Bangkok, Thailand. First Chopin International Competition ...
BCP At Bangkok Bank, Thailand - WordPress.com… · BCP At Bangkok Bank, Thailand 1 . ... Security...
Transcript of BCP At Bangkok Bank, Thailand - WordPress.com… · BCP At Bangkok Bank, Thailand 1 . ... Security...
Bhakorn Vanuptikul, BCCE
Executive Vice President
Bangkok Bank Public Company Limited
10 May 2012
BCP At Bangkok Bank, Thailand
1
Agenda
Business Continuity Management at Bangkok Bank
Success Factors in implementing BCM
Past Crisis
Lessons Learned
2
About Bangkok Bank
Largest bank in Thailand
Total assets of US$ 68.3 billions
Profit before taxes of US$1.1 billion reported in 2011
22,000 of employees
960 Branches in Thailand
27 Overseas Branches
3
Why we need Business Continuity
Management?
Financial Sector is an Integral Part of our Economy.
Financial Institutions are IT centric and are interdependent with
others.
Finance Institutions are exposed to several within and outside risks.
Bank of Thailand and Stock Exchange of Thailand require Banks to
do BCP to ensure that the financial system is always functional.
4
BCP will even be more integral part of Financial Services because we are in the higher risk environment.
Global warming and its consequences
Terrorism
Financial Meltdown and Currency Flow
We rely on more digital infrastructures
Multi-national supply chains
New arm races
5
Regulations in Thailand
Financial Institutes and Public Companies are required by Bank of Thailand & Stock Exchange of Thailand to prepare BCM policy & BCP along with these outlines:
BCM policy
Risk Analysis
Business Impact Analysis
Identify Critical Business Functions
Recovery Objectives
Business Continuity Plan
Testing & Reviewing
6
Regulations in Thailand
But the most important of all the guidelines:
Board of Directors are responsible for the setting up of the BCM Policy as well as allocating enough resources to conduct the BCP as part of the overall risk Management.
7
B C M covers many components
To ensure business continuity, Bank has set up the Business Continuity Management (BCM) program, which incorporates DRP, BCP, Security plan, and Crisis Management plan.
DRP (Disaster Recovery Plan)
DRP is prepared to manage the continuity and recovery of systems, data centers, and communication services in the event of disaster.
Bank must have at least 2 Data Centers (which locate in appropriate distance). These 2 data centers back-to-back back up critical applications.
Bank must test DRP annually.
BCP (Business Continuity Plan)
BCP focuses on the continuity of critical functions of the Bank in the event of disaster.
All critical function units have developed and prepared alternate sites distributing to many locations.
Bank must test BCP annually.
Crisis Management plan
The plan details actions to deal with incident, emergency and crisis.
Bank has set up Crisis Management Team which is consisting of senior management and unit head of relevant critical function to be responsible for managing and making critical decision regarding the crisis response.
8
Success Factors in implementing BCM
Strong Management Support
Use Consultant with Track Records
Strong Team with Strong Personnel
Has Good Methodology and Process in place
Know Your Business and Know Your Organization
Simple, Effective but Flexible BCP is Critical to BCM
Each BU is familiar and is testing its BCP regularly
Internal & External Communication is Critical in BCM
10
Political Crisis of May 2010
Bangkok Bank was caught in the Political Crisis of May 2010. The Damages Done:
A few Branches in Bangkok were seriously burned and damages.
Around 100 ATMs were smashed and a few were burned.
Over 40 Branches across the country were damaged with home-made bomb, shot with assault rifles or smashed with rocks and batons.
Luckily, no casualties on staff.
13
How we managed the crisis?
Put priority on safety of our staff and customers at the top.
Set up Crisis Management Team early on to monitor every development of the conflict 24/7.
Has all the BCP in place and test them regularly.
Establish good relationship with the government agencies including Central Intelligent Services, Army and Police Forces.
14
How we managed the crisis?
Keep Low Profile in every operation we do.
Buy Riot Insurance just 2 months ahead of the crisis.
Move Staff to remote back up site before the second clash of army and protesters on May 19, 2010
Get cooperation from the media to keep the news of the damages as low as possible.
Don’t fight back with either words or weapons. This would escalate the situation.
15
Lessons Learned 1
Better External Communication may help reduce the impact from the conflict.
Better Internal Communication would also foster staff’s confidence in the bank’s ability to handle the situation.
Better relationship with communities around our premises could help prevent the fires and damages to properties.
More Backup Locations as some were inside the dangerous zones.
16
Lessons Learned 2
Re-evaluate the Risk Analysis as political conflict was considered to be low risk but high impact.
Re-thinking about key staff and alternates as staff were not able to come to work because of safety concerns.
Re-thinking about equipments and supplies as the event like this, you may not be able to purchase anything.
17
Great Flood of August to November 2011
• 16 Billion Cubic Meter of Water that caused the flood over 14,000 Square Kilometer of Land
• Financial Impacts: US$ 45 Billions in damages and losses to properties, industrial plants, goods and services.
• Impacts to Population: 5 Million Peoples or 1.9 Million Households were effected. 728 deaths, mostly from drowning or electrocution.
18
Crisis Management & BCP Lessons Learned 1
Scenarios study to understand the development of the Disaster.
This is a regional disaster that is:
Slow to take place but would last more than a month.
Not all your facilities will face the disaster at the same time so you will have to deal with them at different stages of the crisis. Set up teams to deal with specific tasks.
You have time to prepare but you would have to fight for the limited resources because everyone wants to do the same.
21
Lessons Learned 2
Transportations
Impact to your staff, logistics, other services.
Electricity
Possible power outage and duration.
Communications
Impact to your work procedures, transactions.
Public Water
Impact to ability to cool the Data Center, life support for staff.
Health cares system
Impact to your staff and their families, possible pandemic diseases after the flood.
Food supply chains.
Impact to your staff and their families during the flood.
Anticipate the potential impacts to:
22
Lessons Learned 3
Monitor the situation and information closely:
There were so many sources of information, sort out which ones are reliable and relevant.
Social networks could be useful and more up to date in this kind of disaster
Information may be neither complete or accurate, try to assess the situation yourself.
Use these information to formulate what will impact you, not only your operation, your business volume, but also your customers’ operations.
23
Lessons Learned 4 Look after your stake holders:
Staff :
Put their welfare as your priority. Allow them to take time off to take care of their houses, their families.
Transportation for staff
Customers :
Provide alternative channel for services
Flexible ways to identify your customers
Match their other needs (no fee for inter-bank transactions)
Communities
Support the communities around your premises.
24
Lessons Learned 5 Focus on some new impacts and new
circumstances.
Impact on your staff availability
More alternate of key staff who live in different area
Foods and beds for BCP staff around backup sites
Impact on your facilities
Power and water supplies
Communications
Establish backup sites outside of the disaster area
Stock up your critical supplies or pre-arrange for them
Impact on your work loads
Impact on your logistics
25
Conclusions
Disaster is dynamic, follow it closely but most importantly, anticipate the potential impacts.
Focus on how to reduce these impacts.
Re-assess your plan, find vulnerabilities that may be associated with this type of disaster but be flexible.
Don’t rely on outside help, they are all busy.
If you remember your staff, your customers in time of need, they will always remember you.
26