A financial institution executive recently told me, “The difference between firefighting and fire prevention is a good contingency plan.” While logic and experience tell us the best time to prepare for a disaster or work interruption is before it happens, right after being involved in something like COVID-19 is the next best opportunity to start putting lessons learned into play.
The pandemic has put unprecedented strain on financial institutions. Employees are working from home, many with no idea of when they will return to the office. Visa recently extended work-from-home for most employees through 2020. Eighty-one percent of FI executives surveyed by Digital Banking Report believe there will be an even greater remote working opportunity in the future.
Meanwhile, bank and credit union customers are learning, by necessity, how to access their accounts, sign critical documents and close on loans without going to a branch. Cornerstone Advisors research found that institutions with digital offerings in place were able to quickly steer their customers to online channels – even if they had not used them before. In April alone, digital account openings rose 7% and online logins increased by 18%.
Digital servicing presents a huge opportunity for financial institutions – if they are positioned to accommodate the need. FIs with digital delivery capabilities that lacked the ability to meet the unforeseen demand of this pandemic learned a painful lesson the hard way.
Bank Director’s 2020 Risk Survey asked banks that had weathered a natural disaster in the last two years if they were satisfied with their institutions’ business continuity plans. The majority, or 79%, indicated they were. Of the 21% that weren’t satisfied, 18% said they made changes as a result of the event. Cheers to these smart banks. But what about the 3% that said they have no plans to change their business continuity approach? How many times can an institution get lucky?
While this pandemic might not be thought of as a “typical” natural disaster, it is similarly straining segments of the economy that directly affect financial institutions. In turn, it is causing many FIs to dramatically alter their risk profiles.
Regulatory requirements mandate that all financial institutions have some type of disaster recovery and business continuity plans in place. Disaster recovery plans usually focus on the information technology infrastructure, systems and applications of an organization with the goal of getting them back up and running as fast as possible once a disaster occurs. Business continuity plans, on the other hand, address what is needed outside of technology for an organization to continue to function and service its customers.
The message coming out of the pandemic is clear: It’s time for financial institutions to evaluate how well their disaster recovery and business continuity plans worked. Now, while everything is fresh, is when institutions should review and update these plans so they are better prepared for the next disaster no one saw coming.
Great business continuity plans follow a few simple guidelines. Here are six that can serve as the basis for success in the unwelcome event of another major disruption:
Today, most cloud providers that operate in financial services have Class 4 data centers. They have twice the capacity need for nightly processing, and full redundancy in a disaster recovery site if they are impacted. Many software as a service (SaaS) providers load balance between multiple sites, making outages and disruptions rare if not non-existent.
All core providers and most of the major non-core providers have preferred disaster recovery sites or business partners that can help make picking a site easy. Financial institutions can get a better deal with an outside provider, and testing what is available with primary providers will help the institution decide if the savings are worth the extra risk and effort.
What good is a plan that is written and stored in a notebook on the shelf? Testing key aspects of the plan annually with desktop exercises or more formal scenario planning prepares staff and the institution for most if not all disruptions.
Documenting test results raises awareness and creates an audit trail for examiners and shareholders. It also provides executives with testing scenarios that can strengthen the plan. Ultimately, when it is time to declare a disaster and implement the plan, leadership needs to know the institution’s options and have confidence in the likelihood of the plan’s success.
During the pandemic, many institutions scrambled to create operational procedures in light of social distancing and community shutdowns. But what would you do if your facility were under water or structurally damaged? Although we have recently heard of many heroic responses, a critical eye tells us there were many unprepared institutions. Making time now to document processes and procedures provides the institution with a complete, collaborative analysis with the luxury of time as opposed to responding to crisis in the heat of the moment under the influence of fear, uncertainty and doubt.
For this step, look though the customer’s lens from the outside in. What does the institution do for customers who can’t conduct business in the branches or get to ATMs? How well is the institution delivering digital products and services? In the days following initial shutdowns, many institutions and vendors buckled under the digital load as people rushed online.
* * *
Though COVID-19 caught the world off guard, bank and credit union executives and their staffs have demonstrated three months of heroic response. Now it is incumbent on these leaders to learn from this experience and improve their internal operations and external servicing capabilities.
It is never too late to be prepared.
