DRI Participates in the Central Bank of the Philippines Business Continuity Awareness Week

Jerome P. Ryan

As vice-chairman of the board of DRI International , I had the great honor of being invited to be the keynote speaker at the Central Bank of the Philippines (BSP) Business Continuity Awareness Week. This was a wonderful opportunity for DRI International, as DRI continues to extend its international outreach and participate even more closely with government regulatory bodies.

I can’t say enough about how impressed I was with both the Central Bank’s hospitality and the maturity of its program. Antonio Grageda, CBCP, is the director and head of the bank’s crisis management office, which is responsible for the BCM program. He has been working hard over the past several years to ensure that the Central Bank has one of the best BCM programs in Asia. It is clear that he has had success in integrating BCM into the everyday activities of the Central Bank, and his office demonstrates this through frequent drills and exercises. Once a year, he and his team, most of whom are also DRI-certified professionals, showcase their achievements and plans for further maturity during the Business Continuity Awareness Week (BCAW).

Screen shot 2014-07-07 at 10.47.30 AMBCM at a Central Bank

We all know how important BCM is; but BCM takes on a special level of importance when it is applied to a nation’s central bank. The resiliency of a central bank to continue to maintain its role as being the banker, financial advisor, and official depository of the government is critical, especially in times of disruption. As many of us know, the Philippines has its share of disruptions from earthquakes, to typhoons, to flooding, and more. Without a central bank’s financial super- vision, management of exchange rates, currency issues, and liquidity management, central banks’ would not be able to promote and maintain price stability and provide proactive leadership in bringing about a strong financial system conducive to balanced and sustainable economic growth.

Simply put, there is far more at stake for BCM planning at a central bank than at most other companies and organizations. Quite literally, the stability of the country depends upon the ability of the central bank to continue operations. We need look no further than the recent events across Europe and most recently in Cyprus to understand what can happen when crisis interrupts a country’s ability to provide strong financial leadership and liquidity.

The Journey Begins

The activities began with a ribbon cutting ceremony in the main lobby of the Central Bank. I had the privilege in joining Deputy Governor by cutting the ceremonial ribbon, thereby officially beginning the BCAW activities. Grageda then provided a walking tour of the exhibit hall to me, the Deputy Governor and other Bank executives and dignitaries. The first stop included in the exhibit showcased a thoughtful message by Al Berman, DRI International president, conveying his acknowledgement of the bank’s program, activities, and commitment to BCM.

In his message to the Central Bank, Berman explained that, “The Central Bank of the Philippines has clearly stated that the overall goal of its business continuity plan must be to (1) ensure that there will be minimal disruption of bank operations (2) to minimize financial losses through lost business opportunities or asset deterioration, and (3) to ensure a timely resumption of normal operations.”

Other stops along the exhibit hall included pictorial representations of the accomplishments in the Central Bank’s BCM program over the past year.

Beginning this year, the Central Bank will transition its program to align more closely with the new ISO 22301 standard. This is a large project, but will certainly pay off in the future.

“We intend to align our BCM practices (now based on BS25999) in accordance with ISO 22301,” said Gregada. “For this, we are now reviewing our existing policies, procedures, guidelines, and processes to ensure that we adhere to its requirements. We also intend to strengthen our BCM governance structure by having a more concrete definition of management responsibilities and oversight functions such as, but not limited to, sponsorship of regular business impact analysis, risk assessments, and BCM strategies implementation.”

All in all, Grageda successfully delivered a BCM prepared- ness message, which we all know can be a bit complex and at times boring for those not in the industry, to the highest level of the Central Bank’s management.

Screen shot 2014-07-07 at 10.48.58 AM

Next Stop, Superb Speeches

After the tour of the exhibit hall, we moved on to the conference room for formal activities. Approximately 70 of the Central Bank’s most senior employees attended this half day event. Amando M. Tetangco, Jr., governor of the Central Bank, joined us and delivered a speech about how important BCM is to the bank and to the Philippines, confirming his commitment to supporting the program.

He emphasized that all employees should be aware of BCM principles as well as their practical applications in the workplace. “Business continuity is at the core of corporate governance and keeping a BCM mindset among BSPers is a patriotic duty. We continue to develop the habit of incorporating BCM in our operations. It should be second nature for us at the BSP to embed BCMS in our processes.”

“The BSP is mandated to provide price stability to the economy through monetary and banking policies. Stability is our mantra, thus, we should do our best to prevent disruptions in our operations,” Tetangco said. “BSP places great importance on BCM. For this reason, the BSP has organized business continuity management teams and key personnel to work in alternate sites to continue mission- critical and time-sensitive operations in case of disruptions. BSP management has adapted BCM concepts and strategies since 2003 and has approved BCM initiatives through the years such as the approval of the bank-wide business continuity plan, and has continuously invested in time and resources for the implementation of its BCM program.”

He added that “resiliency is not just having an alternate site or back-up system, but more about having concerted effort and shared responsibilities among all members of the organization. Business continuity is everyone’s responsibility.”

Armando L. Suratos, a member of the Monetary Board of the Central Bank, also spoke about BCM and affirmed his commitment to its implementation at the Central Bank. I had the opportunity to sit with Tetango and Suratos to exchange thoughts on BCM and benefits of well- defined programs. It was certainly exciting to be sitting with the top level of management and to truly appreciate their commitment and participation in the BCM program.

My Turn to Talk!

I was then introduced to deliver the keynote address. In my speech, I talked about DRI International’s involvement worldwide in standardizing and professionalizing BCM. I also spoke about lessons I have learned in my career both running a large international program and as a consultant to numerous clients across nearly all industries. At the conclusion of my speech, the floor was opened for questions. I was expecting there to be very few questions, but I was proven wrong. This group of senior officials took the opportunity to ask a variety of questions the both related to their own program and that of their wider responsibilities in ensuring access to cash and liquidity to the entire country. Here’s how some of those questions were asked and answered:

What are the common challenges you face in imple- menting BCM in your organization?

Senior management buy-in – when this is accomplished members of the organization, from the top down, show more commitment to building and maintaining a robust BCM program.

How do you secure executive buy-in given that imple- menting BCM program is a challenge?

Senior management buy-in can be obtained through showing value in the BCM program by highlighting the local and international regulations that either directly or indirectly effect the organization, illustrating examples of company failures for not having BCM, describing the BCM program and maturity, and highlighting if your organization is ahead or behind the curve. Finally, senior management will want to see how the organization will be in a stronger position by having implemented BCM.

How frequent should the BCM program be audited?

The general rule of thumb is once a year, but this is really a decision that needs to fit the organization. An audit does not need to take the form a very intensive audit – that can be completed on about a three-year rotation. But every year, the BCM program should undergo a self-audit or a light internal audit. Again, this is supplemented by the larger full audit that should occur about every three years at a minimum.

Screen shot 2014-07-07 at 10.54.21 AM

At the End of the Day

As a former head of BCM at a Fortune 40 company, I understand how hard we professionals work to involve senior management. To be sure, we often accomplish the task of having a C-suite level official endorsing our program or formalize it in a policy statement. But, when was the last time your company CEO, CFO, etc… sat down with you and your staff to both celebrate your program’s accomplishments and discuss improvements of the future? This is what I think sets the Central Bank of the Philippines apart from many other companies and organizations – true senior management support.

In closing, I would like to thank everyone at the Central Bank for their hospitality and congratulate them on a job well done in preparing the Central Bank of the Philippines BCM program.

Jerome P. Ryan, CBCPis vice-chairman of the board of DRI International and CEO of GRM Solutions. Ryan has more than 14 years of experience as a business continuity professional in a variety of industries including financial services, healthcare, and manufacturing.

Prior to joining GRM Solutions, Ryan was the global head of business continuity management at Pfizer. He has also worked at Marsh & McLennan in its risk consulting practice and at PricewaterhouseCoopers in its global risk management solutions (GRMS) consulting practice.

He has a Bachelor of Science degree with concentrations in finance, management information systems, and marketing from Syracuse University. He is currently pursuing his Masters of Business Administration (MBA) degree at Syracuse University’s Whitman School of Management. Jerome is a Certified Business Continuity Professional (CBCP). In addition to serving on DRI International’s board, Jerome is a trustee and budget director for the not-for-profit organization Friends of Leadership in New York City.

Lessons Learned: The Queensland Floods

Rod Crowder

Australia, endearingly referred to as “The Lucky Country,” offers excellent businesses opportunities via its gateway to the Asia Pacific marketplace, an abundance of sun, coastal living, and a relaxing lifestyle. However recently, the country has experienced more than its fair share of disaster incidents that have left business devastated caused widespread injury and loss of life and drained billions of dollars in relief aid insurance claims, and rebuilding costs.

The Australian Government’s Emergency Management Institute (www.disasters.ema.gov.au) reports that in 2011 alone, bushfires, cyclones, severe storms, flooding, earthquakes, and urban fires resulted in 208 deaths, 6,753 injuries, and several billions of dollars in insurance costs in the ANZ region.

Water, Water…
One of the most significant disaster events was the Queensland floods, which reached a formidable seventh on Google’s 2011 global overall search list, beaten only by search terms such as “YouTube,”
“Yahoo!,” and “Facebook”.

These floods naturally took the state of Queensland, which was more accustomed to years of drought than flooding, very much by surprise. More than 78 percent of the entire state was devastated, with in excess of 2.5 million people affected; the cost of damage was topped A$5billion.

The Queensland Floods Commission of Inquiry (QFCI) was set up soon after the floods in February, 2011 to assess and report on the major issues arising out of the floods. It was a large and daunting amount of subject matter to review.

The QFCI forensically examined the flooding, how the response was handled at a state, district, community, and individual level, and provided 175 recommendations for improvements. That said, it was revealed that at all levels, governments were able to provide a timely, whilst not perfect, response to the incident. Although Queensland’s Emergency Management structure had never been exposed to a disaster of this magnitude in the past, it was generally found to be effective given the circumstances and way in which the disaster unfolded.

Considering that the floods were unprecedented, sometimes completely unexpected, and affected so much of the state at the same time, it would be practically impossible for any government or emergency services organisation to have the capacity to respond immediately, with all of the relief effort that was needed, to every location and every community, at the exact time it was required.

The Findings
In its final report, published in March, 2012, the Commission provided its key findings and recommendations in the following areas:

• Planning and preparation: The need for improvements at a state, district and local community levels in emergency response planning, provision of disaster management training, and widespread community education;

• Community Information and Warnings: Improvements to warning systems, social media, radio and SMS messaging, provision of more information about flood levels, road conditions, signage, and faster and more effective cross- border communications

• Emergency Response: Deployment of new All Hazards Information Management System(s), establishment of additional Emergency Virtual Operations Centres, improvements to Swift Water rescue capabilities, increased capacity of the Emergency Helicopter Network and Emergency Call Centres and more effective response to future flooding by the State Emergency Services (SES).

• Evacuation, Re-supply and Essential Services: Improved evacuation guidelines and evacuation centre planning, better use of the National Registration and Inquiry System to track evacuees, faster deployment of makeshift evacuation centres and evacuation assistance, and more formal guidelines around resupply and provision of essential services (such as power, drinking water, and telephone services) to affected areas.

• Dam Operations and Floodplain Management. Specific recommendations were made in the areas of dam operations and management, preparedness planning and increased training of staff responsible for decision making during periods of intense flooding. Also, improvements in flood plan management plans and more comprehensive flood maps in land planning was highlighted.

Now What?
In a speech by Insurance Australia Group chief executive Mike Wilkins, Wilkins called upon Australia’s governments to learn the lessons from this recent experience to make communities safer.

“If we don’t take action, we’re doomed to repeat this cycle of destruction, devastation, slow rebuild, and lose productivity over and over again into the future… This was not the first time that many of the areas in Queensland (Brisbane, Ipswich, Toowoomba, and Emerald) had been severely flooded and it will also not be the last. In these areas, it is not a question of if; it’s a question of when the next flood will come.”

Of course, the biggest challenge now is this: how many of the Commission’s recommendations are able to be planned, funded, and implemented before that next wave of swirling flood waters hits Australia’s states?

Rod Crowder is an authorized representative of DRI Australia and New Zealand. He can be reached at rod.crowder@dri-anz.org.