BUSINESS CONTINUITY MANAGEMENT (BCM) INITIATIVES OF THE BANGKO SENTRAL NG PILIPINAS Dickenson Y. Africa, CPA, CISA, MBA, CBCLA Head of Business Continuity Office Bangko Sentral ng Pilipinas 16 March 2017 De La Salle University Manila
The Essential Sectors as identified by the NDRRMC
As of September 2016 Total Number of Banks in the Philippines 11,024 (613 head offices and 10,411 branches) 6,147 Universal & Commercial Banks 2,180 Thrift Banks 2,697 Rural & Coop Banks 41 Head Offices 6,106 Branches 64 Head Offices 2,116 Branches 508 Head Offices 2,189 Branches Source: www.bsp.gov.ph
Total Number of ATMs in the Philippines As of September 2016 15,870 Universal & Commercial Banks 8,652 Onsite 7,218 Offsite 2,175 Thrift Banks 1,368 Onsite 807 Offsite 515 Rural & Coop Banks 450 Onsite 65 Offsite Source: www.bsp.gov.ph
Total Number of Electronic Banking Facilities in the Philippines As of September 2016 35 Universal & Commercial Banks 34 Thrift Banks 52 Rural & Coop Banks Source: www.bsp.gov.ph
BSP Regulatory Framework for BCM Objectives Minimize disruption of basic banking services Minimize financial losses Resume critical operations within the shortest possible time from the occurrence of the disaster Continue upholding consumer protection Avoid systemic impact within the financial services industry
Highlights BSP Regulatory Framework for BCM (cont d.) Comprehensive and updated Business Continuity Plan (BCP) BCM oversight structure Communication plan and outreach strategy Back-up operations center/ alternate site Periodic validation, testing and review
BSP Regulatory Framework for BCM (cont d.) 2001 Circular Letter dated 26 September 2001 Requiring Banks to Prepare and Submit BCPs to BSP Circular Letter dated 3 October 2001 Requiring Non-Bank Financial Institutions (NBFIs) to Prepare and Submit BCPs to BSP
BSP Regulatory Framework for BCM (cont d.) 2003 Memorandum to all Banks and NBFIs dated 3 April 2003 Requiring the Submission of Updated BCPs to BSP Memorandum to all Banks and NBFIs with Head Offices Located in Metro Manila, Metro Cebu and Metro Davao dated 20 October 2003 Requiring the said entities to furnish BSP with information on their Back-Up Site Arrangements
BSP Regulatory Framework for BCM (cont d.) 2004 2013 Memorandum to all Banks and NBFIs dated 22 January 2004 Guidelines on the Establishment of Back-up Operation Centers and Data Recovery Sites Circular No. 808 dated 22 August 2013 Guidelines on Information Technology Risk Management for all Banks and other BSP-supervised institutions
BSP Regulatory Framework for BCM (cont d.) Key Elements of a BCP Identification of missioncritical functions Identification of different threat/crisis scenarios Identification of recovery objectives for sustained operations of mission-critical functions Formulation of a disaster preparedness, emergency response, and business restoration plans
Initiatives of the Banking Sector
Initiatives of the Banking Sector (cont d.) WORST-CASE SCENARIO Financial institutions have: Liquidity contingency plans Business continuity resources Documented processes to o o o execute business continuity procedures operate on offline mode or revert to manual procedures allow cash withdrawal services
BSP Resiliency Framework
BSP s Resiliency Model IMT Formulate policies and plans of actions on matters relating to physical safety, disaster preparedness, crisis or emergency management Operate the IMT Operations Center (IMTOC) on 24/7 basis BCO Serve as the central unit for all queries related to BCM in BSP Ensure continuous improvement of frameworks, policies, practices, and guidelines covering BCM to align with international standards and best practices
BSP s Resiliency Model IM Chief Crisis Officer - Governor BCM Executive Officer - IMT Incident Management Team Business Continuity Office BSP Business Continuity Management Team (BCMT) IMT Level 3 per Department/Office Departmental BCMT DRIKL2016/PAPER 4-DICKENSON Y.AFRICA
BSP s BCMS Scope 22 Regional Offices and Branches Head Office, Manila Security Plant Complex, Quezon City DRIKL2016/PAPER 4-DICKENSON Y.AFRICA
Current BCMS Implementation Establishment/ preparation of: ORM-BCM BCP template, plans and OLAs Alternate site with required resources Linkages with various stakeholders Identification of: Business Continuity Management Teams Critical business functions Business continuity strategies Key contacts and interdependencies Conduct of: Review of BCMS implementation BIA, RA and TRA BC tests and exercises BC awareness initiatives DRIKL2016/PAPER 4-DICKENSON Y.AFRICA
ORM-BCM Continual improvement Framework & Policies BC procedures BC protocols BC org. structure DRIKL2016/PAPER 4-DICKENSON Y.AFRICA
BSP s Mission-Critical and Support Functions Payments and settlements (Real-Time Gross Settlement) Lending and credit Treasury operations Currency management Accounting operations ICT, Facilities, Human Resource, and Security DRIKL2016/PAPER 4-DICKENSON Y.AFRICA
People Utilities Facilities Business Continuity Procedures Natural Disasters or Threats Man-Made Threats U n a v a i l a b i l i t y DRIKL2016/PAPER 4-DICKENSON Y.AFRICA
Business Continuity Procedures Activation Mobilization Recovery Post Restoration and Return Restoration and Return Resumption DRIKL2016/PAPER 4-DICKENSON Y.AFRICA
Testing and Awareness Program BCM Exercises Integrated Business Continuity Exercise Component or Business Unit Tests Call-Tree Tests Evacuation Drills Community-Wide Exercises BCM Awareness Program Workshops, plenary and focus group discussions Lectures, email broadcasts, intranet
Embedding of Practices BCM linkage with: Enterprise Risk Management (Risk Assessment) Systems and Methods (QMS) Internal Audit Others o o Human Resource Training BCM ERM IA QMS DRIKL2016/PAPER 4-DICKENSON Y.AFRICA
Other Initiatives Participation in professional organizations, fora and other networking opportunities Linkages with other government agencies (Office of Civil Defense, Local Government Units, House of Representatives) Participation in community-wide exercises and drills Enforcement through regulated entities Creation of Technical Working Groups DRIKL2016/PAPER 4-DICKENSON Y.AFRICA
Ongoing Initiatives of the BSP WORST-CASE SCENARIO BSP mission-critical functions can operate following existing business continuity protocols BSP primary and alternate sites are equipped with adequate resources BSP structures are structurally sound and are wellsecured Both BSP primary and alternate sites have redundant power and communication infrastructure DRIKL2016/PAPER 4-DICKENSON Y.AFRICA
Overall Preparedness and the Way Forward BSP s robust regulatory framework and the banking sector s preparedness initiatives will ensure the availability of critical banking services to the public. Regular coordination will be constantly done with the banking sector to ensure readiness even in a worst-case scenario. DRIKL2016/PAPER 4-DICKENSON Y.AFRICA
Key takeaways Governance is a critical success factor BCM is a way of life, resiliency does not happen overnight Coordination is vital to successful BCM implementation BCPs serve as guides but flexibility and common sense are also vital Practice makes perfect! DRIKL2016/PAPER 4-DICKENSON Y.AFRICA
Dickenson Y. Africa, CPA, CISA, MBA, CBCLA Head of Business Continuity Office Bangko Sentral ng Pilipinas dafrica@bsp.gov.ph DRIKL2016/PAPER 4-DICKENSON Y.AFRICA