With a severe global credit squeeze, news of billions of dollars of asset write-downs, headline grabbing fraud scandals, accelerating merger and acquisition (M&A) activity and anticipated redundancy programmes that look certain to follow, survival is the major concern for many of the world’s major financial firms.
While difficult economic market forces persist, organisations that lose focus on safeguarding business continuity plans may find themselves dangerously exposed to other threats, such as natural disasters, terrorist attacks and the growing risk of a global flu pandemic.
The senior executives of global financial services organisations have their plates full right now and are surely not losing sleep wondering about the impact their decisions are having on the status of their business continuity plans. Making bold and tactical decisions are the order of the day and may be the key to longer term strategic survival. However, are the biggest banks facing mounting risks caused by eroding their defences against longer term risks outside of those connected with the declining global economy?
In a sector that is navigating the stormy waters caused by a North American economic slowdown, the sub-prime mortgage crisis and resulting credit crunch, many financial services firms are struggling to keep up. There appears to be increased risk of default with attendant concerns over potential contagion effects across the markets. There have been recent runs on reputable blue-chip retail banks, and of the largest financial institutions writing off billions of dollars from their balance sheets. The perception is that few organisations in today’s marketplace are untouchable. With US financial services companies having eliminated more than 60,000 jobs since the middle of 2007, and a recent report by UK consultancy Experian that predicts as many as 20,000 job losses in London alone in 2008, the tides look set to continue to change. Adding to this, the seemingly unstoppable progress of globalisation in capital markets resulting in significant cross-border M&A activity adds yet more fuel to the fires of change.
As financial services organisations fight to prevent themselves being holed below the waterline by the daily threats thrown at them by their environments, how confident can their executives be that their business continuity plans are still relevant? We have identified two key areas of business continuity planning that could be overlooked whilst dealing with more immediate pressures - interconnectivity of systems, and staff attrition.
Rapid consolidation through mergers and acquisitions has resulted in financial behemoths encompassing a variety of brands and sectors. Although huge sums have been spent integrating and developing critical systems and supply-chains, how thoroughly have these new dependencies and relationships been accounted for and tested in an emergency exercise? Such group-wide interconnectivity presents the risk of the domino effect, as disaster hitting one part cascades across the group, causing paralysis and financial and reputational damage
Another key element of any business continuity plan is the identification of key personnel and their roles in an emergency situation. The changes within the financial services sector have resulted in large amounts of staff attrition and movement; stemming from both proactive consolidation and the reactive redundancies forced by the economic downturn. Such turnover magnifies the risk that plans will be out of step with reality, not only with identified key employees no longer working for the company, but the roles or departments may not even exist any more.
It is essential that financial services organisations regularly revisit their business continuity plans. Historically, such an activity has been perceived as an IT-owned and driven process; this is a misconception. Ownership by the business is crucial, as issues to be regularly addressed will range from the identification of core services and departments, and their critical staffing levels, through to crisis communication strategy and ensuring ongoing regulatory compliance
Without such plans in place, the major institutions are exposed to threats that could prove far more disastrous than those caused by the current short term economic uncertainty. Of course, only the individual organisation truly knows how long the lights can go out on its operations before it goes under. The worst case, of course, is that it will not know the answers to these questions until a disaster hits.
So, before drinking their nightcaps tonight, the CEOs and heads of operations in the global markets should take a second to consider the implications of all these changes on their business continuity contingency plans. Do they know the consequences to their organisation if a disaster were to occur overnight, and if so, are they ready?
Martin Pluves, Sonja Stevanovic and Andrew Peel are senior consultants in the Financial Services and IT practices at PA Consulting Group in London.