BCP At Bangkok Bank, Thailand

Similar documents
November 14, Emergency Management and Hurricane Irma. Florida Human Resources People and Strategy (FLHRPS)

THE LINK BETWEEN ENTERPRISE RISK MANAGEMENT AND DISASTER MANAGEMENT

INFORMATION SECURITY- DISASTER RECOVERY

Making YOUR Organization More Efficient and Effective Through Business Continuity / Continuity of Operations Planning

Business Continuity - An Inside Perspective

Prepare your Emergency respons, continuity plan, recovery plan

Business continuity management and cyber resiliency

BCM s Role in Effective Risk Management: A Risk Manager s Point of View

Business Continuity: How to Keep City Departments in Business after a Disaster

Emergencies: Protecting Staff & Assets. Presented By: Tom Heebner, CSP, ARM, ABCP AVP / Risk Consultant HUB International Limited

Introduction to Business continuity Planning

Business Continuity. Policies. Promotion Framework

CIPMA CRITICAL INFRASTRUCTURE PROTECTION MODELLING & ANALYSIS. Overview of CIP in Australia

Crisis Management at Disneyland Paris Eric Cosset (Disneyland Paris) 27/09/2017

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Telecommunications: Preventing Service Disruption

FINNISH APPROACH TO CRITICAL INFRASTRUCTURE PROTECTION

The Federal Council s Basic Strategy. for Critical Infrastructure Protection

Recovery and Reconstruction. towards disaster resilient communities - from lessons learnt in Japan - 24 August 2004.

HOTEL RESILIENT Plan ahead stay ahead. With support from the German Government through

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Critical Infrastructure Resilience

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Business Continuity Policy

CRITICAL INFRASTRUCTURE AND KEY RESOURCES

Table of Contents. Sample

Emergency Management BCERMS Orientation

Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013

Shared Responsibility: Roles and Responsibilities in Emergency Management Geoff Hay

April Appendix 3. IA System Security. Sida 1 (8)

NATIONAL DISASTER PREPAREDNESS IN TURKEY

Business Continuity Planning. PDI January 14 th, 2018

Weathering the Perfect Storm:

Facilities Management and Business Continuity. 10 May 2017

Disaster Recovery and Business Continuity Planning (Mile2)

Session 5: Business Continuity, with Business Impact Analysis

Critical Infrastructure

Policy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

Implementing BCM Frameworks. Monday 19 November Aidan O Brien Head of Resilience and Security National Australia Group Europe

Securing Industrial Control Systems

National Policy and Guiding Principles

BCP evolution at the Colombian Central Bank

Strengthening Disaster Readiness. Moving from capacity to capability

BUSINESS CONTINUITY. Topics covered in this checklist include: General Planning

Business Resilience & Incident Response Are You Ready?

Directive on Security of Network and Information Systems

FDIC InTREx What Documentation Are You Expected to Have?

Florida State University

HFA Implementation Review Simplified Version for ACDR2010

AtoS IT Solutions and Services. Microsoft Solutions Summit 2012

7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network

Business Continuity An Integral Part of Risk Management At Constellation Energy

DISASTER RISK MANAGEMENT (DRM/DRR) TEAM

Local Government Disaster Planning and what can be learned from it.

EMERGENCY MANAGEMENT

INTERNAL AUDIT DIVISION REPORT 2017/138

Emergence of Business Continuity to Ensure Business and IT Operations. Solutions to successfully meet the requirements of business continuity.

2017 RIMS CYBER SURVEY

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Security Guideline for the Electricity Sector: Business Processes and Operations Continuity

Integration of Business Continuity, Emergency Preparedness, and Emergency Response

Mississippi Emergency Management Agency. Brittany Hilderbrand & Kamika Durr. Office Of Preparedness

AAPA Smart Ports. Cyber Management for Ports Panel. Small Port Cyber Security Workshops. March 6, 2018

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

UL and Business Continuity

Parkroyalon Kitchener Road 5th December 2007

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

ACTIVE SHOOTER RESPONSE CAPABILITY STATEMENT. Dynamiq - Active Shooter Response

Click here to access the detailed budget summary. Total 1,280,000

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Energy Assurance Plans

SM04: Transforming Your Security Command Post into a Strategic Information Nerve Center

Max Security Solutions

Introduction. Overview. Every Crisis Management Team Needs a Critical Decision Checklist. Presented by Roseanne Rostron, CBCP President Raido Response

Homeland Security and Geographic Information Systems

Public and Private Interdependencies Filling a Gap in Most Continuity Plans

Disaster Recovery Planning: Is Your Plan in Place? Presented by: Steve Shofner, CISA, CGEIT

Keeping it Simple Driving BCM Program Adoption Through Simplification

Building the Business Case for Emergency Notification

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Kodagu District Disaster Management Plan

Continuity of Business

Template. IT Disaster Recovery Planning: A Template

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Promoting Quality Infrastructure Investment

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release September 23, 2014 EXECUTIVE ORDER

Smart Cities and Security. Security - 1

Business Continuity Management Program Overview

SAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx

South East Region THIRA

2012 Business Continuity Management for CRISIS. Network Infrastructure for BCM

Global Crisis Management at Target

Critical Information Infrastructure Protection Law

Meeting the Challenges of Enhancing Power Sector Resilience

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

University Information Systems. Administrative Computing Services. Contingency Plan. Overview

Global Crisis Management at Target

Manager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre

2 ESF 2 Communications

Transcription:

BCP At Bangkok Bank, Thailand Bhakorn Vanuptikul, BCCE Executive Vice President Bangkok Bank Public Company Limited 10 May 2012 1

Agenda Business Continuity Management at Bangkok Bank Success Factors in implementing BCM Past Crisis Lessons Learned 2

About Bangkok Bank Largest bank in Thailand Total assets of US$ 68.3 billions Profit before taxes of US$1.1 billion reported in 2011 22,000 of employees 960 Branches in Thailand 27 Overseas Branches 3

Why we need Business Continuity Management? Financial Sector is an Integral Part of our Economy. Financial Institutions are IT centric and are interdependent with others. Finance Institutions are exposed to several within and outside risks. Bank of Thailand and Stock Exchange of Thailand require Banks to do BCP to ensure that the financial system is always functional. 4

BCP will even be more integral part of Financial Services because we are in the higher risk environment. Global warming and its consequences Terrorism Financial Meltdown and Currency Flow We rely on more digital infrastructures Multi-national supply chains New arm races 5

Regulations in Thailand Financial Institutes and Public Companies are required by Bank of Thailand & Stock Exchange of Thailand to prepare BCM policy & BCP along with these outlines: BCM policy Risk Analysis Business Impact Analysis Identify Critical Business Functions Recovery Objectives Business Continuity Plan Testing & Reviewing 6

Regulations in Thailand But the most important of all the guidelines: Board of Directors are responsible for the setting up of the BCM Policy as well as allocating enough resources to conduct the BCP as part of the overall risk Management. 7

B C M covers many components DRP (Disaster Recovery Plan) DRP is prepared to manage the continuity and recovery of systems, data centers, and communication services in the event of disaster. Bank must have at least 2 Data Centers (which locate in appropriate distance). These 2 data centers back-to-back back up critical applications. Bank must test DRP annually. BCP (Business Continuity Plan) BCP focuses on the continuity of critical functions of the Bank in the event of disaster. All critical function units have developed and prepared alternate sites distributing to many locations. Bank must test BCP annually. To ensure business continuity, Bank has set up the Business Continuity Management (BCM) program, which incorporates DRP, BCP, Security plan, and Crisis Management plan. Crisis Management plan The plan details actions to deal with incident, emergency and crisis. Bank has set up Crisis Management Team which is consisting of senior management and unit head of relevant critical function to be responsible for managing and making critical decision regarding the crisis response. 8

Business Continuity Management Process 9

Success Factors in implementing BCM Strong Management Support Use Consultant with Track Records Strong Team with Strong Personnel Has Good Methodology and Process in place Know Your Business and Know Your Organization Simple, Effective but Flexible BCP is Critical to BCM Each BU is familiar and is testing its BCP regularly Internal & External Communication is Critical in BCM 10

Lessons Learned from Previous Crisis Political Crisis of May 2010 Great Flood of November 2011 11

Political Crisis of May 2010 12

Political Crisis of May 2010 Bangkok Bank was caught in the Political Crisis of May 2010. The Damages Done: A few Branches in Bangkok were seriously burned and damages. Around 100 ATMs were smashed and a few were burned. Over 40 Branches across the country were damaged with home-made bomb, shot with assault rifles or smashed with rocks and batons. Luckily, no casualties on staff. 13

How we managed the crisis? Put priority on safety of our staff and customers at the top. Set up Crisis Management Team early on to monitor every development of the conflict 24/7. Has all the BCP in place and test them regularly. Establish good relationship with the government agencies including Central Intelligent Services, Army and Police Forces. 14

How we managed the crisis? Keep Low Profile in every operation we do. Buy Riot Insurance just 2 months ahead of the crisis. Move Staff to remote back up site before the second clash of army and protesters on May 19, 2010 Get cooperation from the media to keep the news of the damages as low as possible. Don t fight back with either words or weapons. This would escalate the situation. 15

Lessons Learned 1 Better External Communication may help reduce the impact from the conflict. Better Internal Communication would also foster staff s confidence in the bank s ability to handle the situation. Better relationship with communities around our premises could help prevent the fires and damages to properties. More Backup Locations as some were inside the dangerous zones. 16

Lessons Learned 2 Re-evaluate the Risk Analysis as political conflict was considered to be low risk but high impact. Re-thinking about key staff and alternates as staff were not able to come to work because of safety concerns. Re-thinking about equipments and supplies as the event like this, you may not be able to purchase anything. 17

Great Flood of August to November 2011 16 Billion Cubic Meter of Water that caused the flood over 14,000 Square Kilometer of Land Financial Impacts: US$ 45 Billions in damages and losses to properties, industrial plants, goods and services. Impacts to Population: 5 Million Peoples or 1.9 Million Households were effected. 728 deaths, mostly from drowning or electrocution. 18

Geographical extent of the flood 19

Great Flood of 2011 20

Crisis Management & BCP Lessons Learned 1 Scenarios study to understand the development of the Disaster. This is a regional disaster that is: Slow to take place but would last more than a month. Not all your facilities will face the disaster at the same time so you will have to deal with them at different stages of the crisis. Set up teams to deal with specific tasks. You have time to prepare but you would have to fight for the limited resources because everyone wants to do the same. 21

Transportations Impact to your staff, logistics, other services. Electricity Possible power outage and duration. Communications Impact to your work procedures, transactions. Lessons Learned 2 Anticipate the potential impacts to: Public Water Impact to ability to cool the Data Center, life support for staff. Health cares system Impact to your staff and their families, possible pandemic diseases after the flood. Food supply chains. Impact to your staff and their families during the flood. 22

Lessons Learned 3 Monitor the situation and information closely: There were so many sources of information, sort out which ones are reliable and relevant. Social networks could be useful and more up to date in this kind of disaster Information may be neither complete or accurate, try to assess the situation yourself. Use these information to formulate what will impact you, not only your operation, your business volume, but also your customers operations. 23

Lessons Learned 4 Look after your stake holders: Staff : Put their welfare as your priority. Allow them to take time off to take care of their houses, their families. Transportation for staff Customers : Provide alternative channel for services Flexible ways to identify your customers Match their other needs (no fee for inter-bank transactions) Communities Support the communities around your premises. 24

Lessons Learned 5 Focus on some new impacts and new circumstances. Impact on your staff availability More alternate of key staff who live in different area Foods and beds for BCP staff around backup sites Impact on your facilities Power and water supplies Communications Establish backup sites outside of the disaster area Stock up your critical supplies or pre-arrange for them Impact on your work loads Impact on your logistics 25

Conclusions Disaster is dynamic, follow it closely but most importantly, anticipate the potential impacts. Focus on how to reduce these impacts. Re-assess your plan, find vulnerabilities that may be associated with this type of disaster but be flexible. Don t rely on outside help, they are all busy. If you remember your staff, your customers in time of need, they will always remember you. 26

Q & A Bhakorn.van@bbl.co.th 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback