BUSINESS CONTINUITY MANAGEMENT (BCM) INITIATIVES OF THE BANGKO SENTRAL NG PILIPINAS

Similar documents
Global Statement of Business Continuity

Session 5: Business Continuity, with Business Impact Analysis

TSC Business Continuity & Disaster Recovery Session

Business Continuity and Disaster Recovery

INTERNAL AUDIT DIVISION REPORT 2017/138

Business Continuity Management Standards A Side-by-Side Comparison

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

Infocomm Professional Development Forum 2011

Continuity of Business

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Table of Contents. Sample

Introduction to Business Continuity Management

Business continuity management and cyber resiliency

Appendix 3 Disaster Recovery Plan

Public Safety Canada. Audit of the Business Continuity Planning Program

Principles for BCM requirements for the Dutch financial sector and its providers.

Business Continuity: How to Keep City Departments in Business after a Disaster

National Policy and Guiding Principles

AUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014

STRATEGIC PLAN. USF Emergency Management

NORTH CAROLINA NC MRITE. Nominating Category: Enterprise IT Management Initiatives

Operational Risk Management: Major Processes and Assignments

COMMENTARY. Federal Banking Agencies Propose Enhanced Cyber Risk Management Standards

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

Implementing a Global Business

INTERNAL AUDIT DIVISION REPORT 2017/151. Audit of business continuity in the United Nations Interim Force in Lebanon

How to Conduct a Business Impact Analysis and Risk Assessment

Leveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009

Cybersecurity and Data Protection Developments

Information Technology General Control Review

Practitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0

Emergency Operations Center Management Exercise Evaluation Guide

Florida State University

INTERNAL AUDIT DIVISION REPORT 2017/037

Our key considerations include:

Business Resilience & Incident Response Are You Ready?

Introduction to Business continuity Planning

Regulatory Update Cyber Security

Bradford J. Willke. 19 September 2007

PIPELINE SECURITY An Overview of TSA Programs

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

BCM Program Development

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

PECB Change Log Form

Disaster Recovery and Business Continuity Planning (Mile2)

Subject: Audit Report 16-50, IT Disaster Recovery, California State University, Fresno

Any observations not included in this report were discussed with your staff at the informal exit conference and may be subject to follow-up.

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Laws Influence Business Continuity and Disaster Recovery Planning Among Industries

Business Continuity Management

300 Riverview Plaza Odysseus Marcopolus, Chief Operating Officer Trenton, NJ POLICY NO: SUPERSEDES: N/A VERSION: 1.0

Regional Resilience: Prerequisite for Defense Industry Base Resilience

Drinking Water Emergency Management Ministry of the Environment 2012 Drinking Water Leadership Summit October 25, 2012

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Data Recovery Policy

Quality Infrastructure Investment: Resilient Approaches and Examples from East Asia and the Pacific

BUSINESS CONTINUITY MANAGEMENT

UL and Business Continuity

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Business Continuity Policy

Driving Global Resilience

Subject: Audit Report 18-84, IT Disaster Recovery, California State University, Sacramento

Business Continuity Management Program Overview

NGA Governor s Energy Advisors Energy Policy Institute Resiliency Panel

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

Earthquake Preparedness

HENRY EE, FBCI, CBCP

Facilities Management and Business Continuity. 10 May 2017

Continuity of Operations During Disasters: Electronic Systems and Medical Records

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY

Discussion on MS contribution to the WP2018

Business Continuity Planning

Defining the Challenges and Solutions. Resiliency Model. A Holistic Approach to Risk Management. Discussion Outline

DHS Cybersecurity: Services for State and Local Officials. February 2017

Policy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018

Memorandum APPENDIX 2. April 3, Audit Committee

Risk Management. Continuity Management

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

FTA Safety and Security Initiatives

Business Continuity - An Inside Perspective

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

About Issues in Building the National Strategy for Cybersecurity in Vietnam

The Office of Infrastructure Protection

The NIST Cybersecurity Framework

Writing a business continuity plan according to ISO Presenter: Dejan Kosutic

The J100 RAMCAP Method

Member of the County or municipal emergency management organization

BCP At Bangkok Bank, Thailand

Cybersecurity & Privacy Enhancements

Policy. Business Resilience MB2010.P.119

HOTEL RESILIENT Plan ahead stay ahead. With support from the German Government through

Business Continuity Planning. PDI January 14 th, 2018

Contents CHAPTER 1 CHAPTER 2. Recommended Reading. Chapter-heads. Electronic Funds Transfer) Contents PAGE

RBI GUIDELINES ON CYBER SECURITY AND RAKSHA APPROACH

HFA Implementation Review Simplified Version for ACDR2010

GUIDANCE NOTE ON CYBERSECURITY

Community-Based Water Resiliency

Global Security Advisor

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Making YOUR Organization More Efficient and Effective Through Business Continuity / Continuity of Operations Planning

Transcription:

BUSINESS CONTINUITY MANAGEMENT (BCM) INITIATIVES OF THE BANGKO SENTRAL NG PILIPINAS Dickenson Y. Africa, CPA, CISA, MBA, CBCLA Head of Business Continuity Office Bangko Sentral ng Pilipinas 16 March 2017 De La Salle University Manila

The Essential Sectors as identified by the NDRRMC

As of September 2016 Total Number of Banks in the Philippines 11,024 (613 head offices and 10,411 branches) 6,147 Universal & Commercial Banks 2,180 Thrift Banks 2,697 Rural & Coop Banks 41 Head Offices 6,106 Branches 64 Head Offices 2,116 Branches 508 Head Offices 2,189 Branches Source: www.bsp.gov.ph

Total Number of ATMs in the Philippines As of September 2016 15,870 Universal & Commercial Banks 8,652 Onsite 7,218 Offsite 2,175 Thrift Banks 1,368 Onsite 807 Offsite 515 Rural & Coop Banks 450 Onsite 65 Offsite Source: www.bsp.gov.ph

Total Number of Electronic Banking Facilities in the Philippines As of September 2016 35 Universal & Commercial Banks 34 Thrift Banks 52 Rural & Coop Banks Source: www.bsp.gov.ph

BSP Regulatory Framework for BCM Objectives Minimize disruption of basic banking services Minimize financial losses Resume critical operations within the shortest possible time from the occurrence of the disaster Continue upholding consumer protection Avoid systemic impact within the financial services industry

Highlights BSP Regulatory Framework for BCM (cont d.) Comprehensive and updated Business Continuity Plan (BCP) BCM oversight structure Communication plan and outreach strategy Back-up operations center/ alternate site Periodic validation, testing and review

BSP Regulatory Framework for BCM (cont d.) 2001 Circular Letter dated 26 September 2001 Requiring Banks to Prepare and Submit BCPs to BSP Circular Letter dated 3 October 2001 Requiring Non-Bank Financial Institutions (NBFIs) to Prepare and Submit BCPs to BSP

BSP Regulatory Framework for BCM (cont d.) 2003 Memorandum to all Banks and NBFIs dated 3 April 2003 Requiring the Submission of Updated BCPs to BSP Memorandum to all Banks and NBFIs with Head Offices Located in Metro Manila, Metro Cebu and Metro Davao dated 20 October 2003 Requiring the said entities to furnish BSP with information on their Back-Up Site Arrangements

BSP Regulatory Framework for BCM (cont d.) 2004 2013 Memorandum to all Banks and NBFIs dated 22 January 2004 Guidelines on the Establishment of Back-up Operation Centers and Data Recovery Sites Circular No. 808 dated 22 August 2013 Guidelines on Information Technology Risk Management for all Banks and other BSP-supervised institutions

BSP Regulatory Framework for BCM (cont d.) Key Elements of a BCP Identification of missioncritical functions Identification of different threat/crisis scenarios Identification of recovery objectives for sustained operations of mission-critical functions Formulation of a disaster preparedness, emergency response, and business restoration plans

Initiatives of the Banking Sector

Initiatives of the Banking Sector (cont d.) WORST-CASE SCENARIO Financial institutions have: Liquidity contingency plans Business continuity resources Documented processes to o o o execute business continuity procedures operate on offline mode or revert to manual procedures allow cash withdrawal services

BSP Resiliency Framework

BSP s Resiliency Model IMT Formulate policies and plans of actions on matters relating to physical safety, disaster preparedness, crisis or emergency management Operate the IMT Operations Center (IMTOC) on 24/7 basis BCO Serve as the central unit for all queries related to BCM in BSP Ensure continuous improvement of frameworks, policies, practices, and guidelines covering BCM to align with international standards and best practices

BSP s Resiliency Model IM Chief Crisis Officer - Governor BCM Executive Officer - IMT Incident Management Team Business Continuity Office BSP Business Continuity Management Team (BCMT) IMT Level 3 per Department/Office Departmental BCMT DRIKL2016/PAPER 4-DICKENSON Y.AFRICA

BSP s BCMS Scope 22 Regional Offices and Branches Head Office, Manila Security Plant Complex, Quezon City DRIKL2016/PAPER 4-DICKENSON Y.AFRICA

Current BCMS Implementation Establishment/ preparation of: ORM-BCM BCP template, plans and OLAs Alternate site with required resources Linkages with various stakeholders Identification of: Business Continuity Management Teams Critical business functions Business continuity strategies Key contacts and interdependencies Conduct of: Review of BCMS implementation BIA, RA and TRA BC tests and exercises BC awareness initiatives DRIKL2016/PAPER 4-DICKENSON Y.AFRICA

ORM-BCM Continual improvement Framework & Policies BC procedures BC protocols BC org. structure DRIKL2016/PAPER 4-DICKENSON Y.AFRICA

BSP s Mission-Critical and Support Functions Payments and settlements (Real-Time Gross Settlement) Lending and credit Treasury operations Currency management Accounting operations ICT, Facilities, Human Resource, and Security DRIKL2016/PAPER 4-DICKENSON Y.AFRICA

People Utilities Facilities Business Continuity Procedures Natural Disasters or Threats Man-Made Threats U n a v a i l a b i l i t y DRIKL2016/PAPER 4-DICKENSON Y.AFRICA

Business Continuity Procedures Activation Mobilization Recovery Post Restoration and Return Restoration and Return Resumption DRIKL2016/PAPER 4-DICKENSON Y.AFRICA

Testing and Awareness Program BCM Exercises Integrated Business Continuity Exercise Component or Business Unit Tests Call-Tree Tests Evacuation Drills Community-Wide Exercises BCM Awareness Program Workshops, plenary and focus group discussions Lectures, email broadcasts, intranet

Embedding of Practices BCM linkage with: Enterprise Risk Management (Risk Assessment) Systems and Methods (QMS) Internal Audit Others o o Human Resource Training BCM ERM IA QMS DRIKL2016/PAPER 4-DICKENSON Y.AFRICA

Other Initiatives Participation in professional organizations, fora and other networking opportunities Linkages with other government agencies (Office of Civil Defense, Local Government Units, House of Representatives) Participation in community-wide exercises and drills Enforcement through regulated entities Creation of Technical Working Groups DRIKL2016/PAPER 4-DICKENSON Y.AFRICA

Ongoing Initiatives of the BSP WORST-CASE SCENARIO BSP mission-critical functions can operate following existing business continuity protocols BSP primary and alternate sites are equipped with adequate resources BSP structures are structurally sound and are wellsecured Both BSP primary and alternate sites have redundant power and communication infrastructure DRIKL2016/PAPER 4-DICKENSON Y.AFRICA

Overall Preparedness and the Way Forward BSP s robust regulatory framework and the banking sector s preparedness initiatives will ensure the availability of critical banking services to the public. Regular coordination will be constantly done with the banking sector to ensure readiness even in a worst-case scenario. DRIKL2016/PAPER 4-DICKENSON Y.AFRICA

Key takeaways Governance is a critical success factor BCM is a way of life, resiliency does not happen overnight Coordination is vital to successful BCM implementation BCPs serve as guides but flexibility and common sense are also vital Practice makes perfect! DRIKL2016/PAPER 4-DICKENSON Y.AFRICA

Dickenson Y. Africa, CPA, CISA, MBA, CBCLA Head of Business Continuity Office Bangko Sentral ng Pilipinas dafrica@bsp.gov.ph DRIKL2016/PAPER 4-DICKENSON Y.AFRICA

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback