Business continuity and the banking industry

Introduction Since the September 11th attacks on the World Trade Center, tsunami disaster, and hurricane Katrina, there has been renewed interest in emergency planning in both the private and public sectors. In particular, as managers realize the size of potential exposure to unmanaged risk, insuring "business continuity" (BC) is becoming a key task within all industrial and financial sectors (Figure 1). Aside from terrorism and natural disasters, two main reasons for developing the BC approach in the finance sector have been identified as unique to it: regulations and business specificities. Regulatory norms are key factors for all financial sectors in every country. Every organization is required to comply with federal/national law in addition to national and international governing bodies. Referring to business decisions, more and more organizations recognize that Business Continuity could be and should be strategic for the good of the business. The finance sector is, as a matter of fact, a sector in which the development of information technology (IT) and information systems (IS) have had a dramatic effect upon competitiveness. In this sector, organizations have become dependent upon technologies that they do not fully comprehend. In fact, banking industry IT and IS are considered production not support technologies. As such, IT and IS have supported massive changes in the ways in which business is conducted with consumers at the retail level. Innovations in direct banking would have been unthinkable without appropriate IS. As a consequence business continuity planning at banks is essential as the industry develops in order to safeguard consumers and to comply with international regulatory norms. Furthermore, in the banking industry, BC planning is important and at the same time different from other industries, for three other specific reasons as highlighted by the Bank of Japan in 2003: • Maintaining the economic activity of residents in disaster areas by enabling the continuation of financial services during and after disasters, thereby sustaining business activities in the damaged area; • Preventing widespread payment and settlement disorder or preventing systemic risks, by bounding the inability of financial institutions in a disaster area to execute payment transactions; • Reduce managerial risks for example, by limiting the difficulties for banks to take profit opportunities and lower their customer reputation. Business specificities, rather than regulatory considerations, should be the primary drivers of all processes. Even if European (EU) and US markets differ, BC is closing the gap. Progressive EU market consolidation necessitates common rules and is forcing major institutions to share common knowledge both on organizational and technological issues. The financial sector sees business continuity not only as a technical or risk management issue, but as a driver towards any discussion on mergers and acquisitions; the ability to manage BC should also be considered a strategic weapon to reduce the acquisition timeframe and shorten the data center merge, often considered one of the top issues in quick wins and information and communication technology (ICT) budget savings.