While many professionals view crisis management as emergency response, business continuity or, as a business issue, a potential public relations calamity, true crisis management is multi-faceted and should be thoroughly integrated into your organization’s structure and operations. To arrive at an effective level of crisis management requires a thorough internal analysis, strategic thinking and sufficient discussion – with everyone speaking the same language.
As an umbrella term, crisis management encompasses all activities involved when a financial firm responds to a significant incident – beyond earth, wind, fire, to hazmat, explosions, flooding, terrorism, bird flu, hostage-taking, power blackouts – with an effective crisis management program in sync with the organization’s mission and integrated plans covering emergency response, business continuity, crisis communications, disaster recovery, staff safety, system security, humanitarian help.
We asked industry experts to share their opinions as to how financial firms must move beyond paying lip service to crisis management preparedness.
- Simply put, why does crisis management matter?
- What are three key benefits of creating an effective enterprise-wide risk management framework today?
- On a scale of 1 to 10 (10 being highest), how prepared are the majority of financial firms today to deal with a critical business continuity situation?
- Just how important are actual testing, drills and simulation exercises? Do staff really care?
- Who should drive a firm’s crisis management program: an ops, financial or IT executive?
Alex Tabb
Partner / Practice Leader, Crisis Management
TABB Group
Alex, simply put, why does crisis management matter?
When every second counts, a comprehensive, effective CM program can spell the difference between a firm’s ability to weather a crisis or not by providing the framework by which senior leadership can rapidly assess a given situation, make critical decisions and push out their message in a timely manner.
What are three key benefits of creating an effective enterprise-wide risk management framework today?
An ERM system allows you to gain comprehensive mechanisms for identifying, assessing and analyzing risk on an institutional basis.
Second, it provides for better organizational effectiveness by connecting disparate operational elements within large organizations.
Third, they create a risk management, not a risk-avoidance, environment.
How prepared are the majority of financial firms today to deal with a critical business continuity situation?
Larger firms oftentimes have regulatory obligations that mandate effective BC capabilities tested by the institution and reviewed by regulators. Meanwhile, smaller institutions, such as small buy-side or lending institutions, often have only barebones capabilities limited to simple disaster recovery plans.
On a scale of 1 to 10, how important are testing, drills and simulation exercises?
10! What separates a well-prepared firm from one that isn’t is the importance placed on exercises and drills, which provide planners with real data on how well prepared the firm may be. It speaks to institutional preparedness, highlighting strengths, uncovering incorrect or overly optimistic planning assumptions and exposing potential vulnerabilities.
Who should drive a firm’s crisis management program: an ops, financial or IT executive?
It’s not so much ‘who should drive,’ but ‘how should the program be driven.’ During a crisis, people rely upon what they know and what they are comfortable with. The key is leveraging existing organizational structures to create an environment where information can flow in an orderly, consistent manner. What matters is that the individuals who have to manage the crisis are comfortable with the mechanisms in place and that the mechanics provide timely, accurate information that will allow an institution to respond in an effective manner.
Neil Robertson
Group CEO
The Neverfail Group
Neil, in your opinion, why does crisis management matter?
More than just reacting to the latest disaster affecting your business, ultimately it’s about your employees, customers and your business reputation. As we saw during Katrina, basic needs of food, shelter and clothing must be attended to first. Encourage and assist your employees to make their own crisis plans, making sure they know how the business will react to various disasters.
According to Jonathan Bernstein, president of Bernstein Crisis Management, ‘Every dollar invested in crisis preparation averts $7 in losses.’
Clearly, crisis management is about planning ahead and implementing disaster recovery processes and solutions now, to ensure the continuity of your business.
What are three key benefits of creating an effective enterprise-wide risk management framework?
Ensuring users can continue to access working applications to do their job, eliminating commercial and IT management costs associated with system downtime and protecting the productivity, revenue and reputation of your business.
How prepared are the majority of financial firms?
Sadly, recent statistics show that only 37 percent of attendees at the Association for Financial Professionals conference felt their organization was well prepared to handle an event similar to Katrina. However, a recent IDC survey showed that disaster recovery is the number one priority of 53 percent of respondents. Clearly, this is an important focus for most businesses, including financial firms.
But how important are actual testing, drills and simulation exercises?
Testing, drills and communicating your crisis management plans to your employees are extremely important with testing topping the list for a company’s IT infrastructure. According to Infonetics, you can lose up to 16 percent of annual revenue due to downtime. Plus, Gartner Group says 93 percent of companies that experience a major data loss are out of business within five years.
Who should drive?
Ideally, all three with either the CEO or the highest-ranking executive on the committee driving the effort.
Bill Hartnett
General Manager, Insurance Solutions Group
Microsoft Corporation
Bill, why does crisis management matter?
It is the responsible thing to do for your own survival and for those depending on you. For financial firms, the obligation and the standard of performance are higher.
Key benefits?
First, living up to your obligations. The importance of trust in the financial services relationship does not end when things go badly.
Second, survival. After Katrina, I read a story about two New Orleans law firms. One is no longer around because they didn’t plan for even the obvious disaster of a major flood in a city situated below sea level. The other flew their attorneys to Houston, set up shop in temporary quarters and restored their files from off-site back-ups.
How prepared are the majority of financial firms?
While no one’s at 10 and no one’s at one either, the vast majority of financial firms are aware of the risks and doing their best to prepare. But warding off complacency takes strong leadership to keep firms focused.
Just how important is actual testing?
A History Channel program on the 9/11 WTC attack focused on the efforts of a risk manager for a major firm before and after the attack. After the 1993 bombing, he realized the evacuation procedures were completely inadequate for what he believed would be an inevitable larger attack. He spearheaded improvements in building safety, but more importantly, he drilled, drilled, drilled. Even the CEO had to participate.
As a result, everyone in his firm knew what to do on 9/11. They didn’t necessarily know what was happening or how bad it was, they just knew they had to get out and how to do it. It was second nature. The drills became an inside joke, but the staff cared because someone cared. His commitment saved lives.
Who should drive?
Someone who believes in what they’re doing, can inspire others and can continue to work hard with little recognition or appreciation.
David Miner
Director, Financial Services, Industry Solutions
Symantec
David, why does crisis management matter?
Banks have long been targets for external attack and given the need for essential banking services during a temporary business interruption caused by a natural disaster or human error, there has never been a good excuse for a branch to be closed. However, the industry is evolving from reactive to proactive enterprise risk management by shifting to newer technologies that help financial institutions focus on the resiliency of their business.
Three key benefits of creating an effective ERM framework today?
Investors’ confidence in corporate America has been undoubtedly shaken to the core. Without a clear focus on and vision for an enterprise-wide risk management framework, your business can suffer truly significant losses. While most of these losses may be monetarily survivable, they can have an insurmountable impact on your business image and risk-avoidance programs, ultimately affecting your bottom line through lost revenue and minimized profits.
How prepared are the majority of financial firms today?
It’s difficult to be specific. While we have seen the financial industry demonstrate heightened awareness and overall improvements, executives with direct responsibility for business continuity continue to tell us that significant gaps in overall preparedness still remain.
How important are testing, drills and exercises?
All plans, systems, processes and methods of communication should be thoroughly and regularly tested – individually and in conjunction with third parties as needed – to ensure that they work. Financial institutions should also have a plan for continuous maintenance and improvement.
Who should drive: an ops, financial or IT executive?
To implement an effective enterprise-wide risk management program, each institution must coordinate across multiple lines of business and with the IT team. A foundation for success must include leadership from executive management and the board of directors. As such, the individual position is not nearly as important as the active participation of each executive across the organization towards a common vision and plan.