The supervisory board had asked the bank’s management to assess its business continuity capabilities, specifically compared to best practice
- Assess the Bank’s current capabilities
- Make recommendations for improvements
- Assess any tail risk implications of current and proposed capabilities
What we did
TORI deployed two experienced SMEs:
- One individual with deep CIO/COO experience having run Crisis Management for a major global bank
- One BCP certified individual with market infrastructure BCP/BCM experience
Discovery exercise: review of documentation, 50+ interviews, 3rdparty reviews and site visits to DR sites, Business Recovery sites, etc.
Assessment phase: primarily using ISO 22301 as the benchmark standard for:
- Technical and commercial capabilities (DR and 3rdparties)
- Business Impact analysis
- Business Continuity Planning
- Emergency Response Planning
- Crisis Management
Assessed the main tail risks: Financial, Reputational, Regulatory and People risks.
Set and calibrated the Bank’s ambition level against each criterion together with management
Created the gap analysis
Presented the final analysis to the Bank’s Board
Knowledge Transfer: A valuable bi-product of our team working so closely with the client was their people’s increased capability and matured working practices.
- TORI delivered a set of recommendations for improvement to reach the desired capability
- The recommendations were prioritised into must do’s, should do’s and optional improvements
- One of the recommendations was to run an authentic scenario exercise which we executed in phase 2, involving the bank’s Crisis Management team and level 1 BCM operators which had great results.