustrated and confused examiner. The worst is they will interpret the list as an attempt at obfuscation.

And there is nothing so dangerous as a regulator who feels obfuscated.

Wednesday, February 22, 2012

Emergency Notification Strategies for Community Banks

A solid emergency notification system will leverage all of the technologies available today -- phone calls, SMS text messaging and email. Call trees and printed lists are a last resort -- when nothing else is working.

Dedicated emergency notification systems -- such as those used by hospitals and universities -- are pricey and probably overkill for a community bank. But with a little creativity and basic data manipulation skills, you can put together a low cost, high tech system yourself.

First, be sure your employee notification records contain the appropriate fields: Home and mobile phone numbers, an SMS text message field, and personal email.

Next, store the information using tools that are "platform independent". Notification lists in particular should be portable -- meaning, you must be able to quickly extract a current list and then port it to a number of different platforms. Excel is probably the best all-around format for moving data between systems.

Finally, test your system two or three times a year to give your team some practice.

Here are some tools that may help:

Bulk Texting Systems:

SMS, Mail and Manage Contacts http://bit.ly/wJPXCY

Android App

If you need something more comprehensive, here is a full-featured service that actually recovers your ability to receive inbound customer calls. It has an emergency notification feature built in: www.telecomrecovery.com.

Friday, February 17, 2012

Web-based, Collaborative BCP Consulting

We've taken our entire BCP methodology on line! No more invoices for travel expenses. No paying consultants to sit in airports. All of our BCP consulting services -- department interviews, training sessions, plan maintenance reviews -- even tabletop testing exercises -- can be conducted via the Internet.

We use an on-line collaboration system to create temporary, secure work space for each project. Anyone involved on the bank side can participate and track progress as the project unfolds.

All tasks, project milestones and deliverables are laid out in a user-friendly interface. There is space for secure file storage and a message board for BCP related communications. When the project is complete, all files and messages are archived and the workspace is taken down.

All meetings with department contacts can be conducted via the Internet using familiar screen-sharing technology. We can involve business unit staff in a meaningful way without pulling them away from their workstation, and without the hassle of setting up conference rooms, juggling technical resources, and granting network access to outsiders.

The result is a high-impact, low intrusion consulting experience. Much more efficient that the traditional delivery method, and at a lower cost.

Thursday, February 16, 2012

Can self-directed teams manage BCP projects?

If you're responsible for Business Continuity Planning in a community bank, odds are you can only spend about 20% of your time on the project. If you're lucky.

Even if you can manage 20%, the time is not evenly distributed. BCP work comes in disruptive bursts, usually driven by the threat of an upcoming audit.

So idea of self-directed, "collaborative" BCP projects is tempting.

You know, where the work is distributed evenly across all business units. Featuring that slick BCP database application that looked so good in demo mode.

But what happens when the project ends badly, and you've got auditors breathing down your neck?

Tuesday, February 14, 2012

Bank Regulatory Examinations: Most Common BCP Findings 2012

Each year I spend a lot of time helping BCP Coordinators in banks prepare for regulatory examinations and audits. I also spend a lot of time preparing responses to examination findings.
So I have anecdotal evidence that I use to predict what the regulatory hot buttons will be in the coming examination cycle, at least as far as BCP is concerned.

Sunday, February 12, 2012

Pandemic Simulation Exercises for Financial Institutions

We've developed a lightweight Pandemic Simulation Exercise that we can deliver via webinar. The only thing the bank has to provide in advance is is a simple two-column Excel spreadsheet - column A is the list of employees and Column B is their department.

Thursday, February 9, 2012

Plans are nothing; planning is everything

Dwight D. Eisenhower, American President, General and Pennsylvania resident.

Wednesday, February 8, 2012

Twitter has become an indispensable emergency monitoring tool.

BCP Coordinators, Facilities managers and media relations managers should get familiar with social networking. Twitter in particular has become the "police scanner" of the Internet age.
You can use Twitter to monitor emergencies before, during and after the event. Crisis events from train wrecks to winter storms to hurricanes have one thing in common: Bursts of Twitter activity that includes snippets of text, pictures and video.

Tuesday, February 7, 2012

Monday, February 6, 2012

Emergency Notification Lists On Smartphones

I conduct meetings -- training sessions and testing exercises -- in banks across the country. A remarkable change has taken place in the past few years -- everyone has a smartphone.
At any given moment during my meetings, something like 60% of the participants are focused on me (in rapt attention, of course). 20% are looking at their phones.
I'm sure they're monitoring the local EMT Twitter feed, or looking at monitoring weather alerts. Certainly not changing their Facebook status or updating their resume on LinkedIn.
The point is that bankers use smartphones nowadays. Constantly.
So smartphones are where emergency notification lists should be.
There are low-cost, and even no-cost, ways to accomplish this. But it takes some resourcefulness and time. Most importantly, you have to be able to achieve what I call "platform independence" for your contact database.

Saturday, February 4, 2012

Monitoring Potential Pandemic Flu Outbreaks

The FFIEC requires that financial institutions monitor potential pandemic outbreaks, so you might as well have some fun doing it!
Screen Cap from healthmap.org/en/
For BCP Coordinators that use mobile devices (and who doesn't?), check out "Outbreaks Near Me". The app uses your device's location services (GPS or IP address lookup) and plots reported outbreaks in your region.
You can see all kinds of outbreaks, or just track one specific virus, such as Avian or Swine Flu.
But it's not limited to flu strains. I'm looking at Pennsylvania now and I can see reported the incidents of a bunch of people who got sick from drinking  contaminated raw milk.
The app is free from http://healthmap.org/outbreaksnearme/ and comes in either iPhone or Android flavor.