Business Continuity Assessment Tier 2 European Bank

Client Challenge

The supervisory board had asked the bank’s management to assess its business continuity capabilities, specifically compared to best practice.

  • Assess the Bank’s current capabilities
  • Make recommendations for improvements
  • Assess any tail risk implications of current and proposed capabilities

What We Did

TORI deployed two experienced SMEs:

  • One individual with deep CIO/COO experience having run Crisis Management for a major global bank
  • One BCP-certified individual with market infrastructure BCP/BCM experience

Discovery exercise: a review of documentation, 50+ interviews, third-party reviews and site visits to DR sites, Business Recovery sites, etc.

Assessment phase: primarily using ISO 22301 as the benchmark standard for:

  • Technical and commercial capabilities (DR and third-parties)
  • Business Impact analysis
  • Business Continuity Planning
  • Emergency Response Planning
  • Crisis Management
  • Assessed the main tail risks: Financial, Reputational, Regulatory and People risks
  • Set and calibrated the Bank’s ambition level against each criterion together with management
  • Created the gap analysis
  • Presented the final analysis to the Bank’s Board
  • Knowledge Transfer: A valuable byproduct of our team working so closely with the client was their people’s increased capability and matured working practices.

Outcome & Results

  • TORI delivered a set of recommendations for improvement to reach the desired capability
  • The recommendations were prioritised into must do’s, should do’s and optional improvements
  • One of the recommendations was to run an authentic scenario exercise which we executed in phase 2, involving the bank’s Crisis Management team and level 1 BCM operators which had great results

Share on LinkedIn