The supervisory board had asked the bank’s management to assess its business continuity capabilities, specifically compared to best practice.
- Assess the Bank’s current capabilities
- Make recommendations for improvements
- Assess any tail risk implications of current and proposed capabilities
What We Did
TORI deployed two experienced SMEs:
- One individual with deep CIO/COO experience having run Crisis Management for a major global bank
- One BCP-certified individual with market infrastructure BCP/BCM experience
Discovery exercise: a review of documentation, 50+ interviews, third-party reviews and site visits to DR sites, Business Recovery sites, etc.
Assessment phase: primarily using ISO 22301 as the benchmark standard for:
- Technical and commercial capabilities (DR and third-parties)
- Business Impact analysis
- Business Continuity Planning
- Emergency Response Planning
- Crisis Management
- Assessed the main tail risks: Financial, Reputational, Regulatory and People risks
- Set and calibrated the Bank’s ambition level against each criterion together with management
- Created the gap analysis
- Presented the final analysis to the Bank’s Board
- Knowledge Transfer: A valuable byproduct of our team working so closely with the client was their people’s increased capability and matured working practices.
Outcome & Results
- TORI delivered a set of recommendations for improvement to reach the desired capability
- The recommendations were prioritised into must do’s, should do’s and optional improvements
- One of the recommendations was to run an authentic scenario exercise which we executed in phase 2, involving the bank’s Crisis Management team and level 1 BCM operators which had great results