More From Forbes
Business continuity management lessons from the pandemic.
- Share to Facebook
- Share to Twitter
- Share to Linkedin
Head of Market Lab Operations at Ericsson .
Until a year ago, operations managers charged with business continuity predominantly focused on natural disasters, human error, cyberattacks and insider threats. In 2017, for instance, the top reasons cited for a business continuity plan were: minimizing downtime, protecting what's important, communicating with confidence, resuming operations and ensuring full recovery — all of which superseded the imperative to ensure employees' physical and mental well-being over an unprecedented period of time.
With a jolt and scarce previous experience, 2020 brought the sharp need to manage a pandemic and its potential impact of large-scale global business disruption.
A year into the Covid-19 pandemic, the havoc to lives continues to take its toll, and we are finding ourselves continually re-defining normalcy of business operations while prioritizing the well-being of company employees. While there is controversy in comparing this pandemic to WWII , the sense of what we are experiencing in the global community is that every one of us will eventually know firsthand of casualty and loss — be that a family member, friend or colleague.
Undoubtedly, in years to come, we will learn more to help businesses be better equipped to deal with a global pandemic. This article is an aggregation of firsthand experience and observations over the past year, intended to provoke thinking toward a more refined and structured approach to business continuity management (BCM) during a global pandemic.
As the pandemic grew worldwide, business operations had to quickly minimize potential impacts while rapidly enabling a remote workforce and implementing safe practices. Because of these shifts, physical access controls had to be doubled-up and synchronized with country and local regulations. In the midst of information (or lack thereof), decisions on mitigation steps had to be rationalized in the context of what, at best, minimized the risk of infection. Machine redundancy became secondary to ensuring each employee with critical skills or roles had a backup and were physically isolated.
Why The Rock's Social Media Muscle Made Him Hollywood's Highest-Paid Actor
Chris rock slaps back at will smith in live netflix special: ‘anybody who says words hurt has never been punched in the face’, the lucrative t20 women’s cricket league in india starts amid much fanfare.
Management required quick and practical training on how to keep their employees healthy, as well as how to communicate appropriately. The need for real-time and parallel interdepartmental communication became paramount. Close internal engagements with human resources, security and environment, health and safety functions became the priority. Traditional external partnerships with suppliers had to be augmented with more engagement in interest groups looking at common challenges, such as deep cleaning solutions for technical environments and long-term effects of cleaning methods on sensitive equipment. Connectivity became king, and a mobile workforce was no longer optional.
In this environment, volume partnerships with communication providers ensured uninterrupted productivity for remote workers. Clear, frequent and transparent communication and reporting have never become more essential or required more consistency. Written words often lend themselves to multiple interpretations while answers to questions lead to a plethora of sub-questions. Real-time group and individual engagements preempt the weaknesses of multiple interpretations of mass emails.
Nothing has made the world a smaller place than this pandemic. Awareness and detailed knowledge of the differences in intra-country and global regulations have become a priority wherever any aspect of the business had interdependencies outside its immediate geography. Operating decisions for the short- and long-term called for gathering perspectives in discussion groups along with using instinct and insight for dealing with unknowns. As many of us experienced firsthand, dealing with conventional disasters using associated documentation left large gaps between the questions of "what to do?" and "how to do it?"
Because of this experience, organizations need to rethink their approach for BCM with focus on at least the following elements:
• Infrastructure enhancements and security hardening for large-scale remote working
• Process development for physical access with appropriate restrictions in the workplace
• Synchronization of regular and emergency communications for extended periods of time
• Workforce lifeboat analysis and development of competence redundancies
• Detailed short-term and flexible succession plans to maintain "command" and "control"
• Development and inclusion of external partnerships in the areas of health science
Modification of BCM documentation to handle multiple disasters given the pandemic has been in a continuum, and businesses have had to also manage through disruptions, for example, as those caused by severe weather events.
As for any type of business disruption, the cost of preparation and minimization of impact could be driven by cost-benefit analyses. We should always remember that the impacts are protracted over an unknown extended period and that the benefits of prioritizing our humanity are not so easy to quantify. Adding more machine and technical redundancy solutions does not take care of the human requirements. Our resilience as humans has never been put more to the test or required more mutual support than during this time.
The views in the article do not represent or reflect Ericsson and are the sole views of the author.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
- Editorial Standards
- Reprints & Permissions
An official website of the United States government
- Most Requested
- Bank Secrecy Act (BSA)
- Community Reinvestment Act (CRA)
- Comptroller's Handbook
- Corporate Application Search
- Enforcement Action Search
- Financial Institution Lists
- Third-Party Relationships: Risk Management Guidance
- More OCC Websites
- Top Searches
- Annual Report
- Enforcement Actions
- More Search Tools
- Institution Search
- CRA Evaluation Search
- Enforcement Actions Search
- Central Application Tracking System (CATS)
- Corporate Application Search (CAS)
- Office of Thrift Supervision Archive Search
- News & Events
OCC Bulletin 2020-13 | March 6, 2020
Pandemic Planning: Updated FFIEC Guidance
Share This Page:
Chief Executive Officers of All National Banks, Federal Savings Associations, and Federal Branches and Agencies; Department and Division Heads; All Examining Personnel; and Other Interested Parties
The Office of the Comptroller of the Currency (OCC), along with other members of the Federal Financial Institutions Examination Council (FFIEC), today issued updated guidance to remind financial institutions that their business continuity plans should address the threat of a pandemic outbreak and its potential impact on the delivery of critical financial services. The guidance identifies actions that banks 1 should take to minimize the potential adverse effects of a pandemic. This bulletin rescinds OCC Bulletin 2007-49, "Pandemic Planning: Interagency Guidance," issued on December 18, 2007.
Note for Community Banks
This guidance applies to all OCC-supervised banks.
The guidance
- explains the difference between traditional business continuity planning and pandemic planning.
- reminds banks of the traditional phases of business continuity planning (planning, preparing, responding, and recovering) and states that pandemic planning requires additional actions to identify and prioritize essential functions, employees, and resources.
- lists websites that offer information on pandemic planning activities.
Further Information
Please contact Patrick Kelly, Director for Critical Infrastructure Policy, at (202) 649-6550.
Grovetta N. Gardineer Senior Deputy Comptroller for Bank Supervision Policy
Related Links
- FFIEC "Interagency Statement on Pandemic Planning" (PDF)
Also refer to the following pandemic planning and preparedness resources:
- Centers for Disease Control and Prevention: "Planning and Preparedness Resources"
- World Health Organization: "Pandemic Preparedness"
1 The term "banks" refers collectively to national banks, federal savings associations, and federal branches and agencies of foreign banking organizations.
- Bank Information Technology (BIT)
- Bank Operations
- Business Continuity & Resiliency - BIT
An official website of the United States government
The .gov means it’s official. Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure. The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
Financial Institution Letter
Interagency Statement on Pandemic Planning
Pandemic preparedness is an important part of financial institutions' business continuity planning. Regulated institutions should periodically review related risk management plans, including continuity plans, to ensure their ability to continue to deliver their products and services in a wide range of scenarios and with minimal disruption. Sound planning helps minimize the disruption of services to consumers, businesses, and communities when such contingencies occur. The Federal Financial Institutions Examination Council (FFIEC) today updated guidance identifying actions that financial institutions should take to minimize the potential adverse effects of a pandemic.
Statement of Applicability to Institutions with Total Assets Under $1 Billion: This Financial Institution Letter (FIL) applies to all FDIC-supervised financial institutions.
Highlights:
The potential effects a pandemic could have on an institution justify establishing plans for how each institution will manage in that operational environment. Recent events highlight the importance of institutions being ready to execute these plans should conditions necessitate.
Institutions should be reviewing business continuity plans and executing prudent initial actions, such as:
- Promoting employee awareness by communicating the risks of a pandemic outbreak and discussing the steps employees can take to reduce the likelihood of contracting an illness;
- Identifying and prioritizing essential functions, employees, and resources within the institution and across other business sectors for operational continuity purposes; and
- Testing roles and responsibilities of management, employees, key suppliers, and customers; key pandemic planning assumptions; increased reliance on online banking, telephone banking, and call center services; and remote access and telecommuting capabilities.
For operational issues, please contact your FDIC Regional Office.
This guidance updates the contents of FIL-6-2008 dated February 6, 2008, titled "Interagency Statement on Pandemic Planning: Guidance for Minimizing a Pandemic's Potential Adverse Effects," and supersedes FIL-25-2006, dated March 15, 2006, titled "Interagency Advisory on Influenza Pandemic Preparedness."
Suggested Distribution:
FDIC-supervised financial institutions and their service providers
Suggested Routing:
Chief Executive Officer Chief Information Officer Chief Information Security Officer Human Resources Manager
Related Topics:
FFIEC Business Continuity Management Examination Handbook
Attachments:
Paper copies of FDIC FILs may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200).
- SUGGESTED TOPICS
- The Magazine
- Most Popular
- Newsletters
- Managing Yourself
- Managing Teams
- Work-life Balance
- The Big Idea
- Data & Visuals
- Reading Lists
- Case Selections
- HBR Learning
- Topic Feeds
- Account Settings
- Email Preferences
Creating a Post-Covid Business Plan
- Dev Patnaik,
- Michelle Loret de Mola,
- Brady Bates
Organizations need to understand how the pandemic is changing behaviors and habits.
To plan for a post-pandemic world, businesses must understand what your stakeholders’ behaviors will look like after the pandemic. Some behaviors will return to their pre-crisis state; others will be transformed; and others will disappear entirely. Drawing on research into habit formation, technology adoption and behavioral economics, the authors offer a framework to help companies make reasonable predictions on what happens next.
Right now, every company in the world is facing the same question: What’s going to happen when the pandemic is over? Grocery stores and consumer packaged goods manufacturers have experienced an unexpected boost in sales: Will that growth sustain? Hotels and airlines have experienced unprecedented drops in demand: Will their business ever come back? Movie studios, video game producers, and theaters need to envision how the pandemic will permanently affect entertainment habits. When the pandemic is over, many companies will find that their business model has been disrupted in fundamental ways.
Over the last several months, we’ve been working with management teams in a variety of sectors, including retail, entertainment, finance, and health care, to develop a plan for what comes next. What we’ve learned is that conventional strategic thinking hasn’t helped these companies to plan for the next “new normal.” Instead, the best answers have come from a hybrid approach: one that combines traditional business strategy with the latest thinking from social science and innovation theory.
Ultimately, planning for a post-pandemic world means answering three questions. The first is: How does your business really make money? Many companies haven’t taken the time to articulate their critical strategic differentiators or map out how money, goods, and information flow from their suppliers to their consumers. Next, who do you depend on to drive the business? Define your most important stakeholders and their behaviors that affect your business model.
The third critical question — what will people’s behaviors look like after the pandemic — may be more difficult to answer. Even though the pandemic is temporary, it’s lasting long enough to turn temporary behaviors into structural shifts. At the end of the crisis, some things will return to the way they were, some things will look very different, and some things will simply not come back. The trick is to figure out which is which.
To help shed some light on this last question, we’ve identified three categories of stakeholder behaviors to evaluate:
- Sustained behaviors are activities that are likely to return to their pre-crisis state virtually unchanged. For instance, people stopped staying in hotels in the months after 9/11, but that behavior eventually returned to pre-9/11 levels. Hoteliers just needed to find ways to hold on in the meantime.
- Transformed behaviors are activities that are likely to return after the crisis, albeit with fundamental changes. After 9/11, people stopped flying on planes. When they started flying again, the need for stricter security protocols at airports was clear. Airports began to make massive investments in security technology that they had been previously slow to make. This had a major positive effect on the businesses of security system manufacturers.
- Collapsed behaviors are activities that are likely to cease altogether or be replaced by alternatives. After 9/11, travelers could no longer take beverages past the TSA check point. If you owned a coffee shop outside of that point, all of a sudden, your customers just stopped buying their coffee or water as they arrived at the airport. Today, you won’t find as many beverage shops outside of TSA check points.
How do you predict behavior change?
At first glance, it can seem impossible to forecast how behaviors will change. Fortunately, we can draw on decades of research on habit formation, technology adoption and behavioral economics to make reasonable predictions on what happens next. We’ve identified four factors to help you evaluate how behaviors might change for your stakeholders:
1. Mechanics. Is the behavior a habit or has it been somehow disrupted? Being part of a routine increases the likelihood that the behavior will continue. Importantly, studies of habit formation suggest that time spent doing a behavior isn’t the critical factor in determining whether it gets embedded; it’s the number of times you do it. For example, after analyzing its order data, a home delivery company discovered that it took four deliveries to make a customer for life. Completing three orders wasn’t enough. And five orders provided no additional adherence.
Ask yourself:
- Sustained behavior : Are the mechanics of the behavior engrained in daily habits, routines, or rituals?
- Transformed behavior : Have people been forced to alter the mechanics or stop the behavior altogether?
- Collapsed behavior : Are the mechanics of the behavior foreign, complicated, or difficult?
2. Motivators. Does continuing this behavior provide significant psychological or financial benefit? For example, staying at home during the pandemic has reminded us of just how much we miss other people. And while we may be reluctant to eat in restaurants right now, the positive psychological benefits of going out to eat with friends increases the likelihood that we haven’t seen the last of people dining out. As one might imagine, psychological studies show that intrinsic rewards can be far more impactful than a purely monetary return .
- Sustained behavior : Is the behavior driven by psychological or financial benefits?
- Transformed behavior : Have these benefits shifted?
- Collapsed behavior : Are the benefits of the previous behavior ungratifying or dangerous? Do they come at a new cost?
3. Pressures. Human beings are herd animals, and we like to do what everyone else in the herd is doing . For example, if everyone else is speeding on the highway, we speed up, too. That, of course, changes when we see flashing lights in our rear-view mirror: Social pressures give way to an authority figure . When evaluating a behavior, examine who’s telling people to keep doing it.
- Sustained behavior : Are there authoritative or social forces driving the behavior?
- Transformed behavior : Are people getting mixed messages about continuing the behavior?
- Collapsed behavior : Are there authoritative or social deterrents to the behavior?
4. Alternatives to the behavior. People will abandon a behavior if there’s a better way to do it, but shifting to the new behavior needs to be relatively painless. Importantly, technology adoption theory suggests that the alternative needs to already be in use by early adopters. For example, Zoom wasn’t invented during the pandemic. It was already being used by a group of loyal fans when the pandemic hit.
- Sustained behavior : Are there a lack of viable alternatives or substitutes to the behavior?
- Transformed behavior : Are there viable alternative solutions that meet the needs of the behavior?
- Collapsed behavior : Are there viable alternative activities that meet the needs of the behavior?
One by one, take a look at each stakeholder and the critical behaviors that drive your business. Do you have reason to believe that this behavior will continue? Or does your analysis suggest that it just might fall away? In that case, it’s time to come up with a plan.
You might find that you’re left with a few behaviors that are difficult to forecast. For example, will your customers shop in-store as a way of bonding with their children? Will domestic travel spike in popularity compared to international travel? In those cases, imagine what the company might do to succeed no matter whether the behavior sustains, transforms, or collapses. By wargaming different scenarios and adding in the known behaviors, you can develop a playbook to adapt regardless of what comes to pass.
Get past the big existential questions and focus on your business.
The brain gets foggy when we grapple with great uncertainty . We may feel like it’s impossible to plan for the future, and we forget that things can quickly change. In this moment, it’s critical to adapt a mindset of learning and discovery. Rather than trying to answer questions that don’t matter, we can rely on the well-researched theories that have mapped behavior change over long periods of time. And we can play out multiple scenarios so we’re ready regardless of the outcome. With that, it’s possible to come up with a radical plan that may even unlock a new era of growth in a post-Covid world.
- Dev Patnaik is the CEO of Jump Associates . Dev is a frequent keynote speaker at major forums, and his writing has appeared in BusinessWeek , Forbes , Fast Company , and many others. He is the author of the book Wired to Care , named one of the best books of the year by both Fast Company and BusinessWeek . Malcolm Gladwell called Wired to Care “just what we need for the lean years ahead.” When not at Jump, Dev is an adjunct professor at Stanford University, where he teaches a course called Needfinding. In the class, students draw upon methods from anthropology, design, and business strategy to discover insights about people and create new products and services.
- Michelle Loret de Mola is a director of strategy at Jump Associates . Michelle is an expert at bringing together clear strategic direction and compelling experiences to drive change, and she advises future-focused leaders across industries. She has worked with a major financial institution to define the future of finance, partnered with a Fortune 500 consumer goods company to develop a sustainability strategy, and helped a leading retailer define its five-year marketing strategy. If you want to learn more about Jump and what we’re doing to help companies figure out what’s next, please connect with us.
- Brady Bates brings together rigorous bottom-line focus and bold creativity to help his clients thrive in uncertain times. Brady helped architect America’s fastest growing loyalty program for a Fortune 50 retailer, supported the U.S. government in establishing innovation practices for farmers across the country, and envisioned the future of finance for a $50 billion banking institution. Prior to Jump, Brady was an analyst in Deloitte’s Strategy & Operations practice, where he worked with leading health care and financial services clients. In addition to business administration, Brady studied painting and artistic expression, spending time to hone his skills in Perugia, Italy.
Partner Center
Entrepreneur Insight
Business Continuity in a Pandemic: Steps You Can Take to Mitigate Risk
By angela bao.
How to keep business going in the middle of an emergency
The COVID-19 pandemic has affected all 50 states and Washington D.C., with infections in the U.S. surpassing 12,300 people as of March 20. Not only has the novel coronavirus disrupted people’s everyday lives, with bans on travel, supply shortages and disruptions to work, but it’s also caused some serious roadblocks for businesses across industries. Businesses have had to close and move operations offline. A survey released by the Young Presidents’ Organization said that 82 percent of business leaders expected declines in revenue over the next six months.
The full impact of the novel coronavirus on the global economy is still unknown. However, there are still steps that businesses can take to limit the impact of the disease on employees and business operations. Below are some tips on what businesses can do to mitigate risk, whether for COVID-19 or any future emergencies.
1. Protect and communicate with your employees
The best way to ensure your business continues on as well as possible is to make sure the employees who keep the business running are protected. The Centers for Disease Control and Prevention (CDC) is encouraging people to practice good hygiene and social distancing . Businesses should make hand soaps and sanitizers readily available to essential employees who must remain on business premises, as well as perform regular cleanings of work spaces. They should also emphasize the importance of practicing good hand hygiene and detail steps to effective hand washing, as well as tell any employees still coming into work to practice social distancing and remain at least 6 feet away from each other
Just as important as encouraging hand hygiene is keeping all employees up-to-date on the situation at hand. That requires businesses to enact frequent and clear company-wide communications on everything from sick leave policies, plans for working remotely, and any breaking updates regarding the novel coronavirus, says Mark Norton, test and recovery manager at Agility Recovery.
Norton adds that there is a lot of misinformation regarding the coronavirus , which could potentially endanger people even more. For instance, there are rumors that heat can kill virus, or that packages from China can carry the coronavirus.
“It’s so easy to hear a rumor and have that start circulating within your business and cause unnecessary panic,” Norton explains. That’s why it’s important for businesses to make sure their employees understand the facts about COVID-19, so they know the appropriate measures to take.
Businesses also need to explicitly state what their sick leave, paid-time-off policies and remote work policies are to avoid any confusion and concerns among employees. The CDC suggests that businesses should implement flexible policies for employees, such as not requiring a healthcare provider’s note for prolonged sick leave, and allowing people to stay home to care for sick family members.
Norton suggests that businesses also look into backup measures for employees that can’t work remotely but are required to stay home. “Are they required to take PTO?” he says to ask. “Can you put them on short-term disability? What does that process look like? You don’t want that information to stay insulated, so you do want to make sure you’re communicating those policy updates and changes to your employees, and potentially to stakeholders, clients and even vendors.”
2. Form an emergency response team
In order to streamline communications, businesses should establish an emergency response team, ideally including a representative from each department.
“You want to make sure that you have representation from each department so you can understand the impact each function is having, and also if they’re receiving any sort of indirect impact through the supply chain,” explains Norton.
3. Rank your business’s most critical functions
The emergency response team will also identify your business’s most critical functions for continuity, as well as any of the necessary resources for performing those duties. Norton says that all businesses should conduct a business impact analysis, and then rank the functions in order of importance.
Businesses should be asking: How would they be impacted if one function stops? What are their customers’ dependencies on their products and services? Are there any alternate methods of completing these functions? Once you understand the consequences, you can then establish risk mitigation policies and techniques to help “insulate that from risk.”
Norton emphasizes that it’s best to assign emergency duties to job roles rather than to specific people. “You don’t want to have a critical function referred to as ‘Joe’s responsibility’ or ‘Susan’s task,’” he says. “You’d rather have that by the official title and roles so that, after COVID-19, you still have a very functional plan for other types of pandemic situations, because you can start to build into that role different responsibilities.”
4. Cross-train employees for different roles
A good way to mitigate the risk of losing a critical function is to cross-train employees for different roles. Especially during pandemics like COVID-19 where people have to work from home or may be out sick, having backups can help keep things going.
“If you uncover a particular function that’s unique to a specific person, I would consider that to be high risk,” states Norton. “So if it is isolated to just one person and that function is incredibly important to your organization, cross-training is a very cost effective way for any organization to be able to start training somebody else to step into that role.”
For more tips go to our business continuity toolkit with the latest resources on how to deal with the pandemic
Explore Topics
Dominic's Take
Bull Session
US-Asia Business
Business Continuity Toolkit
Recipes of China
Tech and Innovation
East West Lifestyle
US-Asia Market Watch
Entertainment
Sign up for the Reach Further Newsletter
We’ll keep you in the know about the latest US-Asia business news and trends.
订阅《致远》电子商业杂志
掌握中美经贸最新信息和产业脉搏。
Suscríbase al boletín Reach Further
Lo mantendremos informado sobre las últimas noticias y tendencias comerciales entre Estados Unidos y China.
訂閱《致遠》電子商業雜誌
掌握中美經貿最新資訊和產業脈搏。
What to Consider in a Pandemic Business Continuity Plan
How can businesses and shareholders think about ensuring their survival in an evolving pandemic? Business continuity plans have gone out of the window. How can they be adapted to survive the current situation?
By Natasha Ketabchi
Natasha transitioned to venture capital after a career in banking built in prestigious firms such as JPMorgan and ESM.
We are facing a time of unprecedented disruption to daily life and business. In the current pandemic, many countries have introduced severe restrictions to the movement of people for the protection of public health. How can businesses and shareholders think about ensuring their survival in a situation that is constantly escalating and could protract for a long period of time?
By definition, in risk management, it is difficult to anticipate something that has not yet happened. Current Business Continuity Plans (BCPs) tend to focus mostly on physical disasters, cyberattacks, and supply chain disruptions. The companies’ current BCPs are unlikely to hold water in the present time.
So what goes into a solid BCP and who is in charge of implementing it? We created a practical guide to Business Continuity planning for pandemics.
We focus primarily on Business Continuity planning that covers the procedures and arrangements necessary for the successful continuation of business operations when they cannot continue as normal. Disaster Recovery (DR) plans, on the other hand, focus on the aftermath of a destructive one-time event, either natural or human, such as an earthquake or a terrorist attack.
What Happens When Current Plans Have Gone Out the Window?
What lessons can be learned in a pandemic? What happens when the current plan does not match reality? BCPs are not a static set of rules, but rather living documents within an organization. They should continually be adapted to reflect new information on the state of the world. They are most effective when they are seen as such and are the product of a continuous, data-driven, open flow of information.
It is obvious that now, for most companies, pre-COVID-19 plans are insufficient. Business Continuity has gone from being a contingency plan to being the main order of action, truly part of a company’s core business. This does not, however, mean that all work that has been done before is worthless—a good understanding of the process and its importance can make the difference in whether a business can survive a prolonged period of distress. The key priority will be a reassessment of business impact and redrawing the possible scenarios. This is best done through reliance on best practices, integrated risk management, and efficient communication at every level, starting from management and staff and including board members, shareholders, and creditors.
In this uncharted territory, what are the next steps to take?
The first order of priority should naturally be reexamining business assumptions and discussing them in depth with area leaders to see whether they still hold true in the current pandemic. The output will be a set of new scenarios that include the pandemic risks and potential economic costs. Second, mitigants and contingency plans need to become part of daily business planning and management (and board) reporting.
Understanding the Business Impact of a Pandemic
The starting point for a sustainable strategy is understanding the business risks, mapping out key processes, and involving all key internal stakeholders in forming the most accurate picture possible of the impact of any identified risk, as well as discovering ramifications of risks that may have not been fully considered in the planning stage and then comparing them to the existing business plan .
This process is iterative and collaborative and relies heavily on open and clear communication.
Business Impact Analysis Template
The ultimate goal of the business impact analysis is threefold:
- Understanding, and thus prioritizing risks
- Analyzing the impact on employees and what could disrupt their ability to work and their productivity
- Estimating the potential financial damage
This output is then the critical input in the planning for the mitigation of these risks:
- What are the key steps to take?
- Who is responsible for the implementation?
- How do we ensure that our staff feels safe, useful, and can stay productive within their personal circumstances?
- How much will this cost?
- What resources are needed?
How Can the Impact of a Pandemic on My Business Be Mitigated?
In this section, we give some practical guidance on how to practically implement a new strategy by suggesting questions (unfortunately incomplete by definition) and a business continuity framework for thinking that may be relevant when identifying pandemic risks for each of the mitigation steps.
1. What Are the Key Steps to Take for Pandemic Preparedness?
The key question here is to think of all (foreseeable) implications and to try and anticipate them:
- How many of the company’s employees should be working from home to sustain a minimum viable level of business and support? What are the restrictions that are currently in force?
- How does this affect our supply chain and can it be influenced and why?
- Do the current limitations affect customer satisfaction? Can this effect be mitigated?
- How can management ensure that employees are able to carry out their duties?
- How does the company ensure the protection of its IT and intellectual assets and cyber resilience even when most employees are working outside of the office?
- Who needs to be alerted outside the company?
- Can we renegotiate liabilities?
- Can we engage shareholders?
- What communication strategy is in place internally and externally? Is it effective?
2. Who Is Responsible for the Implementation?
What is crucial is that internal responsibilities are distributed and understood:
- Who is in charge of what aspect?
- How do we stay up to date and flexible in case of changes in government guidance?
- Is this the right person, and will this person be able to both communicate and enforce?
- Do the employees understand what their critical tasks are and what implementation is required of them?
- Is the staff sufficiently empowered?
- Are they clear about their responsibilities?
- Who is in charge if the suggested system fails?
- Are important communications getting to everyone and back to management?
- Does management have a clear list of priorities?
- Is there a clearly communicated list of priorities?
3. How Do We Ensure That Staff Feels Safe, Useful, and Can Stay Productive During a Pandemic?
Employees are human capital. A business without human capital is not viable, not even in AI or robotics. How can they be protected?
- What are the main questions and concerns of my employees?
- Can I address these concerns?
- Are expectations being communicated to them clearly?
- Have they been given the resources to continue with their daily tasks?
- Is management aware of any impediments to their daily tasks?
- Is assistance being offered to employees who may be struggling with their tasks?
- Are employees up to date with internal policies?
- Is management communication reaching employees and assisting them?
- Are communication channels flowing in all directions?
- Are employees valued, supported, and given all the necessary information?
4. How Much Will This Cost?
The key here is planning several scenarios and being prudent and accurate in estimating each:
- How much cash do I need to survive in this period?
- How much is available in short-term liquidity?
- How much is available in contingency?
- How will my cost structure change?
- How will my revenues change?
- What are the possible scenarios?
- Supply issues?
- Demand issues?
- Productivity issues?
- Cash flow issues?
- Have all risks been accounted for and are they accurately modeled?
5. What Resources Are Needed?
What resources are available to the company, have they been exhausted? Have we sufficiently prepared when calling upon them?
- Is there a clear view of cash requirements?
- Are these impacted by operational measures taken?
- Are there additional sources of cash that can be called upon?
- What are the projected cash outlays?
- May liabilities be renegotiated?
- Have all the creditors been contacted?
- Have the shareholders been contacted?
- How can emergency aid from governmental organizations be accessed?
- What documentation is necessary to access any government assistance?
- How does all of this change cash flow forecasts?
Whose Responsibility Is Business Continuity?
Strictly speaking, Business Continuity planning falls under the remit of the risk management function within a company. This is, however, a static and partially incomplete view as BC involves every aspect of a business, therefore:
- All decision-makers need to be part of the planning process, particularly when it comes to the Business Impact Analysis (BIA).
- All employees need to be made aware of their role within the plan and prepared for its implementation.
- Ensure alignment and communication with the key stakeholders of the company.
Business Continuity Management Within the Corporate Governance Framework
The presence of a strong Business Continuity plan and its correct communication and implementation is key to the company’s survival and is thus in the interest of shareholders. Adequate Business Continuity planning and management is also the responsibility of the board. It falls under their remit and should be seen as part of the fiduciary duties that they hold toward shareholders. After all, appropriate planning for the future of a business in a time of distress is the responsibility of those who have a duty toward employees and shareholders. To ensure that all are aware of their role and responsibilities, constant communication is crucial, particularly when those plans need to be acted upon.
Investors such as private equity and venture capital funds have a vested interest in protecting their shareholder rights. As such, they can—and do—take an active role in supporting their portfolio companies toward ensuring business continuity, providing advice, and influencing the board through their appointed board members. There is both empirical and academic evidence that solid DR/BC planning reduces company and societal costs of such an event. Finally, creditors, particularly those that hold short-term liabilities, can, and should, be part of discussions to maintain business operations. While they enjoy more protection, they are also better off if business operations continue. Having strong lines of communication with them can make the difference between life and death.
Anglo-American Model of Corporate Governance
What Now? How Do I Pivot?
Anecdotally, most creditors and (active) investors are well aware of the pain that management is currently enduring because of the pandemic and would be willing to work together to find solutions. For private equity, this means assisting portfolio companies in implementing and designing new Business Continuity plans. For venture capital, time may be spent optimizing burn rates and determining alternative funding sources. Business operations experts can help those businesses that do not have such investors.
Ultimately, the key to the success of a pandemic Business Continuity plan—as far as possible when everything else is unpredictable—will be having clear communications and shared expectations with all who have a stake in the business: shareholders, management, creditors, and employees.
Understanding the basics
What is the purpose of a business continuity plan.
Business Continuity planning covers the procedures and arrangements necessary for the successful continuation of business operations when they cannot continue as normal. Disaster recovery planning is a subsection of Business Continuity.
What is included in a Business Continuity plan?
A Business Continuity plan begins with a Business Impact Assessment. In this document, all risks to the business will be assessed and measured to calculate the potential financial impact. The BC plan, then, will contain mitigation strategies and communication and action plans.
Who is responsible for Business Continuity planning?
Strictly speaking, Business Continuity planning falls under the remit of the risk management function within a company. This is, however, a static and partially incomplete view. As BC involves every aspect of a business, all decision-makers need to be part of the planning process.
- BestPractices
- BusinessPlan
- PandemicAnalysis
World-class articles, delivered weekly.
Subscription implies consent to our privacy policy
Toptal Finance Experts
- Blockchain Consultants
- Business Management Consultants
- Business Plan Consultants
- Business Process Optimization Consultants
- Certified Public Accountants (CPA)
- Cost Transformation Consultants
- Economic Development Consultants
- Equity Research Analysts
- Excel Experts
- Financial Benchmarking Consultants
- Financial Forecasting Experts
- Financial Modeling Consultants
- Financial Writers
- Fintech Consultants
- FP&A Managers
- Fractional CFOs
- Fundraising Consultants
- FX Consultants
- Growth Strategy Consultants
- Integrated Business Planning Consultants
- Interim CFOs
- Investment Managers
- Investment Thesis Consultants
- Investor Relations Consultants
- M&A Consultants
- Market Sizing Experts
- Pitch Deck Consultants
- Private Equity Consultants
- Procurement Consultants
- Profitability Analysis Experts
- Real Estate Experts
- Restructuring Consultants
- Risk Management Consultants
- Small Business Consultants Experts
- Supply Chain Management Consultants
- Valuation Specialists
- Venture Capital Consultants
- Virtual CFOs
- Xero Experts
- View More Freelance Finance Experts
Join the Toptal ® community.
- Australasia
- Asia Pacific
- Middle East
- North America
The latest business continuity news from around the world
European central bank report captures pandemic business continuity lessons.
- " onclick="window.open(this.href,'win2','status=no,toolbar=no,scrollbars=yes,titlebar=no,menubar=no,resizable=yes,width=640,height=480,directories=no,location=no'); return false;" rel="nofollow"> Print
The European Central Bank (ECB) has published a new report, ‘Best practices applied by financial market infrastructures in their business continuity plans during the COVID-19 pandemic’.
The Eurosystem comprises the ECB and the national central banks of those countries that have adopted the euro. During the current pandemic, the Eurosystem has been collecting information on the preparedness of payment systems/schemes and their critical service providers for dealing with the pandemic as well as the responses and resilience measures taken.
Based on these observations, the Eurosystem has compiled a set of key market practices for pandemic crisis planning and these are published in the report with the aim of:
- Providing support for the overseers in monitoring overseen entities, thus ensuring that the respective system operators are managing the crisis effectively and
- To identify what market practices related to pandemic crisis planning are or could be applied by payment systems/schemes in their business continuity plans in a flexible way, taking into account the specificities of each entity. As these market practices may also be valid for other FMIs, the remainder of the document refers to FMIs.
Read the document (PDF).
Want news and features emailed to you?
Additional Resources
- 2023 predictions
- Operational resilience
- Cyber resilience
- Pandemic planning and response
- Business continuity standards
A website you can trust
Business continuity, get the latest news and information sent to you by email.
Leadership in the time of coronavirus: COVID-19 response and implications for banks
The profound humanitarian fallout of the COVID-19 crisis carries with it the potential equally disruptive economic fallout. The path ahead is hence a precarious one, driven by epidemiological uncertainty, the unique blend of resulting shocks to both supply and demand, and “preexisting conditions” in the global macroeconomy.
At this writing, Europe has become the prime epicenter of the crisis, with nearly 75 percent of new cases reported globally on March 18th (Exhibit 1). In Italy, years of low growth and high government debt are colliding with the rapid spread of the disease in an elderly population. Spain and France, face similar prospects, as do many countries in Asia. Thailand, for example, is similarly reliant on exports and tourism receipts and already has one of the highest debt burdens in the region at around 75 percent GDP. The particular characteristics of the US economy may make it susceptible to the impacts of COVID-19, despite its general strength before the virus’ arrival. A high number of households and businesses are vulnerable to the impact of disease-containment measures, because of their high-debt burden.
At the same time, yield chasing over the past several years may exacerbate the potential for market illiquidity. The Fed and the European Central Bank (ECB) have already cut rates to zero; historically low rates limit the tool kit of other central banks, and several global regions are probably already in recession as many economists and the latest data from China suggests. Addressing the situation will require further global action and public–private coordination. Banks around the globe will play a critical role in this as systemic stabilizers for their customers, their employees, and for their economies at large. Cash and deposit services, credit extension, payment facilitation, and market making are all essential services.
This memo lays out our initial recommendations for actions that banks should take now, beyond what common business continuity plans or crisis response checklists suggest. In their immediate response, we believe institutions should plan for an acute period of multiple months, spanning their entire footprint, and with a view of all stakeholders—not the more constrained circumstances that business continuity plans typically address. At the same time, banks may begin to stress test their capabilities and financials, laying the groundwork for identifying long-term strategic implications and ensuring a smooth bridge between the present and future.
Immediate response
Banks have already taken a series of actions in reaction to the spread of COVID-19. Common steps we’ve seen include establishing a central task force, curtailing travel, suspending large-scale gatherings, segregating teams, making arrangements for teleworking, and refreshing external-vendor-interaction policies.
Beyond these immediate and basic actions, banks should prioritize three measures tailored to the particular combination of biological and market stresses and how they affect the global market. These points draw on the experience of China, Italy, and several other countries, acknowledging that differences exist in economic and political structures, healthcare systems, and social and cultural norms among these countries.
1. Normalize workforce measures for multimonth sustainability
As a top priority, nearly all firms have already taken proactive measures to protect their people and to contain the spread of COVID-19. These include restricting travel and taking other prevention-oriented policies, emphasizing workplace hygiene, offering alternative ways of working, and initiating proactive communication.
Measures include restricting travel and taking other prevention-oriented policies, emphasizing workplace hygiene, offering alternative ways of working, and initiating proactive communication.
However, health measures to contain propagation may take months, not days or weeks, as we’ve seen in China. Therefore, banks will need to make sure the measures they have put in place are sustainable—and designed to get the best out of their people, while preserving their mental and financial well-being over such a period. Further, specific consideration will be required for contingent and contract workers, who might be most immediately impacted.
Because banks are providers of essential services to customers and communities, and the markets more broadly, they will need to adopt a carefully segmented approach to workforce management, informed by service criticality and exposure risk (Exhibit 2). Particularly careful attention is required for those in the workforce who provide critical services that are either customer facing or that require infrastructure only available at work premises. These include, for example, branch employees, some call-center support, sales and trading personnel, employees in the Treasury function, as well as some facilities and custodial staff. Korea’s Shinhan bank directed 150 of its call-center staff to work remotely, to handle activities that do not require access to customer information, such as queries on financial products. More detailed requests they forward to colleagues who continued working in the office.
One case in point: trading activities are central for market functioning but cannot easily be executed remotely because of technology and compliance requirements. Most banks have already taken a number of actions including segregating team members and activating business continuity plan (BCP) sites for parts of the sales team. Furthermore, BCP sites may have insufficient capacity to support a split-team model, requiring banks to consider alternatives in the event of a prolonged crisis. Since the virus reaches across all major financial centers, the potential for simultaneous infection across sites rises as the disease spreads. Institutions should maintain and test backup plans in case this occurs and establish clear triggers for putting such plans in place, such as a case of infection at or in the vicinity of one site. Backup plans might include the potential to move immediately to a work-from-home model, for which regulatory clearance and robust technical testing should occur preemptively.
For those segments of employees for whom remote work is possible (a group that may well have to be larger than initially envisaged), banks should review policies, practices, and controls and tailor them to the new working environment. “Work-at-home” organizations and routines, output-based performance management, and technological capabilities should be a particular focus. In parallel, banks should make sure both employee relations and internal technical support are sufficiently staffed and trained to accommodate potentially new and elevated levels of requests. Critically, institutions will need to ensure that appropriate controls are in place in all altered workplace settings and that trade-offs between contingency measures and risk appetite are well-considered. Key considerations include data security, fraud, cybersecurity, and privacy, especially safeguarding personally identifiable information. Bank managers should also pressure test and update business-continuity and disaster-recovery plans as needed for these new working conditions.
2. Provide essential banking services to retail consumers
People will continue to need essential banking services through these trying times. Banks should continue branch and ATM operations with the appropriate safeguards, while encouraging widespread use of remote services. This approach will account for needs and preferences across all consumer segments, including the older part of the population that is both more vulnerable to COVID-19 and less likely to adopt digital channels.
Institutions can continually monitor and assess consumer demand for in-person services to adjust capacity and minimize risks. For example, in some areas of China, banks observed limited demand for services other than ATM access and so were able to close most of their branch locations without disrupting customer service. Banks in several regions, including Hong Kong, Italy, and Germany, have also closed (some) branches to restrict staffing and hours when the risk to the public and employees was deemed to outweigh the need to maintain the branch. In Korea, which has adopted aggressive virus testing, branches have tended to remain open unless active cases are detected.
Physical locations that adopt rigorous yet consumer friendly approaches to disease containment both safeguard health and inspire confidence in the system. Examples borne from experience include evident deep cleaning of all branches and ATMs, alternatives to in-person sign-offs, and further leveraging branches with remote advisory capabilities.
Digital shift in China: Digital offerings can provide necessary services while supporting employee and community safety
On average, the Chinese population spent around seven hours per day on their phones before the virus struck, mainly on entertainment, social media, and gaming as well as ordering food and essential products for delivery.
Banks that were integrated into this ecosystem or were able to roll out new solutions to interact with new behavior (for example, with the ability to make payments online or by having credit solutions online) were the most successful in driving customers to digital channels—and to ones that protect the customer as well as the employee. The increased use of digital alternatives during the crisis has changed company expectations for future digital offerings.
At the same time, banks should encourage and support customers to use digital and other virtual channels, wherever possible. To encourage customers to use existing remote channels and digital products, institutions can launch positive and safety-oriented messaging aimed at reducing reliance on branches for services that are digitally available—while also providing tutorials online and by phone and increasing remote support options. Banks can also enhance their current digital offerings, identifying key functionalities that can be improved quickly; for example, they can increase the limit for online activities, and they can simplify the procedure to reset passwords. Institutions in both Italy and China have found that many people readily used remote channels and digital offerings (see sidebar “Client response in Italy: Segmenting the client base can maximize the effectiveness of bank support”).
Regrettably, increased fraud and information security risk are likely. Opportunists and threat actors may exploit confusion and vulnerabilities stemming from changes in ways of working and serving customers. Banks should include risk professionals on agile-product-development teams and run controls tests in parallel. However, they may also need adjust their risk appetite upward and should make this explicit. Recent regulatory communications seem to indicate that such an adjustment, if well-examined and well-communicated, would be positively received (Exhibit 3).
3. Fulfill social mission to support households and businesses with credit
A majority of households and businesses will be negatively affected by the unprecedented nature and extent of the current health and safety measures. For example, in the United States, 74 percent of workers say they are living from paycheck to paycheck, while 58 percent are paid by the hour. For them, financial impact of quarantine measures and lack of employment—due to reduced sector activity, such as travel—will be particularly difficult. The stress will be especially acute for those who are already in debt. These individuals will likely need further support from banks to support day-to-day liquidity needs through credit. Even in places where household savings rates are high, such as in some Asian countries, a greater connection to global markets means more households and businesses are likely to be affected.
Among businesses, the impact will vary significantly by sector and by company. It seems quite likely at this point that travel and tourism, entertainment, automotive, oil and gas, and healthcare industries will be most affected due to disruptions in supply and demand. Within these sectors, smaller businesses, such as those that cannot shift to remote work and online delivery and those catering to the most vulnerable segments, are likely to be more affected.
Client response in Italy: Segmenting the client base can maximize the effectiveness of bank support
In addition to the government-mandated payment holiday on mortgages, some Italian banks are developing frameworks to assess which proactive actions may have the more effective outcome on clients, including considerations such as the following:
- level of COVID-19 impact, for example, geographical areas most affected by the virus
- type of loan, for example, primary-home mortgages, secondary-home mortgages, unsecured personal loan
- client delinquency stage
This segmentation allows the effective prioritization of cases based on their criticality. For example, clients that are most affected by COVID-19 and have a primary-house mortgage will be supported with the highest priority in case of need (exhibit).
From a credit perspective, banks should rapidly identify most affected sectors and customers to understand how they can be most supportive to their clients and community. Some are already considering relaxed payment schedules and availability of credit, and the media is already monitoring hardship requests. In doing so, banks might draw on lessons learned in Italy and elsewhere (see sidebar “Client response in Italy: Segmentation of the client base to maximize the effectiveness of the support”). This will include proactively engaging with clients to understand their situation, segmenting portfolios based on expected needs, developing an internal view of where support measures will be the most effective, and adjusting risk-mitigation actions for early delinquencies and for nonperforming exposures. While banks have taken some of these relief measures as part of natural-disaster response in the past, this situation will require a much broader geographical scope. Supporting clients in these critical times will deepen customer relationships and reaffirm the role of banks as key enablers of the economy.
Regulators around the globe understand the challenge and are already relaxing rules for banks. For example, the ECB announced on March 12 that banks can fully use their capital and liquidity buffers. Banks will be allowed to operate temporarily below the level of capital defined by the Pillar 2 Guidance, the capital conservation buffer, and the liquidity coverage ratio. The ECB also suggested that national authorities relax their required countercyclical capital buffers. In Asia, the Bank of Japan has loosened the monetary policy through conducting various operations including purchases of Japanese government bonds, US dollar funds-supplying operations, exchange-traded funds, and real estate investment trusts. In the United States, regulators have expressed support for firms that choose to use their capital and liquidity buffers to lend and undertake other supportive actions in a safe and sound manner, saying that these buffers were designed to support the economy in an adverse situation; this will also allow banks to continue to serve households and businesses.
From a liquidity perspective, the simultaneous supply and demand shock has stressed companies across industries, pushing them to draw on credit lines to support working capital and stockpile cash. Additional drawdowns in commercial as well as retail lines of credit are also to be expected, in combination “with a flight to quality” toward deposits of certain customer segments, such as wealth-management clients. Strong internal liquidity-management practices will be required for banks to be maximally effective in supporting market liquidity and changing customer borrowing needs. The severity of the crisis is likely to lead to larger-than-expected drawings on credit lines. High market volatility will also elevate margin calls for derivatives. The liquidity coverage ratio as a measure of outflows over a one-month period may not be enough to capture all the risks to liquidity from a longer period contagion. Banks will need to upgrade their risk models and mobilize collateral for refinancing at central banks.
Banks should remain vigilant about liquidity measures to support their customers and confirm that telling indicators, such as corporate-deposit rates and interbank lending, are monitored with the right level of attention and escalation. Select leaders should ensure proactive communication and clear, deliberate signaling. It is even possible that US banks may be faced with the question of whether to pass on negative interest rates as banks have done in many European countries in recent years.
Stress testing financials to plan for the future
We anticipate that financial-institution performance will be hit across all dimensions—fees, interest revenue, losses, and expenses. However, variances will be substantial by sector and customer segment, with details depending significantly on the scenario that ultimately unfolds. While the exact financial impact of the COVID-19 crisis remains highly uncertain and will be bank dependent, we anticipate the following:
- Fee income likely will fall, driven by lower consumer spending in retail businesses, decreased assets under management in asset-management divisions, as well as slowdown in investment-banking activity. Some sales and trading businesses may be an exception: fixed-income flow volumes may increase, and high volatility will translate to elevated bid–ask spreads and potential mark-to-market gains.
- Net interest margins will remain compressed, as rates remain low or fall slightly further. Any increase in borrowing volumes, for example, from drawdowns on lines of credit, may be offset by losses in credit portfolios.
- Credit losses will be elevated across most sectors, across small businesses and in certain retail segments (for example, self-employed workers, hourly-wage earners, uncollateralized products). Within commercial banking, travel, tourism, and entertainment segments will be the hardest hit. Oil and gas lending may also be challenged, with ultimate outcomes depending heavily on geopolitical factors affecting oil production and price. Across all industries, smaller and less efficient businesses will be hit disproportionally.
- Remote work may increase costs for setup, and may cascade to lost wages normally paid to hourly workers and contingent staff. Operational losses due to fraud are also likely to increase.
To understand the impact on their own portfolio under rapidly evolving scenarios, banks need to apply testing tools, complemented by close continued monitoring. To do so, they can leverage their existing stress testing frameworks, such as the capital adequacy infrastructure developed as part of Comprehensive Capital Analysis and Review (CCAR) in the United States. To maintain safety and soundness and limit impact on financials, banks should maintain an up-to-date and scenario-based view of expected financial impact across businesses. In doing so, however, we believe five key imperatives should be borne in mind:
To understand the impact on their own portfolio under rapidly evolving scenarios, banks need to apply testing tools, complemented by close continued monitoring.
- Prioritize and iterate. Unlike regulatory stress testing, this is not a hypothetical exercise. Stress-test results have direct implications for decisions banks are making in real time. Banks will need to identify which industries and segments are in most imminent danger and quickly analyze and monitor data for early warning signals. That base will allow them to build a fuller view of the economic landscape iteratively, as the pandemic evolves.
- Reverse stress test to identify worst-impact scenarios. Regulatory stress testing, as well as most banks’ supplemental stress testing, lay out specific hypothetical scenarios to assess their potential impact. In today’s world, banks should look immediately to understand the outer limits of possible actions to support borrowers and markets during the trough.
- Build scenarios based around potential virus spread and human reaction. Building mere macroeconomic scenarios will not be helpful as these would be divorced from the underlying drivers of the crisis. Instead, scenarios should be built around the spread of the virus. This will require developing a range of expectations for the progression of the disease, government response, and supply and demand shifts, and only then looking at macroeconomic changes. Analyzing the interaction between supply and demand and associated impact on macroeconomic factors will be particularly complex, as there is no direct historical precedent. Historically linked variables, such as income and employment, may decouple. Typically decoupled variables may become more correlated, such as when multiple business-continuity-plan scenarios occur simultaneously across the globe. Also consider “knock-on” operational risk-like scenarios, for example, the impacts of food shortages.
- Examine performance assumptions built into existing models. Because the situation is unprecedented, assumptions built into models may not hold. For example, assumptions common in some treasury models have already been broken in this past week’s US Treasury price movements. As another example, collections-efficiency assumptions are unlikely to hold because of situation-dependent decisions on when and whether to collect at all.
- Incorporate implications of near-term actions, including on expenses. Most institutions have appropriately acted quickly to try and contain virus spread and protect their employees’ and customers’ health. If these measures remain in place for several months—consistent with China’s experience—their implications may be nontrivial and will need to be better understood.
As deposit gatherers, credit grantors, and payment facilitators, banks play a vital role in the functioning of the economy. They are not simply commercial enterprises but provide important services to individuals and communities. Their health, and that of their workforce, the continuity of their operations, and their safety and soundness are therefore critical. The last financial crisis led to much emphasis on the systemic risks posed by banks; the current one, which has entirely originated from outside the banking system, provides the opportunity for banks to prove their role as systemic stabilizers, delivering services at least in part for social good. Needless to say, this will require very careful thinking and trade-offs among various short- and medium-term options.
In doing so, bank leaders should bear in mind that this crisis is likely to reinforce, in direct proportion to its extent and duration and maybe even more, a number of existing trends. Workplace dynamics and talent management, already evolving in a digitizing world, may be durably changed after an extended period of remote working. As they settle into their new routines over the next weeks or months, banks should consider this as a testing ground for what does and does not work and draw implications for their HR, organizational, governance and culture transformations. Likewise, customer routines and expectations may also shift further in meaningful proportions, both in terms of digital adaptation and the expectation for proactive communication and care. Operational resiliency is also bound to remain critical with mounting risks of pandemics, societal and geopolitical tensions, and climate change. Banks should carefully draw on the lessons that the current situation offers and use them to inform their digital transformation, while building a much higher degree of both operational and financial resiliency.
Kevin Buehler and Hamid Samandari are senior partners in McKinsey’s New York office, where Olivia Conjeaud and Laura Webanck are associate partners, and Lorenzo Serino is a partner. Vito Giudici is a senior partner in the Hong Kong office. Marco Vettori is a partner in the Milan office. Olivia White is a partner in the San Francisco office.
The authors wish to thank Sameer Kumar, Joy Long, Michael May, and Matt Steinert for their contributions to this article.
Explore a career with us
Related articles.
COVID-19: Implications for business
Leadership in a crisis: Responding to the coronavirus outbreak and future challenges
Responding to coronavirus: The minimum viable nerve center
- Publications
Business Continuity Management (BCM) has hitherto meant protecting organisations against events like natural calamities, geo-political disturbances, cyber-attacks and other disruptions that have the potential of interrupting smooth functioning of an organisation. An unknown virus, i.e., coronavirus, of the size of 0.125 microns, unleashed a once in a century pandemic and completely redefined our understanding of BCM.
At risk this time were lives, livelihoods, systems and processes and, especially for regulators like the Reserve Bank of India (RBI), potential systemic disruptions in market infrastructure, cyber systems, business processes and operations, communication and availability of skilled personnel. We in RBI mobilised on an unprecedented scale and speed to put in place a cross-functional response that ensured the discharge of all our responsibilities and mandates effectively without compromising on the well-being of our employees and their families.
Through these troubled times, RBI had to (a) continually assess and revalidate its readiness for uninterrupted operations; (b) leverage varied data feeds for continuous monitoring; (c) consider consequences and impacts of its measures; and (d) design and implement rapid but co-ordinated responses across verticals. We also proactively communicated through public statements and in other forms of guidance, reassuring the public at large about the stability and resilience of the financial system while supporting banks and financial institutions and the economy as a whole. Our basic message was: RBI is tirelessly at work to shield the Indian economy from the pandemic.
From creating a globally acknowledged bio-bubble to keeping payment and settlement and treasury operations running glitch-free, to introducing innovative monetary and liquidity instruments, to taking care of its over 13000 employees and their families by extending adequate support, financial or otherwise, to ensuring adequate availability of currency in the country, RBI was at the frontline, ceaselessly nurturing India’s financial system and ensuring that it successfully sails through uncharted waters.
This compendium seeks to put together the various measures taken by RBI during the COVID-19 pandemic times. I congratulate our Corporate Strategy and Budget Department for bringing out this comprehensive compendium in co-operation with other departments. In doing so, I am reminded of the words of Mahatma Gandhi, and I quote: “If patience is worth anything, it must endure to the end of time. And a living faith will last in the midst of the blackest storm” 1 .
Shaktikanta Das Governor Reserve Bank of India
February 17, 2023
“Failing to plan is planning to fail” - Benjamin Franklin 2
When the COVID-19 pandemic began, there was no standard operating procedure on how to tackle this once-in-a-lifetime cataclysm. The Reserve Bank of India (RBI) mobilised on an unprecedented scale and speed to safeguard lives and livelihood while ensuring the uninterrupted conduct of its crucial functions and unstinted support to employees, service providers and other stakeholders.
Central office departments (CODs) and regional offices (ROs) undertook various measures, like work from home (WFH) protocols; quarantines; direct settlement of hospital bills; dedicated COVID-19 care package for employees including vaccination drives; modifications of regulatory prescriptions for regulated entities and financial markets; ensuring availability of adequate currency across the country; and maintaining a hot standby for glitch-free treasury operations, among various other pandemic related business continuity measures and processes.
This compendium encapsulates RBI’s fight against the pandemic. It is not just a compilation but also a testimony of courage and dedication in the face of daunting and life-threatening challenges.
The compendium is organised into three parts, viz., Introduction, Measures and Epilogue. It covers actions taken across diverse areas such as human resources, information technology, currency management, monetary policy, liquidity management, internal debt management, financial institutions and financial markets and their regulation and supervision, customer grievance redressal, foreign exchange, communication, payment and settlement systems, financial inclusion, banking services for governments and banks, internal accounting and auditing, service provider management, premises and special measures taken by the Regional Offices.
This compendium has been prepared in the Business Continuity Management (BCM) Division of Corporate Strategy and Budget Department (CSBD) under the supervision of Shri Jose J Kattoor, Executive Director. Smt Rajani Prasad, Chief General Manager, CSBD provided overall guidance and led the BCM team comprising Shri Sumed Jawade, General Manager, at the helm, Smt Arunothaya M, Assistant General Manager, Shri Akash Choudhary, Manager, Shri Akshay Singh Rathore, Manager and Ms. Mahima Chaudhary, Manager. Dr. Vineet Kumar Srivastava, Director, Department of Economic Policy and Research (DEPR), Shri Suddhasattwa Ghosh, General Manager (retired) and Smt Shailaja Singh, Deputy General Manager, Financial Inclusion and Development Department made editorial contributions. Shri Abhay Mohite, Assistant Manager, DEPR made valuable contributions to designing the cover jacket of the compendium.
The compendium is available on the Reserve Bank’s website ( www.rbi.org.in ). Feedback / comments, if any, may be sent to Chief General Manager, Corporate Strategy and Budget Department, Central Office, 2nd Floor, Main Building, Reserve Bank of India, Shahid Bhagat Singh Marg, Fort, Mumbai – 400 001 or through email ( [email protected] ).
Michael Debabrata Patra Deputy Governor Reserve Bank of India
Chapter I Introduction
“No pessimist ever discovered the secret of the stars, or sailed to an uncharted land, or opened a new doorway for the human spirit.” - Helen Keller 3
I.1 Shocks, whether macro or micro; external or internal, can throw a spanner in the seamless functioning of an organisation. A commitment to organisational resilience in letter and spirit equips and empowers an organisation to tackle the challenges 4 posed by the ever-evolving business environment. In keeping with this, business continuity planning helps an entity to build and improve resilience and provides the capability for an effective response to upsetting events. Defined as the capability of an organisation to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident, 5 business continuity planning is the ability to stay in business after a disaster strikes and recover to an operational state within a reasonably short period.
I.2 The global financial crisis of 2008-09 and the COVID-19 pandemic have dispelled the notion that tail risks to the financial system will materialise only rarely. Hence, it is imperative that the approach to risk management should be in tune with the realisation of more frequent, varied and bigger risk events than in the past. Institutions must remember the old saying that care and diligence bring luck. To paraphrase Oscar Wilde, being caught unprepared in the face of a shock may be regarded as a misfortune, but to be caught unawares more than once may be a sign of carelessness. 6
I.3 The significance of business continuity planning gains even more prominence during the occurrence of black swan events like the COVID-19 pandemic. In the face of this Knightian uncertainty 7 , RBI stepped forward and proactively dealt with the organisational and management challenges that arose during the pandemic. It also responded swiftly and comprehensively for securing critical business processes and ensured business continuity in the financial system. With the pandemic and geopolitical tensions looming large on the global economy, RBI worked tirelessly to mitigate their adverse impact on the Indian financial system and the economy. In the words of Mahatma Gandhi, “it is when the horizon is the darkest and human reason is beaten down to the ground that faith shines brightest and comes to our rescue.” 8
I.4 COVID-19 posed challenges to business continuity not only in terms of safety and health of RBI’s human resources, but also in securing availability of an adequate contingent of healthy and skilled personnel to efficiently perform its operations and functions. In response, all the Business Units (BUs) 9 took measures that ensured smooth functioning of RBI’s activities.
I.5 This compendium chronicles RBI’s response to the COVID-19 pandemic, rather than providing only a summary description of steps taken by BUs. It also compares the steps taken by other central banks during the period. It is intended that this compendium shall serve as a reference document for future.
Chapter II The Measures
Human Resources
II.1 The strength of an institution lies significantly in its workforce. It is the harmonious correlation between personal goals and organisational values that enables an institution to attain greater heights. The COVID-19 pandemic posed significant risks affecting human health and endangering lives. Therefore, safeguarding the health and well-being of its employees was of paramount importance to the Reserve Bank of India (RBI) and various measures were taken in this direction.
II.2 To safeguard the health of its employees and also contain the spread of COVID-19, the concept of Work from Home (WFH) was introduced for the first time in RBI. This was done even before a nationwide lockdown was imposed by the Government of India (GoI). All the regional offices of RBI (ROs) were advised to work with bare minimum staff and steps were taken to obtain special permission from various authorities to ensure that persons associated with entities authorised by RBI for operating critical payment systems could access their workplaces (other than the centralised payment systems (CPS), which is dealt with subsequently).
II.3 Due to the risk of direct exposure to infection from people and surfaces, protective gears and face shields were provided to security guards and maintenance staff as they were frontline workers. Office premises were sanitised at periodic intervals. An alternate office site was immediately setup at one of the residential colonies in Mumbai to as a safe and secure location for the top management of RBI to work from.
II.4 In March 2020, employees were advised to restrict their domestic travel to essential ones and not undertake foreign visits unless specifically approved by the top management. RBI’s training establishments were advised not to conduct any training programmes till further orders and ROs and central office departments (CODs) were instructed not to depute staff for any domestic or foreign training programmes. Employees were also advised to take preventive measures enumerated below, to curb the spread of COVID-19:
a) Maintaining social distancing;
b) Observing good personal hygiene starting with the practice of washing hands frequently with soap and cleaning hands with alcohol-based hand rub;
c) Following basic respiratory etiquette like covering mouth while sneezing and coughing;
d) Avoiding touching eyes, nose, and mouth;
e) Seeking medical care at the earliest if there was fever, cough or difficulty in breathing;
f) Staying informed and following instructions of healthcare provider;
g) Infected employees to follow quarantine instructions; and
h) Following the advisory on post-travel (air / road / rail) state specific quarantine requirements.
II.5 RBI took many proactive steps in respect of the medical requirements of its employees and retirees which were tweaked dynamically in view of the evolving situation over the period. Some of these are enumerated below:
a) A Standard Operating Procedure (SOP) for reporting of COVID-19 cases was issued, clarifying on the quarantine requirements and WFH during the quarantine period. The SOP facilitated coordinated reporting of COVID-19 cases across RBI and contained general advisory for nodal officers of CODs and ROs on matters pertaining to COVID-19.
b) To effectively follow the policy of test, track and treat, various Rapid Antigen Testing and Reverse Transcription Polymerase Chain Reaction (RTPCR) testing camps were conducted across the offices of RBI.
c) RBI introduced dedicated isolation arrangements for employees and dependent family members with hospitals in various centres for quarantine requirements. This was later extended to staff of service providers working on critical operations.
d) A dedicated ‘Home Care Package’ was introduced for COVID-19 infected employees and family members.
e) In case of mild symptoms which did not require hospitalisation, home quarantine was advised as per government guidelines.
f) With the possibility of children being infected in the third wave of COVID-19, specialised children’s hospitals were empanelled for direct settlement.
g) Wherever necessary, powers were delegated to ensure frictionless admission to hospitals.
h) ROs having arrangement with local empanelled service providers, were advised to provide medicines to retirees at their doorstep.
i) Medical facilities were extended to part-time / contractual doctors (BMO / BMC) and pharmacists of RBI as a welfare measure in view of their role as frontline workers during the pandemic.
j) Settlement of bills for COVID-19 related medical charges were permitted beyond the rates prescribed under the medical schedule in view of the increased rates due to demand-supply mismatches.
k) In view of COVID-19 cases being reported regularly, quarantine facilities were arranged in the residential colonies for staff and their family members.
l) During the 2nd wave of the COVID-19 pandemic, ROs were advised to purchase oxygen concentrators for dispensaries, to counter the shortage in hospitals.
m) ROs were advised to provide immunity boosting medicines to employees and their family members through dispensaries to ensure better immunity.
n) Vaccines were provided centrally from pharmaceutical companies for Mumbai and a few other centres.
o) RBI also tied-up with various hospitals for vaccination of its staff and their dependent family members. Several COVID-19 vaccination camps were conducted at various RBI premises and colonies. The staff and their family members were sensitised to get vaccinated at the earliest.
II.6 Instructions for granting leave were liberalised to minimise hardship to employees:
a) On account of the sudden nation-wide lockdown announced by GoI, those employees who were on pre-sanctioned leave with permission to leave headquarters were allowed to work remotely as they were unable to report back for duty.
b) Employees who contracted COVID-19 were permitted to avail special casual leave (SCL) for quarantine. This leave was available for fifteen days in a calendar year, excluding Saturdays, Sundays and holidays.
c) Admissible leave availed for self-quarantine purpose was not counted as an additional leave spell for the purpose of bad leave record.
II.7 Prior to COVID-19, senior officers were provided with laptop / Tablet PC / i-Pad while junior officers were provided laptops on a need-basis. To enable work from home during pandemic, Class III employees were also reckoned as eligible employees for allotment of laptops on a need-basis. Wherever considered necessary, laptops were temporarily allotted to contract employees / service providers providing critical support to RBI.
II.8 RBI adopted the approach of BEAT-UP-COVID, viz., Be nchmarking, A dministration, T weaking, U p-gradation, P aediatric care, C alibrating, O rganisation, V accinating, I nvolving and D e-stressing, by setting up a COVID-19 Response Group (CRG) to provide help on a real time basis to tackle the third wave of COVID-19 pandemic. The CRG was constituted to harmonise, synchronise, and oversee the diverse and disparate steps being taken at various levels.
II.9 RBI obtained membership of the GoI’s Aadhaar based Jeevan Pramaan Portal and Samadhan (RBI’s Human Resources Management Portal) was integrated with it to facilitate acceptance of life certificates in digital format. Pensioners could visit any Aadhaar Centre and generate Digital Life Certificate which could be updated in Samadhan automatically.
II.10 To avoid crowding at the entry / exit points, RBI introduced staggered office timings.
Information Technology
II.11 When the world experienced an unprecedented macroeconomic shock in the face of COVID-19, resulting in lockdowns, lack of accessibility, threat to life and an uncertain future, central banks across the world faced enormous challenges on multi-dimensional fronts. For RBI, this challenge included keeping its payments and market infrastructure 11 and internal functioning up and running efficiently. While observing adherence to COVID-19 protocols, RBI undertook innovative measures in discharge of its functions.
II.12 To perform the critical functions of RBI with zero downtime and with full efficacy, a secured, quarantine environment, viz., a “Bio-Bubble” arrangement was put in place for all the Data Centres.
II.13 After the concept of WFH was introduced, as stated earlier, laptops and access for work from home was provided. Access was also provided to Samadhan, from home. Anticipating the requirement of Video Conferencing (VC) facility over the internet, a collaborative platform for audio / video based interactions, viz., Sampark (a Video Conference Platform) was introduced. Virtual meetings were conducted through Sampark. Sarthi (RBI’s Electronic Document Management Application) was also introduced to further facilitate WFH. CODs and ROs were advised to invariably keep a backup of all important data / files and update them frequently, while ensuring the safety and confidentiality of data.
II.14 For the staff required to attend offices at various locations, arrangements were made to ensure uninterrupted supply of drinking water / tea and food in the premises. Regular announcements were made on public address system to ensure that staff / visitors attending office followed COVID-19 appropriate behaviour. Service providers / Data Entry Operators (DEOs) were asked to join the office on rotation basis during the pandemic period. Wash rooms and premises were sanitised regularly.
II.15 The Reserve Bank Staff College (RBSC) and the Zonal Training Centres (ZTCs) shifted to online training sessions.
II.16 To ensure business continuity, important applications like Bloomberg terminal, Refinitiv Eikon, Cogencis and Negotiated Dealing System - Order Matching (NDS-OM) were made available over internet by the respective service providers. In order to enable Secured Remote Access to RBI’s IT applications, two factor authentication (2FA) was configured on official Laptops.
II.17 Internal meetings of the Inter-Departmental Group (IDG) on growth and inflation and the Commodity Price Monitoring Group (CPMG) transited from physical presentations to online interactions and information flow in the run up to policies was uninterrupted.
II.18 The landline contact numbers at CoDs were diverted to the respective official’s mobile handset to ensure continuity with no disruptions.
Currency Management
II.19 COVID-19 pandemic and the lockdown restrictions imposed thereafter, posed challenges for ensuring (a) undisrupted functioning of currency related activities through the currency management network comprising the printing presses, ROs and currency chests (CCs), branches of banks and the automated teller machines (ATMs); and (b) availability of adequate currency in every part of the country.
II.20 The major challenges faced included, ensuring sufficient printing of currency, timely supply of currency and ensuring availability of currency at the last point while bearing in mind the safety of treasure and human resources involved. Execution of the above activities involved considerable coordination with the multiple stakeholders in the network. Some of the measures taken are as under:
a) Paper mills and printing presses were advised to monitor inventory of raw materials and to activate a Business Continuity Plan (BCP);
b) The overall stock and withdrawal pattern of notes was closely monitored to ensure adequate availability of notes and coins in the ROs and the CCs;
c) Adequate supply of banknotes and coins in various denominations to the public was ensured by arranging dedicated trains and airlifting of currency;
d) To ensure speedier and timely supply of banknotes, increased emphasis was accorded towards direct remittances from printing presses to CCs.
e) Availability of cash in ATMs across the country was monitored by RBI on a daily basis to ensure timely replenishment, which involved close coordination between RBI, cash-in-transit companies and the government.
f) To tackle the accumulation of soiled notes and freeing up space in CCs, the ROs operated CVPS and the shredding and briquetting system (SBS) machines in extended hours and night shifts, wherever required.
II.21 With a view to enhance efficiency and productivity in currency management operations, the process pertaining to remittances of fresh notes (from presses to ROs of RBI, from ROs to currency chests and direct remittances to currency chests) was rationalised which reduced both the time involved in the remittance of currency and human intervention while handling currency.
Monetary Policy
II.22 In March 2020, the policy repo rate was reduced by 75 basis points to 4.40 per cent. It was decided to maintain the accommodative stance of monetary policy as long as considered necessary to revive growth, mitigate the impact of COVID-19, while ensuring that inflation remained within the target. The fixed rate reverse repo rate, which sets the floor of the Liquidity Adjustment Facility (LAF) corridor, was reduced by 90 basis points to 4.00 per cent, thus creating an asymmetric corridor.
II.23 In April 2020, the fixed rate reverse repo rate was reduced by 25 basis points to 3.75 per cent. In May 2020, the repo rate was cut by another 40 basis points to 4.00 per cent and the fixed rate reverse repo rate by a similar magnitude to 3.35 per cent. Fine-tuning variable rate repo auctions were conducted during March 2020 to provide flexibility to the banking system in its liquidity management towards the year end. As a special case, standalone primary dealers (SPDs) were allowed to participate in these auctions along with other eligible participants.
II.24 On September 11 and September 14, 2020, RBI conducted two 56-day term repo auctions for amount totalling to ₹1.0 lakh crore to foster orderly market conditions.
II.25 As per Section 45ZI (1) and (2) of the Reserve Bank of India Act, 1934, RBI is required to convene at least four meetings of the Monetary Policy Committee (MPC) in a year and the schedule of the meetings of the MPC for the year has to be published at least one week before the first meeting in that year. However, due to the evolving macroeconomic situation arising out of the COVID-19 pandemic, off-cycle meetings of MPC were convened in March and May 2020.
II.26 The Governor, RBI held periodic press conferences, issued statements in the press where the rationale of RBI’s actions were explained in the best traditions of accountability and transparency, the hallmark of a modern market-based approach to monetary policy making. 13 This acted as a major confidence boosting measure during the uncertain times.
Liquidity Management
II.27 To optimise human resource deployment in the context of disruptions caused by COVID-19 and to provide eligible participants of LAF / Marginal Standing Facility (MSF) greater flexibility in managing their end of the day cash reserve ratio (CRR) balances, RBI decided to provide an optional automated sweep-in and sweep-out (ASISO) facility in its eKuber (RBI’s Core Banking Solution).
II.28 The following schemes / operations were announced since the onset of COVID-19, to mitigate liquidity stress in regulated entities and markets.
a) Long Term Repo Operations (LTROs) were announced for a cumulative amount of ₹2.00 lakh crore, of which ₹1.25 lakh crore was availed. These were for tenors of one year and three years, respectively.
b) In view of the tightening of financial conditions as reflected in the hardening of yields and widening of spreads, RBI conducted regular Open Market Operations (OMO) to ensure that the yield curve evolved in an orderly manner.
c) Secondary market G-sec acquisition programme (G-SAP) was announced, under which RBI committed upfront to a specific amount of open market purchases of government securities. Overall, net liquidity injected through OMO purchases, including G-SAP, amounted to ₹3.13 lakh crore during 2020–21 and ₹2.10 lakh crore during 2021-22.
d) In order to distribute liquidity more evenly across the yield curve and improve transmission, 22 auctions of operation twists (OTs) were conducted during 2020-21 and 2021-22.
e) To facilitate year-end liquidity management of SPDs, the limit of liquidity available to them under the Standing Liquidity Facility (SLF) was enhanced from ₹2,800 crore to ₹10,000 crore till April 17, 2020.
f) As a one-time measure to help banks tide over the disruption caused by COVID-19, it was decided to reduce the cash reserve ratio (CRR) by 100 basis points to 3.0 per cent of net demand and time liabilities (NDTL) with effect from the reporting fortnight beginning March 28, 2020. This reduction in CRR released primary liquidity of about ₹1,37,000 crore uniformly across the banking system. Furthermore, the requirement of minimum daily CRR balance maintenance was reduced from 90 per cent to 80 per cent, which was in effect till September 25, 2020. SCBs were also allowed exemption from maintenance of cash reserve ratio (CRR) on incremental credit disbursed by them between January 31 and July 31, 2020 on retail loans for automobiles, residential housing and loans to MSMEs.
g) Under the MSF, banks could, prior to the COVID-19 pandemic, borrow overnight at their discretion by dipping up to 2 per cent into the Statutory Liquidity Ratio (SLR). To provide comfort to the banking system, the limit was increased from 2 per cent to 3 per cent of their NDTL effective March 27, 2020. This measure was available up to December 31, 2021. This provided comfort to the banking system by allowing it to avail an additional ₹1,37,000 crore of liquidity under LAF window in times of stress.
h) Targeted Long-Term Repo Operations (TLTROs) 14 were announced on March 27, 2020 for a cumulative amount of ₹1 lakh crore. Liquidity availed by banks under the scheme was required to be deployed in investment grade corporate bonds, commercial paper, and non-convertible debentures {including Mutual Funds and Non-Banking Financial Company (NBFC)} over and above the outstanding level of their investments in these bonds as on March 27, 2020. TLTRO 2.0 was announced on April 17, 2020 for tenors up to three years for ₹50,000 crore, to further augment the scheme (providing adequate system level liquidity as well as targeted liquidity provision to sectors and entities experiencing liquidity constraints).
i) Considering the impact of disruptions due to the lockdown and social distancing, it was decided to temporarily suspend the revised liquidity management framework and the window for Fixed Rate Reverse Repo (FRRR) and MSF operations were made available throughout the day with effect from March 31, 2020. This was intended to provide eligible market participants with greater flexibility in their liquidity management. The window timings of FRRR and MSF were brought back to normal with effect from March 1, 2022.
j) To minimise the risks arising due to COVID-19, the trading hours for various RBI regulated markets were revised to begin at 10.00 am and close at 2.00 pm effective from April 7, 2020. Subsequently, with the phased removal of lockdown and easing of restrictions on movement of people and resumption of normal functioning of offices, the trading hours were restored in a phased manner, beginning November 9, 2020.
k) Special refinance facilities (including additional standing liquidity facility) cumulatively amounting to ₹1,41,000 crore were provided to all India financial institutions (AIFIs) viz., National Bank for Agriculture and Rural Development (NABARD), Small Industries Development Bank of India (SIDBI), National Housing Bank (NHB) and Export-Import Bank of India (EXIM Bank), to support their role in meeting funding requirements of various sectors.
l) With a view to ease liquidity pressures on Mutual Funds (MF), a special liquidity facility (SLF-MF) of ₹50,000 crore for banks was opened to meet the liquidity requirements of mutual funds. Under the SLF-MF, RBI conducted repo operations of 90 days tenor at the fixed repo rate. The SLF-MF was on-tap and open-ended. The scheme was available from April 27, 2020 till May 11, 2020. Later, the regulatory benefits announced under the SLF-MF scheme were extended to all banks, irrespective of whether they availed funding from RBI or deployed their own resources under the scheme.
m) In July 2020, RBI injected liquidity through back-to-back funding by subscribing to government guaranteed special securities issued by a special purpose vehicle (SPV) to improve liquidity position of NBFCs (including Micro-Finance Institutions - MFIs) / Housing Finance Companies (GoI notified scheme of ₹30,000 crore) to avoid any potential systemic risks to the financial sector.
n) To increase the focus of liquidity measures on revival of activity in specific sectors, on October 9, 2020, on tap TLTRO scheme was announced up to three-year tenor for a total amount of up to ₹1,00,000 crore at a floating rate (repo rate) with end-use guidance. The scheme was extended till December 31, 2021.
o) To provide an additional avenue for liquidity management, LAF and MSF were extended to Regional Rural Banks (RRBs), subject to meeting certain conditions, on December 4, 2020.
p) An on-tap term liquidity window of ₹50,000 crore was announced to ease access to emergency health services, with tenors of up to three years at the repo rate till June 30, 2022.
q) To provide further support to small business units, micro and small industries, and other unorganised sector entities adversely affected during the pandemic, special three-year long-term repo operations (SLTROs) of ₹10,000 crore at repo rate were conducted for the Small Finance Banks. The funds so raised were required to be deployed for fresh lending of up to ₹10 lakh per borrower. This facility was initially made available till October 31, 2021 and later extended to December 31, 2021.
r) A separate liquidity window for contact intensive sectors for an amount of ₹15,000 crore was announced with tenors of up to three years at the repo rate till June 30, 2022.
II.29 A hot-standby dealing room and back office (HSDRBO) site was made operational as an alternative site at another location of RBI where a few dealers were stationed permanently. During normal times, the dealing rooms carry out Markets Intervention Operations, LAF Operations, OMOs and other tasks as assigned internally. However, commencing March 18, 2020, critical activities were carried out from BCP site. From May 11, 2020 onwards, the staff at HSDRBO, resumed normal working from office and critical operations were carried out jointly in co-ordination with the minimal staff working at the BCP site. As the staff started attending office in a staggered manner, operations at the BCP’s were closed with effect from August 21, 2020 and all activities were resumed fully from the dealing room jointly with HSDRBO.
II.30 In the second wave of the pandemic that spanned from April 2021 onwards, the TSCAs pertaining to the dealing room were efficiently conducted by officers working from home.
II.31 On a review of financial market conditions affected by the spread of COVID-19 and taking into consideration the requirement of US Dollars in the market, it was decided to undertake two 6-month US Dollar sell / buy swaps in March 2020 to provide liquidity to the foreign exchange market, which cumulatively provided US Dollar liquidity amounting to USD 2.7 billion.
II.32 The Ways and Means Advances (WMA) limit of states / union territories (UTs) was enhanced first by 30 per cent and then by 60 per cent over and above the level as on March 31, 2020. The increased limit was made available till September 30, 2020.
II.33 As financial conditions eased, a calibrated restoration of the revised liquidity management framework instituted in February 2020 was set in motion through rebalancing liquidity in a non-disruptive manner away from the fixed rate reverse repo operations to market based auctions of variable rate reverse repos (VRRRs).
Internal Debt Management
II.34 RBI successfully completed the government borrowing programme despite the multiple challenges and uncertainties posed. There was a record market borrowing by the central and the state governments due to COVID-19 and the borrowing calendar was periodically revised during the financial years 2020-21 and 2021-22. RBI adapted to the emerging circumstances by constantly reviewing the preparedness, collaborated with all stakeholders and ensured that the market borrowing programme was done seamlessly. Some of the measures taken by RBI are detailed hereunder:
a) To strengthen the business continuity planning arrangements and to remain in operational readiness, alternative emergency back-up sites were identified at various RBI office locations in Mumbai and elsewhere. Further, back-up resources having prior experience of conducting auctions and related activities were identified from alternate offices.
b) To provide greater comfort to the central and state governments in undertaking COVID-19 containment and mitigation measures, and to enable them to plan their market borrowings, the WMA limit was enhanced. The limit for WMA of the GoI for the remaining part of first half of the financial year 2020-21 (April 2020 to September 2020) was revised from ₹1,20,000 crore to ₹2,00,000 crore. The WMA limit for GoI for the second half of 2020-21 was fixed at ₹1,25,000 crore, an increase of 257 per cent over the previous half year (second half of 2019-20).
c) Several state governments created and maintained a Consolidated Sinking Fund (CSF) to facilitate redemption of state’s market loans in an orderly manner and to increase their credibility in raising loans at lower rates in future through auctions. The scheme for constitution and administration of CSF for state government was reviewed and the rules governing withdrawal from CSF were relaxed, while ensuring that a sizeable corpus is retained in the Fund.
II.35 Based on a review of the rapidly evolving situation, and consistent with the globally coordinated action committed to by the Basel Committee on Banking Supervision (BCBS), regulatory measures were announced 15 to alleviate the impact of COVID-19 on the global banking system. Governor, Shri Shaktikanta Das summed up RBI’s actions stating, “The Reserve Bank is not hostage to any rule book and no action is off the table when the need of the hour is to safeguard the economy.” 16 In view of this, while regulatory prescriptions were eased during COVID-19, the dispensations were not unbridled and sunset clauses were inbuilt in most cases.
II.36 Measures were initiated to mitigate the burden of debt servicing and to ensure the continuity of viable businesses. The salient features of these measures included rescheduling of payments for term loans and working capital facilities, easing of working capital financing and exemption from classification of special mention account (SMA) and Non-Performing Assets (NPA) on account of implementation of the above measures.
II.37 Based on the review and empirical analysis of counter cyclical capital buffer (CCyB) indicators, it was decided not to activate CCyB for a period of one year, i.e., till April 2021 and subsequently it was decided that it was not necessary to activate CCyB at that point in time.
II.38 It was decided that in respect of all accounts for which lending institutions decide to grant moratorium or deferment, and which were ‘standard’ as on March 1, 2020, the 90-days NPA norm shall exclude the moratorium period, i.e., there would be an asset classification standstill for all such accounts from March 1, 2020 to May 31, 2020. At the same time, with the objective of ensuring that banks maintain sufficient buffers and remain adequately provisioned to meet future challenges, they will have to maintain higher provision of 10 per cent on all such accounts under the standstill, spread over two quarters, i.e., March 2020 and June 2020. These provisions were allowed to be adjusted later against the provisioning requirements for actual slippages in such accounts.
II.39 Under RBI’s prudential framework for resolution of stressed assets dated June 7, 2019, in case of large accounts under default, scheduled commercial banks (SCBs) were required to hold an additional provision of 20 per cent if a resolution plan was not implemented within 210 days from the date of such default. Recognising the challenges to resolution of stressed assets in the then volatile environment, it was decided to extend the period for implementation of resolution plan by 90 days. Further extension of the resolution timelines was provided after a review on account of continued challenges to resolution of stressed assets in a volatile environment.
II.40 A window for resolution of COVID-19 related stress {applicable to all commercial banks (including small finance banks, local area banks and regional rural banks), all primary (Urban) co-operative banks / state co-operative banks / district central co-operative banks, NBFCs (including housing finance companies) and all India financial institutions – AIFIs} was provided to facilitate revival of real sector activities which were under financial stress due to economic fallout on account of the COVID-19 pandemic, subject to certain conditions.
II.41 The resolution framework was to be invoked not later than December 31, 2020 and had to be implemented within 90 days of invocation in respect of personal loans and 180 days of invocation for other eligible loan exposures.
II.42 With a view to conserve capital of banks to retain their capacity to support the economy and absorb losses in an environment of heightened uncertainty, SCBs were directed not to make any further dividend pay-outs from profits pertaining to the financial year ended March 31, 2020 until further instructions. This restriction was to be reviewed based on the financial position of banks for the quarter ended September 30, 2020. In April 2021, SCBs were allowed to declare dividend on equity shares from the profits for the financial year ended March 31, 2021, subject to certain conditions.
II.43 The Net Stable Funding Ratio (NSFR), which reduces funding risk by requiring banks to fund their activities with sufficiently stable sources of funding over a time horizon of a year to mitigate the risk of future funding stress, was required to be introduced by banks in India from April 1, 2020. It was decided to defer the implementation of NSFR initially by six months till October 1, 2020 and later to October 1, 2021. Accordingly, the guidelines on NSFR have come into effect from October 1, 2021.
II.44 To ease the liquidity position at the level of individual institutions, the Liquidity Coverage Ratio (LCR) requirement for SCBs was brought down from 100 per cent to 80 per cent with effect from April 17, 2020. The requirement was gradually restored back in two phases, viz., 90 per cent by October 1, 2020 and 100 per cent by April 1, 2021.
II.45 The capital conservation buffer (CCB) is designed to ensure that banks build up capital buffers during normal times (i.e., outside periods of stress), which can be drawn down if losses are incurred during a stressed period. Considering the potential stress on account of COVID-19, the implementation of the last tranche of 0.625 per cent of the CCB was deferred from March 31, 2020 to September 30, 2020 and then till October 1, 2021. The last tranche was implemented with effect from October 1, 2021.
II.46 Interest equalisation scheme on pre and post shipment rupee export credit was extended by the government of India for one year, i.e., up to March 31, 2021, with same scope and coverage and all extant operational instructions issued by RBI under the said captioned scheme continued to remain in force up to March 31, 2021.
II.47 With a view to facilitate greater flow of resources to corporates that faced difficulties in raising funds from the capital market and predominantly depended on bank funding, a bank’s exposure under the Large Exposure Framework to a group of connected counterparties was increased from 25 per cent to 30 per cent of the eligible capital base of the bank.
II.48 Banks were permitted to reckon the funds infused by promoters in their Micro, Small and Medium Enterprises (MSMEs) units through loans availed under the government’s credit guarantee scheme for subordinate debt for stressed MSMEs as equity / quasi equity from the promoters for purpose of debt-equity computation. Existing loans to MSMEs where the banks, AIFIs and NBFCs having aggregate exposure of not more than ₹25 crore and are classified as 'standard' as on March 1, 2020, were permitted to be restructured without a downgrade in the asset classification. The restructuring had to be implemented by March 31, 2021.
II.49 To mitigate the economic impact of the COVID-19 pandemic on households, entrepreneurs and small businesses, loan-to-value ratio (LTV) for loans against pledge of gold ornaments and jewellery for non-agricultural purposes was increased from 75 per cent to 90 per cent. This enhanced LTV was applicable up to March 31, 2021.
II.50 As per earlier regulations, claims secured by residential property falling under the category of individual housing loans were assigned differential risk weights based on the size of the loan as well as the LTV. Recognising the criticality of real estate sector in the economic recovery, it was decided as a countercyclical measure to rationalise the risk weights irrespective of the size of the loan amount.
II.51 In respect of working capital facilities sanctioned in the form of cash credit / overdraft, lending institutions could recalculate drawing power by reducing margins and / or by reassessing the working capital cycle for the borrowers. Such changes were not to result in asset classification downgrade.
II.52 The moratorium on term loans, the deferring of interest payments on working capital and the easing of working capital financing did not qualify as a default for the purposes of supervisory reporting and reporting to credit information companies (CICs) by the lending institutions. Hence, there was no adverse impact on the credit history of the beneficiaries.
Customer Grievance Redressal
II.53 The RBI Integrated Ombudsman Scheme (RBI IOS) was launched by Hon’ble Prime Minister, Shri Narendra Modi on November 12, 2021 . The scheme leveraged technology and innovation for enhancing the efficiency of RBI’s services and provided a customer friendly manner of lodging grievances at customer’s convenience and comfort. The Scheme adopted ‘One Nation One Ombudsman’ approach by making the RBI Ombudsman mechanism jurisdiction neutral with one portal, one email, and one address for the customers to lodge their complaints. The scheme provided a multi-lingual toll-free number which would give relevant information on grievance redress and assistance for filing complaints. As was the case with the earlier ombudsman schemes, the redressal continued to be cost-free for customers of banks and members of the public.
Financial Markets Regulation
II.54 In view of the difficulties arising out of reduced mobility and access on account of the lockdown, RBI curtailed the market trading hours for RBI-regulated financial markets. When the pandemic-related constraints eased, the trading hours were restored in a phased manner.
II.55 The following measures were taken by RBI to provide greater flexibility in complying with regulatory requirements during the pandemic:
(a) Foreign portfolio investors that were allotted investment limits under the voluntary retention route (VRR) for investment in debt securities between January 24, 2020 and April 30, 2020 were allowed an additional time of three months to meet their investment commitments.
(b) The timeline for implementation of legal entity identifier (LEI) in non-derivative financial markets was extended from March 31, 2020 to September 30, 2020.
(c) The implementation date for the directions on hedging of foreign exchange risk (dated April 7, 2020) was deferred from June 1, 2020 to September 1, 2020.
Submission of Returns
II.56 The submission of Form A and VII returns to RBI using digital signature was introduced. This ensured timely publication of press communique statements.
II.57 As many primary (urban) co-operative banks (UCBs), state co-operative banks and central co-operative banks were facing difficulties in finalising their Annual Accounts, they were given time up to September 30, 2021, (from June 30, 2021) to submit the returns to RBI.
Foreign Exchange
II.58 RBI increased the period for realisation and repatriation of export proceeds to India from nine months to fifteen months from the date of export, in respect of exports made up to or on July 31, 2020.
II.59 The timeline for completion of remittances against normal imports, i.e., excluding import of gold / diamonds and precious stones / jewellery (except in cases where amounts were withheld towards guarantee of performance) was increased from six to twelve months from the date of shipment for such imports made on or before July 31, 2020.
II.60 ROs were advised to consider, with the approval of their Empowered Committee, requests received from Full Fledged Money Changers (FFMCs) for extension of time for submitting renewal application if the requirement was on account of reasons relating to the COVID-19 situation.
II.61 Based on a letter from Department of Financial Services (DFS), Ministry of Finance to allow remittance service providers {under Money Transfer Service Scheme (MTSS)} to function normally and allowing the intended recipients to withdraw their money remitted from abroad, ROs were advised to direct all MTSS agents under their respective jurisdictions to ensure that (a) beneficiaries in India do not face problems in accessing the funds remitted to them under the MTSS; and (b) the payment services provided to beneficiaries by MTSS agents remained operational during the period of lockdown.
II.62 With a view to providing relief to borrowers facing difficulty in utilising already drawn down External Commercial Borrowings (ECBs) due to the COVID-19 pandemic induced restrictions, a one-time relaxation was provided, whereby unutilised ECB proceeds drawn down on or before March 01, 2020 could be parked in term deposits with authorised dealer category-I banks 18 in India, prospectively for an additional period up to March 01, 2022.
II.63 Due to the COVID-19 pandemic and considering the difficulties being faced in submitting returns, ECB returns were allowed to be submitted by borrowers through email. Similarly, considering the difficulties expressed by applicants in submitting payment instruments for paying compounding amount within 15 days of compounding order during the lockdown, payment of compounding amount beyond time limit was permitted. Further, personal hearings with the applicants were held in virtual mode, instead of in-person meetings.
II.64 In consultation with the GoI, receipt of foreign inward remittances from non-residents through non-resident exchange houses in favour of the ‘Prime Minister’s Citizen Assistance and Relief in Emergency Situations (PM-CARES) Fund’ was permitted subject to the condition that authorised dealer category-I banks shall directly credit the remittances to the Fund and maintain full details of the remitters.
Communication
II.65 Communication has gained importance although it works both ways – while too much of communication can confuse the market, too little may keep it guessing about the central bank’s policy intent. Therefore, central banks have to tread a very fine line. 19 RBI has been mindful of the importance of communication during this period given its multifarious responsibilities and wider ramifications of its actions.
II.66 Governor and Deputy Governors held regular meetings with the managing directors (MDs) and chief executive officers (CEOs) of major regulated entities. RBI ensured all channels of communication were kept open with major players in the financial system.
II.67 As two-way communication is important for making informed policy decisions. Therefore, RBI held detailed interactions with analysts, economists, researchers, banks, academic bodies and research institutions, trade and industry associations, and several others for monetary policy and other policy actions. This enabled building a confidence channel through communication and instilled wider confidence in RBI’s policies.
II.68 Beginning March 2020, several BCP resilience measures were taken, which inter alia, included:
a) Critical website operations relating to timely updation of content on RBI’s website were shifted to PDC and the staff deputed there were assigned the following responsibilities:
i) Co-ordination with IRIS Business Services Limited staff for timely updation and uploading of various documents on RBI’s website.
ii) Technical issues were handled in co-ordination with Reserve Bank Information Technology Private Limited (ReBIT), IRIS and the Department of Information Technology.
iii) Virtual Private Network (VPN) access was configured to put in place a BCP in case of non-availability of data centre.
Payment and Settlement Systems
II.69 With monthly transactions of around 124.68 crore in volume and ₹2.06 lakh crore in value, as on March 31, 2020, Unified Payments Interface (UPI) well served the payment needs of the public. To keep the vast system of electronic and paper-based payment systems (processing around 299.77 crore monthly transactions amounting to ₹155.90 lakh crore, as on March 31, 2020) running glitch-free, RBI acted immediately and earnestly.
II.70 For ensuring continuity in critical interfaces and preventing any disruption of services, authorised Payment System Operators (PSOs) were advised to ensure adequate Operational and Business Continuity Plans and take contingency measures to manage the risks. RBI closely co-ordinated with the National Payments Corporation of India (NPCI) and other authorised PSOs to ensure uninterrupted operations of all the payment systems.
II.71 The pandemic situation necessitated the use of digital payment options to ensure social distancing. The constituents of the payment systems were allowed to operate throughout the lockdown, which facilitated unhindered movement of people and other resources across the country and took care of smooth operations of the payments systems. Measures were taken to enhance public awareness on the availability of various digital payments that could be used from home. Authorised PSOs and participants were advised to undertake targeted multi-lingual campaigns to educate their users on the safe and secure use of digital payments.
II.72 Comprehensive business continuity arrangements and resilience measures were deployed by RBI during the COVID-19 pandemic. The operations of Clearing Corporation of India (CCIL), a systemically important Financial Market Infrastructure, are critical to the smooth functioning of banking services. RBI designated CCIL and its two subsidiaries, viz. Clearcorp Dealing Systems (India) Limited (Clearcorp) and Legal Entity Identifier India Limited (LEIL) as ‘Essential Service’ during the lockdown and ensured that CCIL adopted a comprehensive BCP. The operations of CCIL were closely monitored during the pandemic.
II.73 Overseas Principals which facilitated small-value cross-border remittances under MTSS were encouraged to use digital payments and afford direct credit to beneficiaries’ bank accounts wherever possible, to overcome difficulties faced by beneficiaries in collecting cash pay-outs from agent locations, due to COVID-19 protocols.
II.74 Direct Benefit Transfer (DBT) to the bank accounts of the beneficiaries for schemes of central and state governments was facilitated during the COVID-19 pandemic through Aadhaar Payments Bridge System (APBS) and National Automated Clearing House (NACH) platforms. More than ₹36,659 crore {₹27,442 crore [centrally sponsored scheme (CSS) and central sector schemes (CS)] and ₹9,717 crore [state government schemes (SGS)]} was transferred to the bank accounts of 16.01 crore beneficiaries {11.42 crore [CSS / CS] and 4.59 crore [State]} between March 24, 2020 and April 17, 2020. Till July 2021 (taking into account the first and second phases of COVID-19), an amount of ₹5.41 lakh crore was transferred to beneficiaries under DBT.
II.75 All the Central Counter Parties (CCPs), including CCIL, mark to market positions (MTM) and call MTM margin on a daily basis (and sometimes intraday) to avoid building up of risk and limit their current exposure. During peak COVID-19 triggered volatility, Initial Margin (IM) and MTM Margin increased and the increase in MTM margin was much higher than the increase in IM. In Securities segment, Volatility Margin was imposed on seven days between March and December 2020. There were some instances of Intraday MTM margin calls.
II.76 Criteria for counting of days while calculating the time available for resolving a failed transaction was modified.
II.77 RTGS was made available round the clock on all days of the year with effect from December 14, 2020. With this enablement, the settlement and default risks were reduced in the system and made the payments ecosystem more efficient. The system also facilitated settlement of Aadhaar Enabled Payment System (AePS), Immediate Payment Service (IMPS), National Electronic Toll Collection (NETC), National Financial Switch (NFS), RuPay and UPI transactions on all days of the week.
II.78 A standard operating procedure (SOP) was prepared to ensure availability of payment and settlement systems operated by RBI and minimise disruptions. The SOP clearly delineated roles and responsibilities of stakeholder departments, offices and agencies. Despite lockdown curbs being in effect during the pandemic, the SOP ensured timely and effective response in emergencies.
II.79 Timelines for compliance with various payment system requirements were extended.
Financial Inclusion
II.80 In the words of Governor, Shri Shaktikanta Das, “We must continue our efforts for greater financial inclusion in pursuance of the goal of sustainable future for all.” 20 During the pandemic, with a view to assess the ground level situation and understanding the challenges being faced by Business Correspondent (BC) agents in rendering services during the lockdown, comments / inputs were sought from banks, through Indian Banks’ Association (IBA) on the broad topics of impact on BC transactions, cash management, customer grievance redressal, technical issues, and inactive BCs. Further, good practices adopted by select banks, during the pandemic, to support and strengthen the BC model were shared with all the banks through IBA.
II.81 Meetings were held with banks and NABARD to deliberate, inter-alia, on issues related to BC Model, data submissions and so on. Most of these meetings, held through virtual mode in the WFH environment, helped in understanding different BC models being used by banks and their unique challenges. Inputs from these meetings also helped in identifying areas for improvement in the BC Model and resulted in timely submission of error-free data by banks.
II.82 To ensure that farmers did not have to pay penal interest and continued to derive benefits of the interest subvention scheme, 2% interest subvention (IS) and 3% prompt repayment incentive (PRI) to farmers was continued for the extended period of repayment up to August 31, 2020 or the date of repayment, whichever was earlier. Further, on account of movement restrictions imposed by state governments during the lockdown imposed in the second wave of COVID-19, the benefit was extended to the farmers whose accounts had become or would have become due between March 1, 2021 to June 30, 2021, for the extended period of repayment of loans up to June 30, 2021 or date of actual repayment whichever was earlier.
II.83 References received from the central government, state governments, NABARD and banks for declaring COVID-19 as a natural calamity were analysed in the context of the larger relief package announced by RBI, granting moratorium and restructuring to all borrowers.
II.84 The Lead Bank Scheme (LBS) which coordinates the activities of banks and other developmental agencies through various fora {State / Union Territory Level Bankers’ Committee (SLBC / UTLBC), District Consultative Committee (DCC), District Level Review Committee (DLRC) and Block Level Bankers’ Committee (BLBC)} to achieve the objective of enhancing the flow of bank finance to the priority sector and other sectors and to promote banks' role in the overall development of the rural sector. To achieve this, meetings of all the LBS fora are required to be convened at quarterly intervals. Despite lockdown, the meetings of LBS fora were conducted through virtual mode by convener banks and lead banks which were attended by ROs. The COD attended some of the SLBC meetings through VC.
II.85 Automation in uploading of Data in the Automated Data Extraction Project (ADEPT) portal was carried out and the production support and maintenance of ADEPT was done via roster to ensure social distancing.
II.86 Since conducting of awareness camps under the challenging circumstances would have been difficult, ROs were instructed to explore innovative approaches to promote financial literacy amongst the masses. Initiatives introduced included campaigns through various digital channels, such as, VC and social media. ROs also leveraged media channels such as community radio channels, local TV channels and local frequency modulation (FM) radio stations to impart financial education.
II.87 Financial Literacy Centres (FLCs) of SCBs (including RRBs) and rural branches of banks were instructed to explore innovative approaches, such as, leveraging digital technology for disseminating financial literacy content among various target groups.
II.88 For ensuring better monitoring of financial literacy activities conducted under Financial Literacy Architecture for Regional Office Environment-Unified Programme (FLARE-UP), FLCs and CFLs, quarterly reports were called for from ROs.
II.89 The conduct of Financial Literacy Week (FLW) 2021 with the theme, “Credit discipline and credit from formal institutions”, was undertaken in digital mode. Content in the form of posters were prepared for digital display by banks and other stakeholders.
Supervision
II.90 The challenges posed by the pandemic also offered an opportunity to innovatively meet the multifarious demands of the time, both with respect to the internal functioning of RBI as an organisation and in respect of conducting its statutory obligations.
II.91 RBI adopted a balanced approach for deployment of resources for off-site assessment and on-site inspection of the banks. On virtual mode, the Senior Supervisory Manager (SSM) teams engaged with the senior management of banks on a continuous basis on issues emanating from off-site surveillance and monitoring. On-site inspections were conducted adhering to all COVID-19 related protocols. Data was obtained from the banks for conducting off-site examination so that on-site visits could be minimised. Off-site inspection and IT examination of supervised entities (commercial banks / small finance banks / urban co-operative banks / non-banking financial companies) was conducted through Sampark.
II.92 In order to proactively sensitise the top management of the supervised entities, a series of meetings were convened online on cyber security preparedness and broad cyber / IT threats. More than 150 supervised entities represented by their MDs and CEOs and their Chief Technology Officers (CTOs) participated in the online meetings. User Acceptance Test (UAT) work related to Corporate Identification Number (CIN) validation was completed with limited resources during the lockdown period.
II.93 To ensure continuity in effective supervision of the authorised PSOs, ROs were advised to undertake off-site inspections by calling for required information / data and conducting virtual meetings. Off-site compliance audit of NPCI was conducted to verify the compliance of the earlier inspection observations. Inspection of CCIL was conducted annually, in both the years, viz., 2020 and 2021, in a timely manner. While it was decided that the inspection would be carried out in a hybrid mode (both on-site and off-site), majority of the inspection was conducted on CCIL’s premises observing all COVID-19 related protocols.
II.94 With reference to RBI’s internal inspection, while majority of the inspections were online, on-site inspections were carried out ensuring adherence to the local requirements and protocols. Data for conducting the inspections was called through returns over email.
Government Banking
II.95 With reference to discharge of statutory function of banker to government, despite COVID-19 related restrictions in place, RBI continued to facilitate the integration of various important government projects with RBI’s eKuber such as the Treasury Single Account System enabling just-in-time e-payments by Central Government Autonomous Bodies, and SPARSH [System of Pension Administration (Raksha)] of the Office of Controller General of Defence Accounts for pension payments. In addition, during 2020 and 2021, inspections of agency banks that undertook government business on behalf of RBI was done mostly on off-site basis.
Internal Accounting and Auditing
II.96 RBI is vested with the statutory responsibility of (a) preparing and transmitting to the central government, weekly accounts of the Issue and Banking Departments (the Weekly Statement of Affairs – WSA) and (b) transmit to the central government a signed copy of the annual accounts, and certified by the auditors within two months from the date on which the annual accounts of RBI are closed, both of which are TSCAs.
II.97 During the period affected by COVID-19, the WSA for each week ending on Friday was prepared and placed for approval before the Central Board / Committee of Central Board (CCB), as the case may be, by the staff working in the Bio-bubble. The annual closing of the books of RBI for the period 2019-20 (from remote location at PDC) and for 2020-21 (with limited availability of staff owing to outbreak of second wave) was successfully completed in time.
II.98 In order to ensure successful completion of annual closing and statutory audit, RBI initiated several measures including consultation with nodal CODs and ROs, preparation of detailed SOP with definite timeline for sub-processes, inputs / documents / reports required to be identified and kept ready for audit purpose. As the statutory audit of RBI was being conducted off-site manner for the first time, a special walk-through of all critical functions of RBI was conducted for those auditors auditing RBI for the first time. SOPs were shared with the auditors and detailed action plan was put in place and various financial reports electronically shared with the auditors, in advance. The above measures ensured that statutory audit was completed within the prescribed timeline and annual accounts submitted to the government for the accounting years 2020-2021 and 2021-2022. 21
Service Provider Management
II.99 For service provider management and outsourced staff at the various data centres, it was ensured that they followed protocols and attendance requirements. Meetings were arranged through Sampark and information was disseminated through emails.
II.100 To handle the IT related issues, likely to be faced by the officials of the Department of Currency Management (DCM) during WFH scenario, it appointed two Facility Management Services (FMS) engineers in order to ensure adequate back-up for such services and providing round the clock IT related support to all the officials.
II.101 Availability of services of empanelled service providers was ensured for handling IT and other critical operations running on on-site and off-site locations. Local Area Network (LAN) engineers were provided accommodation at residential colonies of RBI to ensure availability and smooth functioning of network services.
II.102 Centralised Administration Division, Accounts Section, HRMD (CAD) is the nodal section for payment of service provider bills and reimbursement to staff of most of the CODs. In the normal course, CAD makes such payments after receiving the duly sanctioned and audited original hard copies of bills. During the WFH scenario, the requisite documents were sought in soft copies and payment was done through eKuber. The post-payment audit of the bills settled by CAD was carried out through e-mail / soft copies.
II.103 For service provider management and outsourced on-site support for Audit Management and Risk Monitoring System (AMRMS), Inspection Department ensured that protocols and attendance requirements were adhered to. Adequate substitute arrangements were chalked out to take care of absence due to infection.
II.104 Renewal of Annual Maintenance Contracts (AMCs), floating of tenders and issue of work orders were done well within the stipulated time by Premises Department (PD) to ensure business continuity. Arrangement of taxi services to service providers was made during the lockdown to facilitate smooth functioning of the central office building (COB). To keep them motivated, various service provider teams were felicitated on their meritorious work during lockdown.
II.105 Interaction with the service provider for IRIS portal (ReBIT) was done through Sampark.
Meetings related measures
II.106 To avoid disruption in functioning, as conducting ‘in person’ meetings was no longer an option, they were convened online. Sampark, implemented in June 2020, aided in convening virtual interactions and meetings, both internal and external.
II.107 To fulfil the statutory requirements of holding at least six meetings of the Central Board in a year and at least once in each quarter, the meetings were held in virtual mode, over end-to-end encrypted mode of Sampark. A secure web-based application was already in use for circulating agenda papers electronically.
II.108 Similar to the meetings of the Central Board, face-to-face meetings of the Committee of Central Board (CCB), which as per convention are convened in the last week of the month, were also held over Sampark. Meeting of the Administrators of the Reserve Bank Employees' Provident Fund was also conducted through Sampark.
II.109 Upon easing of lockdown measures, meetings of the Central Board were convened ensuring strict compliance of COVID-19 protocols and observance of social distancing norms. These meetings were held in hybrid form with participants attending meetings seated in multiple rooms and connected through Sampark.
II.110 Meetings of the Senior Management Committee (SMC) and Deputy Governors’ Committee (DGC) were held through Sampark as and when required with participants provided necessary support to ensure smooth conduct of meetings.
II.111 A meeting of the Standing Committee on Finance was organised successfully on September 04, 2021, following all COVID-19 protocols.
II.112 Steps taken for maintenance and sanitisation of COB and safety measures in the context of the COVID-19 pandemic are given below:
a) MERV-13 filters and Ultraviolet Germicidal Irradiation (UVGI) assemblies were provided in all the Air Handling Units (AHUs) to arrest and deactivate bacteria, virus and fungi.
b) UV based disinfection boxes provided on all the floors to disinfect the papers.
c) Thermal Cameras (walk through) were installed at the entry to monitor body temperature of the staff and visitors.
d) Foot-operated and sensor-based sanitiser dispensers were provided on all floors and at entry / exit points of the building and in opposite the washrooms.
e) Hands-free soap dispensers, hand dryers and sensor-based taps were provided near wash basins, and foot-operated door opening mechanism were provided for the washroom doors.
f) Air Conditioning duct cleaning was carried out at COB at regular intervals and regular checking of Air Quality was introduced. Eight Air Handling Units (AHU) were replaced for providing better cooling at COB.
g) One set of 2x120 KVA Uninterrupted Power Supply (UPS) was replaced for providing uninterrupted power supply to critical IT related load of COB.
II.113 Being an unprecedented issue, the effects of pandemic impaired the execution of projects, especially due to lockdown, ban on construction works, restrictions in movement of men and material, de-mobilisation / mobilisation of labour and so on. To address certain issues / concerns raised by the service providers due to the financial crunch faced by them following steps were taken:
a) Extension of time was allowed without liquidated damages and price adjustment (wherever applicable).
b) Instructions were issued in June 2021, advising reduction of performance bank guarantee from 5 per cent to 3 per cent for tenders invited on or before December 31, 2021.
Regional Offices (ROs)
II.114 ROs are RBI’s front office. Most ROs were open even during lockdown ensuring that essential financial services were made available to all the stake holders and customers. They also ensured that the morale of the staff remained high so that they could cope with the pressures of dealing with the hitherto unknown life-threatening health hazard.
“We have lost lives and loved ones, but not hope, not the conviction that we will overcome and emerge stronger” - Shri Shaktikanta Das 22
The foregoing pages laying out RBI’s pandemic-time policy responses and process documentation intend to serve as a useful snapshot of its resolve to ‘do whatever is necessary to shield the economy’ in the face of an unprecedented crisis. As a central bank with perhaps the widest possible mandate and, so to say, more than a billion customers, COVID-19 underscored like never before the need for fine and fruitful intersection between our people, processes and technology 23 .
Viewing this sudden threat as an opportunity, RBI sought to reorganise its work processes to build in newer methods for process improvement and augmenting our roles, procedures and technologies. Governor, Shri Shaktikanta Das succinctly conveyed RBI’s commitment when, recalling Nobel Laureate Dr. Martin Luther King Jr.’s words, he said “We must accept finite disappointment, but never lose infinite hope.” Accordingly, this period witnessed, across verticals, a ceaseless cycle of observing, identifying, analysing and reworking of its business processes. 24
While the pandemic threatened to cause never-before disruptions across the business landscape, recognising its people as pivots, RBI chose to assign primacy to employee empathy so that the workforce well-being is not compromised and the employees remain safe and motivated. From proactively arranging for vaccination for all the employees and their dependents across locations to making its medical and welfare schemes more liberal and inclusive, for serving as well as the superannuated, to providing additional technological tools to its teams working in isolation, RBI’s focus on workplace empathy led to more innovative and effective employee-engagement initiatives through this period. In turn, RBI employees across CODs, ROs and also hierarchies, responded remarkably to the emerging work challenges and made sure that RBI continued to perform all its tasks efficiently.
Going ahead, this comprehensive approach to ideate, innovate and implement would be iterative and RBI stands committed to respond, monitor, design and optimise processes and policies so as to drive continuous improvements to its workflows and enhance outcomes.
1 Selections from Gandhi (Encyclopaedia of Gandhi's Thoughts); Chapter 16, Life of a Satyagrahi; YI, 17-6-26, 215; Nirmal Kumar Bose; Navajivan Mudranalaya, Ahemadabad-380014 India @ Navajivan Trust, 1960.
2 The Minneapolis Tribune (Star Tribune), Quote Page 10, Column 2, January 7, 1970.
3 Helen Keller – Books, Essays and Speeches – Part-III, Optimism – An Essay (1903) - Source: https://www.afb.org/about-afb/history/helen-keller/books-essays-speeches/optimism-1903 .
4 “The challenges of today will only strengthen our resilience and self-belief.” (Shri Shaktikanta Das, Governor, RBI - Governor’s Statement – August 6, 2020 ).
5 Business Continuity Institute (BCI) Good Practice Guidelines 2013.
6 Shri Shaktikanta Das, Governor, RBI at the 7th SBI Banking & Economics Conclave, July 11, 2020 .
7 “We are living in a world of Knightian uncertainty in the absence of determinate knowledge about the next mutation of COVID-19. The ability to forecast the future course of the economy is so contingent on the evolution of the virus that one prognosis is as good or as bad as the other and as ephemeral.” (Shri Shaktikanta Das, Governor, RBI - Governor’s Statement – February 10, 2022 ).
8 Mahatma Gandhi, Young India, March 21, 1929, Quoted by Shri Shaktikanta Das, Governor, RBI - Governor’s Statement – May 22, 2020 .
9 Business Units (BUs) are the central office departments (CODs), regional offices (ROs) and training establishments of the Reserve Bank of India.
10 Details at Box II.4
11 RBI worked through the COVID-19 pandemic to create a new real-time gross settlement system that can operate around the clock. This included the challenge of putting essential staff inside a “bio-bubble” to shield them from the virus. The new system shall open up avenues for greater payments innovation at lower cost.” (Central Banking Award for Payment and Market Infrastructure – Wholesale, 2022 conferred on RBI).
12 “We were perhaps the only central bank in the world to have set up a special quarantine facility with about 200 officers, staff and service providers, engaged in critical activities to ensure business continuity in banking and financial market operations and payment systems.” – Shri Shaktikanta Das, Governor, RBI - Governor’s Statement – August 6, 2020 .
13 Excerpts from address by Governor, RBI on March 4, 2022 – delivered at the National Defence College, Ministry of Defence, Government of India, New Delhi .
14 Targeted Long Term Repo Operations (TLTROs) allows banks to borrow funds from RBI over a one to three year period at the repo rate. The borrowing is against government securities with similar or higher tenure as collateral. The funds so borrowed can be utilised for investment in specific sectors through debt instruments {corporate bonds, commercial papers, and non-convertible debentures (NCDs)}. It was introduced to mitigate the adverse effects on economic activity due to pressures on cash flows across sectors, arising out of the COVID-19 pandemic.
15 RBI had taken numerous measures (over 100) during the pandemic. Many of these have been summarised in this compendium.
16 Shri Shaktikanta Das, Governor, RBI - Governor’s Statement – April 8, 2022 .
17 Translation: “This period of Amrit Mahotsav, this decade of 21st century is very important for the development of the country. The role of RBI is also very important in this. I am confident that Team RBI will live up to the expectations of the country.” “Through the Retail direct scheme, small investors in the country have got an easy and safe way to invest in government securities. Similarly, with the Integrated Ombudsman Scheme, One Nation, One Ombudsman System in the banking sector has become a reality today.”
18 Authorised dealer category-I banks are banks which are permitted to undertake all current and capital account transactions according to RBI directions issued from time-to-time.
19 “Be not careless in your deeds, nor confused in words, nor rambling in thought.” – Meditations by Marcus Aurelius, Book VIII, (51), (c. 161 - 180 AD).
20 Inaugural address by Shri Shaktikanta Das, Governor, RBI - July 15, 2021 - delivered at the Economic Times Financial Inclusion Summit .
21 RBI transited its accounting year from July to June to April to March in the year 2020-2021. 2020-2021 was a nine month year (from July 2020 to March 2021). In spite of the restrictions running on account of COVID-19, the transition was smooth and non-disruptive.
22 Shri Shaktikanta Das, Governor, RBI - Governor’s Statement – December 4, 2020 .
23 “Although social distancing separates us, we stand united and resolute. Eventually, we shall cure; and we shall endure.” (Shri Shaktikanta Das, Governor, RBI - Governor’s Statement – April 17, 2020 ).
24 “It is worthwhile to remember that tough times never last; only tough people and tough institutions do.” (Shri Shaktikanta Das, Governor, RBI - Governor’s Statement – March 27, 2020 ).
Practical Steps to Ensure a Bank’s Business Continuity During a Pandemic
Sandra Galletti & Dr. Steven Goldman | April 16, 2020
Not a Member? Subscribe Today For Free! Membership Includes:
- Free delivery of DRJ's Quarterly Magazine
- Free online access of DRJ's latest Magazine
- Free access to the DRJ Archives
- Informational Updates
- Conference alerts and information
- Free White Papers
- Free blog posting
- And much more!
Billions of Health Care Dollars at Risk Due to Weak Security in Remote Patient Monitoring
March 5, 2023
Data Security Guidance from the Only Private Data Network Company for RPM, which Employs Cryptographic Security Technology to Protect Patient...
McKay Brothers and Quincy Data Expand Lowest Latency Services to Toronto
March 3, 2023
Fastest private bandwidth now complements lowest latency market data in Toronto-TMX OAKLAND, Calif.--(BUSINESS WIRE)--McKay Brothers announced it has deployed the...
GigNet Names Karl Perman as Chief Security Officer
Highly Experienced International Cyber Security Professional Will Lead Expansion of the Company’s Product Suite for Protecting Clients from Cyber Crime...
March 8, 2023 – Fight Cyber Threats with Multi-layered Security
REGISTER TODAY >
On-Demand Webinars
March 1, 2023 – introduction to drj academy, february 23, 2023 – beyond definitions: making dei relevant to the continuity industry (bt3-01), february 15, 2023 – workspace recovery: essentials for success in 2023, february 8, 2023 – bcm & erm collaboration for effective risk management, january 18, 2023 – 2023 outlook: implementing active crisis management strategies, january 11, 2023 – operational resilience: lessons learned & a look ahead.
How Emergency Managers in the Electric Industry Prepare for and React to Hurricanes
Business Continuity Community Mourns the Loss of a Colleague
This Simple Tool Helps Keep You Prepared Amidst a Changing Climate
DRJ and Lambert Learning Debut Entry-Level BC Course with a Focus on Action
Articles & news, the journal.
March 5, 2023
Volume xiii, number 64.
March 05, 2023
- Federal Court Sentences Medical Clinics’ Co-Founder to Time Served of... by: U.S. Department of Labor
March 04, 2023
- The Benefits of Donating Cryptocurrency and Digital Assets by: Andie Kramer
- NIOSH Announces Publication of Article on the Results of 2019 Survey... by: Lynn L. Bergeson and Carla N. Hutton
- Beltway Buzz, March 3, 2023 by: James J. Plunkett
- How to Donate Cryptocurrency and Other Digital Assets to Charity by: Andie Kramer
March 03, 2023
- Visas for F and M Students Can Now Be Issued 365 Days Ahead of... by: Jacob A. Kanyusik and Rosa M. Corriveau
- Good News for Employers: Good Faith Belief of Compliance Precludes... by: Kate Gold and Sehreen Ladak
- Accepting Cryptocurrency and Digital Asset Donations: What Charities... by: Andie Kramer
- Telehealth in a Post-PHE World by: Arushi Pandya and Esperance Becton
- Europe: Is Eltif 2.0 a More Viable Structure for Long-Term Investment... by: Dr. Philipp Riedl
- New Jersey Court Says Employee Discharged for Discipline Not Entitled... by: Michael Nacchio and Zachary V. Zagger
- Expanding Regulatory Reach over Intermediaries That May Constitute... by: Peter Y. Malyshev and Maurine R. Bartlett
- How to Value Digital Assets for Donation to Charity by: Andie Kramer
- Supreme Court Clarifies the Meaning “Salary Basis” Under Federal... by: Brendan J. Lowd and Kathryn R. Droumbakis
- OIRA Calls for Feedback on Recommendations to Encourage More... by: Lynn L. Bergeson and Carla N. Hutton
- FTC’s One-Two Punch on Data Tracking and Health Privacy by: Ryan P. Blaney
- Justice and Commerce Departments Announce Creation of Disruptive... by: United States Department of Justice (DOJ)
- Biden Executive Order 14091 Strengthens Equity for Federal Agencies by: Molly A. Lawrence and Rachael L. Lipinski
- Justice Department Announces Application Form for Marijuana Pardon... by: United States Department of Justice (DOJ)
- HERE IT IS: The Czar’s HUGE Breakdown of the FCC NPRM is NOW... by: Eric J. Troutman
- Telehealth Update: DEA Issues Long-Awaited Proposed Rule on... by: Ellen L. Janos and Cassandra L. Paolillo
- CFPB Provides Guidance on Auto Finance Data Pilot by: Moorari Shah and A.J. S. Dhaliwal
- Two Maui Men Sentenced for Racially Motivated Attack on White Man by: United States Department of Justice (DOJ)
- US Executive Branch Update – March 3, 2023 by: Stacy A. Swanson
- Stillbirth Baby Lawsuits by: Lawrence J. Buckfire
- Backdating: What To Do … and Not To Do by: Eric Starr
- BIS Charging Letter by: Dr. Nick Oberheiden
- EPA Holds Third and Final TSCA Engineering Initiative Webinar by: Government Regulation
- House Energy & Commerce Subcommittee Holds Hearing on U.S.... by: Hunton Andrews Kurth’s Privacy and Cybersecurity
- Personal Jurisdiction of Opt-In Plaintiffs Under the FLSA: Will the... by: Matt Abee and Debbie Whittle Durban
- Recent CFPB Actions Focus on Protecting Military Families by: Moorari Shah and A.J. S. Dhaliwal
- New and Updated Guidance on the Scope of the UK Plastic Packaging Tax by: Oliver Bristow
- Rule 105 Revisited: SEC Actions Remind Private Fund Managers About... by: Scott Budlong and Scott L. Beal
- The Supreme Court Grants Petition to Decide Constitutionality of CFPB... by: Rachel Rodman and Keith M. Gerver
- Understanding Your Law Firm’s Value Proposition by: Bill4Time
- Spike in Migrants Crossing U.S.-Canada Border Raising Concerns by: Meredith K. Stewart
- Bill to Amend the Gramm-Leach-Bliley Act Introduced to Congress by: Hunton Andrews Kurth’s Privacy and Cybersecurity
- Energy & Sustainability Washington Update — March 2023 by: R. Neal Martin
- As EPA continues to move toward identifying PFAS as Hazardous... by: Jeffrey R. Porter
- Is an OSHA Workplace Violence Standard for the Healthcare Industry on... by: Wayne E. Pinkstone and Phillip J. Jones
- Yellen Calls on World Bank to Take Decisive Action on Climate Change by: Jason M. Halper and Jayshree Balakrishnan
- To Volunteer or Not: The Role of Community Association Board Members by: John S. Prisco
- The Future of Stablecoins, Crypto Staking and Custody of Digital... by: Anjali C. Das
- White House Climate and Environmental Justice Screening Tool by: Molly A. Lawrence and Rachael L. Lipinski
- "It Ain't Over 'Til It's Over" - Use Of A... by: Jennifer V. Boyer and John R. Sloan
- PTO Introduces Trademark Decisions and Proceedings Search Tool by: Bernard P. Codd
- FDA Issues Draft Guidance on Labeling of Plant-Based Milk Alternatives by: Lauren Petrin and Tracey T. Gonzalez
- Government Wins $43 Million Verdict in False Claims Act Case by: D. Jacques Smith and Randall A. Brater
- BETO Will Host March 23 Listening Session on Next Billion-Ton Report by: Lynn L. Bergeson and Carla N. Hutton
- Growing Calls to Ban Chinese Owned TikTok App and Other Software Apps... by: Kathleen M. Porter
- Advanced Planning Can Reduce Your Tax Burden When Buying Property or... by: Steven Hadjilogiou
- DEA Proposes Limited Post-PHE Telemedicine Prescription of Controlled... by: Amanda Enyeart and Marshall E. Jackson, Jr.
- So You're Green – Prove It or Be Prosecuted: ACCC Sweep Finds 57... by: Ayman Guirguis and Jessica C. Mandla
- California Court of Appeal Addresses When Violations are “Willful” or... by: Leonora M. Schloss
- What’s new in Belgium on the employment front? Part 1 – training plans by: Marga Caproni
- Nevada Legislature Mulls Creation Of Fund For Victims Of Securities... by: Keith Paul Bishop
- OSHA Activates U and T Nonimmigrant Visas—‘Law Enforcement Visas’—as... by: Leigh N. Ganchan and John Surma
- BREAKING DOWN THE PRIVACY ACT REVIEW REPORT #3: Removal of The Small... by: Cameron Abbott and Rob Pulham
- White House Releases National Cybersecurity Strategy by: Hunton Andrews Kurth’s Privacy and Cybersecurity
- FRB Releases LISCC Supervision Manual by: Daniel Meade
March 02, 2023
- Utah Passes Innovative DAO Legislation by: Robert B. Lamb
- Illinois High Court Rules “Per-Scan” Damages Can Be Awarded Under BIPA by: Anne-Marie D. Dao and David M. Poell
- Grassley-Wyden Bill Aims to Fix Broken Tax Whistleblower Law by: Mary Jane Wilmoth
- Lessons Learned From 2022’s Trade Secret Verdicts by: Steven J Pearlman and Joseph C O'Keefe
- Mass. AG Clamps Down on Local Solar and Battery Storage Moratoria by: Tess C. Edwards
- Dirty Steel-Toe Boots, Episode 16: Investigations and the OSH Act’s... by: Phillip B. Russell and Thomas R. Chibnall
- DOE Issues FOA for Carbon Capture Large-Scale Pilots and Carbon... by: Frederick R. Eames
- A Forward Look at IRA’s Sweeping Impact on the EV Sector [PODCAST] by: Birgit Matthiesen and Samantha Overly
- All Things Chemical: Product Stewardship, Supply Chain, and... by: Lynn L. Bergeson
- US Executive Branch Update – March 2, 2023 by: Stacy A. Swanson
- Gold Dome Report – Legislative Day 27 by: Stanley S. Jones, Jr. and Helen L. Sloat
- Delaware Court of Chancery Establishes Duty of Oversight Extends to... by: Ari B. Lustig and Robert A. Penza
- Are Highly Paid Daily Rate Workers Entitled to Overtime Under FLSA?... by: Shira R. Yoshor
- It’s Here – The New National Cybersecurity Strategy by: Kurt R. Erskine and Romaine C. Marshall
- NLRB Places New Limitations on Confidentiality and Non-Disparagement... by: Alexander Pringle and Daniel R. Strader
- Settlement Will Benefit Many Aging-Out Children in the Green Card... by: Tejas Shah
- SEC Commissioner Discusses Reform to Regulation D by: David J. Lavan and David A. Lopez-Kurtz
- Massachusetts AG Settles Enforcement Action Against Auto Lender by: Moorari Shah and A.J. S. Dhaliwal
- Employers Beware: Non-Disparagement and Confidentiality Covenants in... by: Charlotte F. Franklin and Irving M. Geslewitz
- Consultation Paper On Review of Corporate Governance Norms For A High... by: Anurag Shah and Parina Muchhala
- California’s War On The Fast-Food Industry Continues by: Anthony J Oncidi and Ariel N. Brotman
- EPA Releases Proposed Approach for Considering Cumulative Risks under... by: TCSA Blog at Bergeson Campbell
- Revised Colorado Privacy Act Rules Adopted for Review by Colorado AG by: Hunton Andrews Kurth’s Privacy and Cybersecurity
- H-2B Cap for Fiscal Year 2023 Is Met: A Supplemental Cap Increase... by: David J. Wagner
- As COVID-19 Emergency Waivers End, DEA Proposes to Expand Tele-... by: Conor O. Duffy
- How Employers Need to Prepare for the End of the COVID Public Health... by: Jacob Mattinson and Sarah G. Raaii
- USPTO To Transition To Electronically Granted Patents In April 2023 by: Courtenay C. Brinckerhoff
- Reductions in Force: Some High-Level Issues To Consider by: Brooke C. Bahlinger
- CMS Streamlines Stark Law Self-Referral Disclosure Protocol (SRDP) by: Michael W. Paddock and Amy J. Dilcher
- The Alice Eligibility Two-Step Dance Continues by: McDermott Will & Emery
- FTC is “Talking Trash” and Zeroing-in on “Recyclable” Claims by: Phyllis H. Marcus
- FTC Hosts Forum on Proposed Rule to Ban Noncompete Clauses by: Danielle Dillon and Marc N. Aspis
- Free Speech Shines Bright, Illuminates Patent Owner’s Right to Allege... by: Anisa Noorassa
- California Supreme Court to Address Rounding of Employee Time by: John P. Zaimes and Natalie C. Kreeger
- The Health AI Frontier: New Opportunities for Innovation Across the... by: Navid Fanaeian
Related Practices & Jurisdictions
- Coronavirus News
- Corporate & Business Organizations
- All Federal
- Printer-friendly
- Email this Article
- REPRINTS & PERMISSIONS
Business Continuity Planning During the Coronavirus (COVID-19) Pandemic
In uncertain times like these, we think back to Hurricane Sandy and the efforts of business owners to continue operations through that emergency situation. Business continuity planning was important then and it is equally important now as business owners strategize and probe for ways to continue operations through the coronavirus (COVID-19) pandemic.
What is Business Continuity Planning?
Business continuity planning is intended to drive a business through temporary (i.e., not permanent) disruptions. Each plan should address practical considerations relevant to the business which, at a minimum, may include the following categories:
Dislocation from office or key physical assets due to an emergency situation
Information backup processes and procedures
System restoration processes and procedures
Continuation of customer service and customer communications
Loss or unavailability of business operational systems and components
Loss or unavailability of key personnel
Supply or distribution channel impacts
Processes and procedures for training employees
Recordkeeping and supervisory obligations
Emergency contact and communications trees
Risk and liability mitigation strategies
In certain industries, regulatory authorities governing those industries require license holders to maintain a Business Continuity Plan as part of the license holder’s fiduciary duty to customers and may specify the issues that each plan is to address. While in other industries it is deemed to be a best practice. Also, it is not uncommon for commercial agreements between partners to require each party to produce their plan, including in Supply Agreements, Manufacturing Agreements, Distribution Agreements, Product Development Agreements, and general Services Agreements.
How Can a Business Continuity Plan Help During the Coronavirus Pandemic?
The Business Continuity Plan can be an important tool for ensuring that a business’s service line is preserved during and through the incident that causes business disruption, like the coronavirus pandemic. We expect that those businesses with such plans are actively consulting and utilizing their plans as they work through the current national emergency, and would suggest that the plans be amended on a real-time basis as management pivots to address situations that arise.
- REPRINTS & PERMISSIONS
Latest Legal News & Analysis
Trending legal analysis, upcoming legal education events.
About this Author
At Norris McLaughlin, there are over twenty business law attorneys who spend all or most of their time in a variety of specialties within the field of business law. The range of clients is broad, as are the legal services that we provide to them. The following is a breakdown of many of the business services that we provide. Often, these services overlap based on the needs of our client.
General Business
- Day-to-day legal counseling
- All aspects of product distribution, including compliance with franchising and other trade regulations, and the...
Search Results
Business continuity and contingency
Business continuity.
TARGET2 is a systemically important payment system and a service relevant for the Eurosystem’s statutory tasks of promoting the smooth operation of payment systems, implementing monetary policy and maintaining financial stability.
Operational centres in different locations
Source: ECB.
Operational risk management
Considerable attention was paid to operational risk management aspects in the system’s design and development phase. A comprehensive risk management framework was developed for TARGET2. This Information Security Management System is based on the internationally recognised standard ISO/IEC 27002:2005.
Business continuity management programme
Given its cross-system and cross-participant interdependencies, a failure in TARGET2 could easily spread across financial markets and ultimately have systemic implications beyond the euro area. In order to adequately address this risk, particular emphasis was placed on the implementation of an effective business continuity management programme.
Different locations of the operational centres
To ensure a high level of resilience and thus the availability of the system in all circumstances, TARGET2 was established on the basis of a “two regions – four sites” principle. This means that its operational facilities are located in two distinct regions of Europe, and in each region there are two separate operational centres in locations with different risk profiles. Both regions are permanently staffed, and responsibility for live operations is periodically rotated between the regions.
As the system operator, the Eurosystem aims to ensure that, in the event of a failure in the primary region, operations can be resumed in the secondary region within two hours. In the event of such a failure, the operational day will be completed with a maximum delay of two hours.
Business continuity procedures, contingency procedures and crisis management arrangements are all tested at regular intervals.
Business contingency
Contingency procedures.
In the unlikely event that business continuity and resilience measures are not sufficient, the Eurosystem has developed contingency procedures in close cooperation with the user community. These ensure that the systemically important business continues, i.e. (very) critical payments, in the event that a TARGET2 entity (a bank, an ancillary system, a central bank or the Single Shared Platform) suffers an operational problem.
Most contingency measures include the participation of the central banks, which will assist their TARGET2 participants. The means and procedures which the participant needs to follow to send payment transactions to its central bank are nationally agreed and differ from one national TARGET2 component to another. Please contact your National Service Desk for more details.
Various contingency procedures can be activated depending on the source and the impact of the failure:
Img 1: Failure at Target2 participant
- If a TARGET2 participant suffers an operational problem, the back-up functionality can be activated by its central bank, allowing the participant to send payments through the Information and Control Module (ICM) (see image 1).
- If a TARGET2 participant no longer has access to the ICM, its central bank can “act on its behalf” and enter payments for this participant (see image 1).
Img 2: Failure at NSD
- If a TARGET2 participant and its central bank do not have access to the ICM, the Single Shared Platform (SSP) itself can act “on behalf” of the central bank which wants to enter payments “on behalf” of a TARGET2 participant which has an operational problem (see image 2).
Img 3: Failure at SWIFT
- If the SWIFT network is out, the central banks can communicate through a central bank contingency network with the SSP. In the extremely unlikely event that the contingency network fails at the same time as SWIFT, the SSP operators can still enter payments “on behalf” of the central banks which want to enter payments “on behalf” of their TARGET2 participants (see image 3).
Img 4: Failure at SSP
- If the Single Shared Platform is out, the Eurosystem can initiate contingency processing using the enhanced contingency solution (ECONS I), which operates from another infrastructure and another region and has a different risk profile to that of the SSP. ECONS I can be used for contingency processing for a number of consecutive business days, i.e. it is able to properly close the business day and to change the value date. TARGET2 participants can connect to ECONS I and are able to submit very critical and critical payments to the contingency solution . The payments to be processed need to be agreed by the relevant central bank (see image 4). Moreover, ECONS I allows central banks, or the SSP Service Desk acting on their behalf, to upload transaction files (compatible with the ASI settlement procedure 4 format) for Ancillary Systems upon their request.
- In any scenario the Eurosystem crisis managers may decide to delay the closing of the TARGET2 business day if they consider this in the interest of the smooth functioning of TARGET2, e.g. an operational failure and delay at a major ancillary system (AS), or during or after an SSP outage to allow for backlog processing (see image 4).
Given that an operational failure by a participant could potentially have an adverse impact on the smooth functioning of TARGET2 as a whole, the Eurosystem’s risk management framework also includes measures to ensure the security and operational reliability of TARGET2 participants. In addition, TARGET2 participants classified as critical need to comply with and test detailed business continuity and contingency and information security requirements.
The concepts of critical participants and (very) critical payments, and the various contingency procedures are defined and described in length in the Information Guide for TARGET2 users.
All pages in this section
Our website uses cookies.
We are always working to improve this website for our users. To do this, we use the anonymous data provided by cookies. Learn more about how we use cookies
We have updated our privacy policy
We are always working to improve this website for our users. To do this, we use the anonymous data provided by cookies. See what has changed in our privacy policy
Your cookie preference has expired
- Making IT good for society
- Training providers
BCS MEMBERSHIP
- Join the global and diverse home for digital, technical and IT professionals.
CHARTERED IT PROFESSIONAL
- CITP is the independent standard of competence and professionalism in the technology industry.
- Become a member
- Member communities
- Get registered
- Membership for organisations
- Academic membership
- Register of BCS members
- Our members
STARTING YOUR IT CAREER
- Kick-start a career in IT, whether you're starting out or looking for a career change.
- Apprenticeships
- Continuing professional development (CPD)
- SFIAplus - IT skills framework
SOFTWARE TESTING CERTIFICATION
- Over 100,000 professionals worldwide are certified with BCS.
ESSENTIAL DIGITAL SKILLS
- Improve your digital skills so you can get on in today's workplace.
- Certifications for professionals
- Digital literacy qualifications
- Higher education qualifications (HEQ)
- Training and scholarships for teachers
- Home education
EVENTS CALENDAR
- View all of our upcoming events.
- Events calendar
- BCS Insights
- UK IT Industry Awards
- BCS IT & Digital Apprenticeship Awards
- Lovelace Lecture
- Turing Talk
- Karen Spärck Jones Lecture
- Roger Needham Lecture
- Awards and competitions
ARTICLES, OPINION AND RESEARCH
- The latest insights, ideas and perspectives.
- Green IT and net zero
- Computing in society
- Security, data and privacy
- Careers and skills
- Articles, opinion and research /
Planning for a pandemic: is your business prepared?
The typical solutions, which essentially involve moving people away from compromised sites to ‘back up’ locations, just won’t work in a pandemic, such as with coronavirus COVID-19: it’s one virus that will not affect computer systems.
Instead, it will be people rather than infrastructure that will become unavailable. And it is the largest firms, with multiple overseas offices and highly centralised support functions, that will be most at risk from staff being unavailable for work.
In a pandemic, computer systems will continue to work, provided that key operational and maintenance staff have uninterrupted access to their control terminals. Telecommunication networks will continue to work - again, provided that network and security managers have the essential monitoring and control capabilities.
‘So, unlike other business continuity situations, where restoring technology is often the greatest problem to be overcome, in a pandemic, technology, especially telecommunications technology, will be the solution, not the problem.’
The nightly television pictures from the city of Wuhan in Hubei, China showed empty roadways and office buildings with most of the city’s 11 million people hunkered indoors under strict mandatory quarantine rules. But, in the first large epidemic since the development of mobile phones and social media, inhabitants in Wuhan were not completely ‘isolated’ but were able to communicate via apps with family, friends and importantly medical authorities. Apps such as WeChat, Weibo and WhatsApp not only allowed video communication but also provided access to online banking services and e-commerce, such as purchasing food. Remaining relatively safe at home has become a viable option in these extreme circumstances.
But what about work? How did firms in Wuhan survive, and how would your firm continue to operate if a large proportion of the staff were not ill, but could not get into work for an extended period?
The concept of ‘working from home’ on an infrequent or even regular basis has become the norm in many firms and especially in IT departments. With the advent of Outsourcing and now Cloud Computing, the notion of people ‘working remotely’ has become commonplace.
Thus, good telecommunications capabilities are key to firms continuing to operate in what will, if / when a full-scale pandemic is declared, be a prolonged disruption.
The COVID-2019 pandemic
Although the COVID-2019 coronavirus epidemic may not blow up into a full-scale global pandemic, it could be close. Pandemics are far from unique events. This century alone there have been numerous serious outbreaks of deadly virus-borne diseases: in 2003, the H5N1 Avian Influenza; in 2004, the Severe Acute Respiratory Syndrome (SARS) epidemic; the Middle East Respiratory Syndrome (MERS) epidemic of 2012 (which is still circulating); and the deadly Ebola virus outbreaks of 2014, which re-emerged in 2018.
Simply, these and similar diseases emerge when a virus that is circulating widely (but relatively benignly) in the animal kingdom jumps to infect a human in a random event. What happens at that point determines much of what follows: the infected human may fight off the virus and nothing untoward happens, until the next time a jump occurs . Or, the virus may kill the human before the virus jumps to another human, again causing no further occurrences.
It starts to become dangerous where one person infects another, who infects another and so on, until before long, the virus is in the general population. Some viruses such as Measles are more infectious than others, while some are less so. Unfortunately, some viruses, such as MERS, are more deadly to humans than others and people die from the viral infection.
So, the so-called mortality rate of a particular virus is important; a virus with a high infection rate and a high mortality rate can turn an epidemic that cannot be contained locally into one that grows into a worldwide pandemic with disastrous consequences. This occurred in the so-called Spanish Flu pandemic of 1918-1919, which killed more people than did the World War that preceded the outbreak.
While each epidemic is different, driven by the unique characteristics of the particular virus, there are things we do know about all pandemics:
Pandemics are inevitable!
Because the animal kingdom holds a huge reservoir of viruses that are potentially deadly to humans, it is only a matter of time and evolution before a virus mutates to a form that can ‘jump’ and infect humans. The more animals, the more humans and the more viruses, the more likely such an essentially random event will occur.
Some of these viruses will be infectious and will jump to other humans. Inevitably, some of the viruses will spread in the general population (an epidemic) and even may, with modern air travel, appear in different countries almost overnight – where again, the epidemic grows in local populations, becoming a pandemic as defined by the World Health Organization (WHO).
Pandemics are inevitable, but because a lot of things have to go right - for the virus that is - they are thankfully rare.
Pandemics are difficult to stop
It is very difficult to stop a virus outbreak, especially one where the virus is highly contagious. Because the initial symptoms are often similar to those of seasonal flu or common cold, novel viruses can circulate widely in the population before being detected by medical staff. There is often a period of extreme confusion before a new virus is identified and a good diagnostic test is developed. During this ‘onset’ phase, people will inevitably die. Rumours will abound and some of the public will panic.
One obvious way to slow a deadly virus spreading throughout a population, is to stop people infecting one another, which means isolating or ‘quarantining’ people who have been, or might be, infected. Isolating whole communities is a pretty big step for authorities to take - but, as the mandatory isolation measures in Wuhan showed at the beginning of the latest virus epidemic, it can be pretty effective. However, isolation does not kill the virus, it merely slows down the rate of infection through the community.
What is needed is a vaccine specially designed to recognise and kill the particular virus, without killing the person who is carrying it . The experts in viruses, virologists and microbiologists, know how to do this - but it takes time. And, from first identifying a new viral strain to getting an effective vaccine to the majority of the population will take many months.
For that period, quarantine is the only effective mechanism for treating a pandemic. People must stay isolated, at home or elsewhere, possibly for many months.
How long will a pandemic last?
No one knows precisely how a pandemic might unfold. However, the three influenza pandemics of the 20th century give some clues as to what might be expected. Figure 1 shows a rough timeline of how a pandemic might evolve, illustrating the scale of disruption and the highly uncertain time taken by each phase.
Figure 1 - Rough timeline of a pandemic
The key points to note in this diagram (1) are that: during the ‘onset’ of a pandemic, there will be much confusion and panic in the community; there will then be a period of ‘maximum disruption’ that may last several months as the impact of multiple outbreaks works its way through the global economy. Then, as authorities come to grips with the outbreak, a vaccine will be developed; a slow ‘prolonged recovery’ will then begin, as firms strive gradually to mend broken supply chains. It is also possible, as in the devastating Spanish Flu outbreak, that the original virus mutates and a second, possibly even more dangerous, wave of infections begins.
Pandemics then are not short, sharp incidents but prolonged and relatively slow-moving events. Their trajectories are highly uncertain and depend on the toxicity of the particular virus and the effectiveness of the measures taken to minimise its effects. But one thing is certain: a pandemic will take a long time to work through the global economy. Though an inadequate analogy, management should think of the disruption illustrated in this rough timeline as similar to that caused by severe weather events (snowstorms, floods, hurricanes etc.) but lasting for 6 to even 18 months! Even the best-prepared business must also recognise that their customers and suppliers make take even longer to recover - if at all.
To this point, we have talked about viruses and people with proper regard for their health, but what of commercial businesses and the staff who work in them? Since different firms in different industries will face different problems, there is no ‘one size fits all’ solution - most solutions will concentrate on physically separating workers to keep them safe and relying on telecommunications technology to help them continue to operate the firm. But to be effective, such measures must be planned in advance.
Practical first steps in developing a pandemic plan
The following first steps are suggested for ‘jump-starting’ the development of a business continuity plan specifically designed to mitigate the impact of a possible COVID-19 pandemic.
Corporate governance
It is suggested that firms (if they have not already done so):
- Immediately, set up a pandemic planning and coordination unit (PPCU) ideally within the enterprise risk management (ERM) department, as part of the existing operational risk / BCP function.
- Medical expertise, to provide independent, objective information on the background, status and potential trajectory of a possible pandemic, such as using part-time experts from a nearby university medical department. Note: additional medical safety measures, such as making high quality face-masks available, will be needed.
- Communications expertise, to develop material for distribution to customers and staff on the impact of the pandemic.
- IT experts, to develop and operate public/private web sites and firm-wide communications capabilities, such as videoconferencing and social media sites.
- Telecommunications experts, to ensure efficient, secure and robust access to corporate information (for staff working remotely) and to develop and promote the effective use of voice and videoconferencing.
- Security experts, to ensure that premises and the staff remaining in them are secured and to liaise with civil authorities, ensuring compliance with changing regulations.
- Identify and assign senior executive responsibilities for initially overseeing and, should the need arise, taking control of pandemic planning and coordination activities.
- Immediately, raise the issue of pandemic planning to the risk committee of the board for detailed oversight, placing the issue on the agenda of every board meeting going forward.
- Run education workshops for the board and senior executives, to explain the risks of a pandemic and to discuss options for mitigating the risks and to articulate the ‘risk appetite’ of the board.
- With direction from the board and senior management, develop policies for operating the business during and after a pandemic. Such policies might include: priorities for reducing risks and slowing down businesses; changes to delegated authorities; changes to staff entitlements and remuneration; interacting with the firm’s regulators; and so on.
- Hold a number of up-coming board meetings entirely by teleconference, i.e. with all board members participating from home or secure remote locations.
- For each executive committee meeting going forward, ensure that one or more of the members participates from home or secure remote locations.
- Set aside special areas within the firm’s premises to emulate remote working and ensure that all staff periodically spend time (such as a day) in such an environment, to iron out communications and operating problems.
Identification of key pandemic risks
Identification of key risks in a pandemic should concentrate on the following areas of risk:
- People and organisation risks - a ‘map’ of the entire organisation should be developed that shows not merely key responsibilities but also the linkages and dependencies between business functions. For each function, a list of key roles and individuals holding (or capable of holding) those roles should be developed and for each function, the degree of actual and potential ‘operational autonomy’ should be evaluated. The goal of such a map would be to identify potential “key people” risks in the current organisation and to highlight where mitigating actions, such as staff transfers and increased decision-making delegation would be beneficial. It should also be recognised that some of these key people may not survive a serious outbreak and multiple options must be available - no one is indispensable.
- Process risk - a map of all major ‘end-to-end processes’ in the organisation should be developed that shows not merely key operations performed in each process but also potential bottlenecks and critical internal and external dependencies. The goal of such a map would be to identify potential “key process” risks in ‘core’ processes, such as where increased volumes might overwhelm current - never mind depleted - resources and to highlight where mitigating actions, such as increased automation, would be beneficial.
- Systems risks - a map of all major systems in the organisation should be developed that shows not merely key technical attributes but also dependencies on human intervention, especially IT Operations. The goal of such a map would be to identify potential “key systems” risks, such as where a large degree of human intervention is needed to access information to operate the business and to highlight where mitigating actions, such as increased electronic report production, would be beneficial.
- Telecommunications risks - a map of the entire telecommunications network supporting the organisation should be developed that shows not merely the network topology but also capacity bottlenecks within the network. The goal of such a map would be to identify potential “key systems” risks in the current telecommunications infrastructure and to highlight where mitigating actions, such as increasing capacity, would be beneficial.
- Supply chain and outsourcing risks - all outsourcing and supply chain dependencies across the organisation should be evaluated from an operational risk perspective, considering: (a) contractual agreements; (b) current performance; (c) problems with current performance; (d) vulnerability of the supplier / outsourcer to disruption; and (e) vulnerability of the firm to non-performance by the supplier / outsourcer. The goal of such an analysis would be to identify potential “key external” risks in current arrangements and to highlight where mitigating actions, such as reduction in dependencies, would be beneficial.
Planning for a pandemic
Since people will inevitably be isolated at home in a pandemic (either by choice or government mandate), it makes sense to plan for staff working from home. But that is much easier said than done.
Today, many workers, especially white-collar staff such as IT professionals, work some of the time from home. It has become common practice for staff such as IT analysts and systems designers to sometimes take work home; usually to get away from office disruptions. Today, inexpensive, fast and reliable telecommunications technology is available to support effective remote working. But such capabilities will almost certainly have to be beefed up considerably to handle the immense increase in demand during a pandemic.
However, many staff just cannot work from home and must be physically present in an office or a facility, such as a computer centre. Staff who interact directly with customers must be in secure, recognised premises and those who accept and dispatch deliveries must be present in warehouses.
One of the best ways to find out which staff are absolutely essential to the continued operations of a particular business is to visit the firm’s premises on the weekend or on a public holiday. There you will find the staff that keep the firm ticking over, day by day: the IT operations staff; security staff, maintenance engineers, warehouse staff and cleaners. Without these often-overlooked staff, a firm will grind to a halt fairly quickly.
It is the staff at the bottom of the organisational hierarchy that turn out to be most valuable when considering the impact of a pandemic. And for a business to survive, these workers must all be taken care of!
Definitely not business as usual
‘The most important thing to recognise about a full-blown pandemic, is that operations cannot be considered to be business as usual (BAU) but must become business as survival (BAS).'
During BAS, the full resources of the firm should be directed towards ensuring that the core operations of the firm keep running - albeit at reduced capacity. Pandemic planning must, therefore, be focused on keeping core businesses operating, specifically ensuring that there are always sufficient knowledgeable, competent and trained staff to keep the firm afloat.
In order to achieve the necessary ‘resilience’ then, executives must clearly identify what businesses and functions in the firm are essential to operating the core functions of the company. Which in turn, of course, means that the board and executive of a firm must clearly and unequivocally identify the business units that are critical to the firm’s survival (a tough and highly political undertaking).
However, this does not necessarily mean focusing on the most profitable businesses; rather those that the firm most relies upon to keep its licence to operate. In banking, for example, proprietary trading on the firm’s own account may generate considerable profits but, if necessary, it can be wound down or even mothballed for a few months, whenever the support functions are in danger. Likewise, acquiring new customers will not be a high priority in a pandemic, but retaining and supporting existing profitable customers will be.
In the IT organisation, IT architects and strategists (while essential to the long-term survival of a company) could quite easily ‘stand down’ for several months and the firm would survive. On the other hand, if the IT architects were to use their down time to develop new strategic architectures, that could prove very valuable in the longer term.
Furthermore, IT development projects can be shelved and resurrected later; IT developers and designers could usefully use their time on the bench not only in the undervalued tasks of documentation and code reviews but could undertake educational courses, such as the online courses provided by BCS. Provided they have the necessary spreadsheet capabilities AND access to the firm’s computer files, IT accountants and project managers can also work away from the office.
However, all of this must be planned in advance to minimise confusion when a pandemic emerges.
Managing contact risk
The first activity facing senior management when planning to manage a pandemic, is to identify which roles, functions and business lines can be temporarily side-lined and which can operate remotely. Executives will soon realise that they too can work remotely for a considerable period of time in a dispersed organisation, provided that the proper communications technologies are available and temporary organisation structures are created.
This leaves the staff who must be on-site: those people who will be most at risk when travelling to and from their workplaces and, when at their desks/workstations, would be working in close proximity to others. Probably the most important example in an IT context will be IT operations and the supporting hardware maintenance functions. Note: this is true whether the IT systems environment is in the cloud or not, as systems still have to be operated!
In order to protect IT ops staff during a pandemic, managers must ensure that physical interactions between operators will be minimised and that staff are provided with the necessary protective equipment, such as highest quality FFP (filtering face piece) protective masks and adequate washing facilities. Additional cleaning staff will be needed to reduce the likelihood of secondary infections and trained medical staff will be needed to ensure that no new infections are introduced, for example during shift handovers.
Customer first
‘Modern call centres are a petri dish for the efficient transmission of viruses.’
From an IT and business perspective, the most difficult areas to manage will be in those functions that have contact with customers and suppliers either face to face or (paradoxically) by phone. Today, modern call centres and trading floors tend to be large rooms packed with people constantly coming and going, under flexible working practices. They are a petri dish for the efficient transmission of viruses.
Again, technology can (at least partially) help to solve this problem, through increased usage of websites, email, direct messaging outgoing call technology. It should be recognised, however, that during a pandemic, call centre traffic will increase dramatically because alternative information channels, such as ATMs, may not be accessible for various reasons (not least due to absence of trained staff).
In a pandemic, a firm’s website and social media channels will become its window to the world and staff must be allocated and trained to communicate using these modern mechanisms. Some of the IT and business staff ‘on the bench’ can be used to produce and publish the necessary up-to-date information. But the key will be to make use of call recording and returning calls later, using staff working at home or in strict isolation in a firm’s premises.
Ensuring the survival of an organisation during (and immediately after) a pandemic will mean first setting up the organisational infrastructure needed to react to the onset of a pandemic and then planning for continued operations of the firm, at a (potentially significantly) degraded level.
It is important to realise that in a pandemic, it cannot be business as usual but must be business as survival . Information technology, especially telecommunications. will be key to a firm’s capacity to survive a pandemic and planning how this technology will be used effectively will be critical. Providing the capabilities to work remotely should be the overarching thrust of this technology, but it will not be the type of working from home familiar today. Sending all staff home with PCs to operate business as usual just won’t work, not least because some of the most critical staff, such as IT Operations, cannot work remotely.
Of course, when a pandemic emerges is certainly not the time to begin installing the necessary hardware and systems to support remote working. As with any BCP exercises, planning must be done in advance and people must be educated on the potential changes to their working practices and organisational structures in the event of a disruption.
Unfortunately, as pandemics don’t come along very often, there will be a tendency over time to downplay the risks, so board-level commitment will be necessary to keep such an inevitability on the radar, if not actually always front of mind.
(It should be noted that this article was written in late February 2020 and, in the nature of pandemics, events move quickly and though the prescriptions remain valid, some of the detail will become outdated quickly.)
See detailed explanation of Figure 1 in ' Banks and avian flu: planning for a possible pandemic '
About the author
Dr Patrick McConnell DBA MSc BSc GAICD CITP CEng FBCS Is an expert on technology risk, having worked as a CIO, senior manager and consultant for large corporations in several countries, for over 40 years. He has also been an academic and has written widely on IT and risk management; his latest book is Strategic Technology Risk (Risk Books 2018).
Similar from BCS
The importance of cybersecurity and mentoring in digital transformation
Adem Yetim IntPE FIET FBCS discusses cybersecurity and mentoring in digital transformation.
Understanding the global chip shortage
Gartner’s Gaurav Gupta and Kanishka Chauhan explore the global chip shortage’s origins and discuss future silicon supply trends.
Open source is good for AI but, is AI good for open source?
Terence Eden CITP MBCS, MIET, Chair of the BCS Open Source Specialist Group, takes Martin Cooper MBCS on a tour of the open source world and explains why writing software is both an art and a science.
What is digital transformation?
It’s a term we hear a lot today, but what is digital transformation. Alan Brown FBCS explores transformation’s key elements and discusses some important questions organisations should ask themselves as they consider change.
AI isn't going to replace your job - but someone using AI will
“Exceptional” achievements of BCSWomen recognised at 2023 Women in IT Awards
- Press office
- Our royal charter
- Academy of Computing
- Learned publishing
- Legal and privacy notices
- Accessibility
- Whistleblowing policy
- Data privacy notice
- Copyright notice
- Use of cookies
- Account details
- Follow topics
- Saved articles
- Newsletters
- Help Centre
- Subscriber rewards
You are currently accessing Central Banking via your Enterprise account.
If you already have an account please use the link below to sign in .
If you have any problems with your access or would like to request an individual access account please contact our customer service team.
Phone: 1+44 (0)870 240 8859
Email: [email protected]
Initiative of the year: Saudi Central Bank’s business continuity programme
- Central Banking staff
- 24 Mar 2021
- Tweet
- Save this article
- Send to
- Print this page
Business continuity planning at the world’s leading central banks typically has focused on shoring up resilience in the face of cyber or terrorist attacks. Few had made detailed plans about how to address the impact of a long-running, global pandemic, meaning the significant human resource, technological and financial stresses that resulted from Covid-19 a particular challenge.
But those central banks that had introduced contingency plays such as the Saudi Central Bank’s (Sama) business continuity programme ( BCP ), were far better placed to support top management by ensuring business resilience through the use of smart technology, and effective communication with staff and external stakeholders as lockdowns hit.
Sama’s director of risk management and compliance, Abdulaziz Alkhaldi, began preparations on the central bank’s business continuity management more than four years ago, under the leadership of vice-governor Ayman Al-Sayari, who also had oversight for much of Sama’s Covid-19 crisis response. The central bank’s main aim was to manage incidents or crises in a way that would minimise business disruptions related to operational, financial, reputational, legal and regulatory risks – while also putting in place the processes, emergency funding, communication and key stakeholder engagement to effectively manage the BCP .
Sama had completed much of the work on its business continuity site, in addition to having established alternative data centres. The Middle Eastern central bank had previously performed a crisis simulation session.
It had also established a three-tier response to any crisis. The first line is that business managers raise the potential issue. The second line involves a review by the business continuity team. And, if appropriate, the third line requires remedial action by the crisis management team.
Contingencies for Covid-19
Alkhaldi first started thinking about potential contingency plans for Covid-19 in February 2020 – well before any quarantine restrictions or remote working restrictions were introduced.
The BCP design already included business interruption assessments such as recovery time objectives ( RTO ) and maximum tolerable period of disruption ( MTPD ) for all Sama business units. But Alkhaldi’s team started testing how existing plans might need to be overlayed to address restrictions on movement in the country. Focus was placed on maintaining the function of the central bank’s head office in Riyadh, Sama’s 11 branches, as well critical operations such as the payments system, monetary operations, reserve management, government banking, and supervisory and regulatory activities.
In February, Sama staff were provided with the technology needed to hold virtual meetings, with increasing numbers encouraged to work from home. The technology included the ability to use email via smartphones and a virtual private network ( VPN ) to access Sama systems. Capability assessments were conducted with all Sama staff in a bid to pre-emptively resolve any problems related to remote working. Awareness sessions were carried out to make staff of best practices related to cyber security. “It was a case of: prepare to prevent,” says Alkhaldi.
Essential staff required to work in offices were divided into two groups that would work on-site on different days to limit the impact in the event of an outbreak of infection among staff. There was also a significant amount of effort devoted to Sama’s 11 branches, particularly in the role they play serving government entities and distributing cash, which ultimately resulted in implementing precautionary measures for cash handling.
Attendance at Sama headquarters was suspended in March, when the Saudi government instructed public-sector workers to stay at home. Sama’s BCP then went into full operation. Prepared emails were sent to all employees explaining their roles and responsibilities, and new communication channels were established, with team leaders sending daily reports on the status of the BCP .
Sama worked with other government entities to secure licences that allowed critical staff to move about during the curfew. Sama officials also established alternative solutions in co-operation with government agencies to enable payment of salaries for millions of government employees in the event of crises or disasters.
Another challenge came in the form of securing hardware during the pandemic. Sama ultimately provided staff with laptops and increased the bandwidth of its VDI (a service similar to a VPN , offering access to Sama’s servers).The availability of laptops was made easier because of having several hundred high-specification machines available for business continuity purposes, and reallocating laptops from staff performing non-critical functions to those that did. Also, top management made early contact with suppliers to ensure the timely arrival of batches of several hundred devices at a time.
“We provided satellite phones for all the senior management and the branches in case of problems with communications,” Alkhaldi tells Central Banking . “In addition, we provided high-speed Wi-Fi routers to around 50 employees managing business-critical functions to ensure they still had online access, even if there were broadband service problems.”
Contingency plans also had to be extended from 30 days to several months. This included ensuring the VDI bandwidth was sufficiently large, as well as rolling over necessary licensing arrangements.
“We had built our plan for up to 30 days. But the pandemic was more like seven months. So, we had to focus on IT to expand the capacity for everything,” says Alkhaldi.
Perhaps the biggest concern, however, was related to information security risk. “If someone working from home opened a personal email and got a virus, there was a risk that it could spread to Sama’s servers, and that would have a devastating impact, even potentially spreading to our disaster-recovery centres,” says Alkhaldi. “To mitigate this risk, Sama increased its cyber-security awareness campaigns and deployed cyber-security monitoring tools 24/7.”
The Central Banking Awards were written by Christopher Jeffery, Daniel Hinge, Dan Hardie, Rachael King, Victor Mendez-Barreira, William Towning and Alice Shen
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact [email protected] or view our subscription options here: http://subscriptions.centralbanking.com/subscribe
You are currently unable to print this content. Please contact [email protected] to find out more.
You are currently unable to copy this content. Please contact [email protected] to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email [email protected]
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
More on Awards
The FinTech and RegTech Global Awards 2022 virtual ceremony
View the trophy presentations and acceptance comments from the winners of the fifth annual Fintech and Regtech Global Awards
- 15 Jun 2022
- Regtech & Suptech
Central Banking FinTech RegTech Global Awards 2022
Central Banking’s fifth annual FinTech RegTech Global Awards showcase the ground-breaking projects undertaken within the central banking community
- 14 Jun 2022
The winners of the 2022 FinTech RegTech Global Awards
Fifth annual tech awards recognise excellence among central banks and the firms they work with
The Central Banking Awards 2022 virtual ceremony
View the trophy presentations and acceptance comments from the winners of the ninth annual Central Banking Awards
- 13 Jun 2022
Central Banking Awards 2022: the winners in full
Recipients of the 2022 awards include Stanley Fischer, the Bank of Korea, Mario Marcel and many more
- 01 Apr 2022
Central Banking Awards 2022: final winners unveiled
Prizes for Central bank of the year, Lifetime achievement, Transparency, Economics and more
- 31 Mar 2022
Central bank of the year: Bank of Korea
South Korea’s central bank was the first developed-world central bank to tighten policy to address inflationary risks
Lifetime achievement: Stanley Fischer
Fischer has had a profound impact on monetary economics and central banking during his prolific career
- Bundesbank reports first loss in over 40 years
- Carstens sets out vision for future monetary system
- Agent-based models shed light on CBDC dynamics
- FATF suspends Russia and grey-lists Africa’s largest economies
- Marks (and sizes and colours) of distinction
- Stability under the 2% inflation standard is a chimera
- BIS welcomes end to investors’ ‘sanguine attitude’
- FSB sets ‘priority actions’ for global payments reform
- Book notes: A guide to good money, by Brendan Brown and Robert Pringle
You need to sign in to use this feature. If you don’t have a Central Banking account, please register for a trial.
You are currently on corporate access.
To use this feature you will need an individual account. If you have one already please sign in.
Alternatively you can request an individual account here:
How to plan your company’s future during the pandemic
Businesses must first seek to ensure employees are safe in their jobs. Image: REUTERS/Nick Oxford
.chakra .wef-1c7l3mo{-webkit-transition:all 0.15s ease-out;transition:all 0.15s ease-out;cursor:pointer;-webkit-text-decoration:none;text-decoration:none;outline:none;color:inherit;}.chakra .wef-1c7l3mo:hover,.chakra .wef-1c7l3mo[data-hover]{-webkit-text-decoration:underline;text-decoration:underline;}.chakra .wef-1c7l3mo:focus,.chakra .wef-1c7l3mo[data-focus]{box-shadow:0 0 0 3px rgba(168,203,251,0.5);} Andy Baldwin
.chakra .wef-9dduvl{margin-top:16px;margin-bottom:16px;line-height:1.388;font-size:1.25rem;}@media screen and (min-width:56.5rem){.chakra .wef-9dduvl{font-size:1.125rem;}} Explore and monitor how .chakra .wef-15eoq1r{margin-top:16px;margin-bottom:16px;line-height:1.388;font-size:1.25rem;color:#F7DB5E;}@media screen and (min-width:56.5rem){.chakra .wef-15eoq1r{font-size:1.125rem;}} COVID-19 is affecting economies, industries and global issues
.chakra .wef-1nk5u5d{margin-top:16px;margin-bottom:16px;line-height:1.388;color:#2846F8;font-size:1.25rem;}@media screen and (min-width:56.5rem){.chakra .wef-1nk5u5d{font-size:1.125rem;}} Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:, have you read, foreign investment is drying up thanks to covid-19. but there may be a silver lining, what can we learn from covid-19 and past crises, the 4 key questions policymakers should ask covid-19 modelers.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
Related topics:
The agenda .chakra .wef-n7bacu{margin-top:16px;margin-bottom:16px;line-height:1.388;font-weight:400;} weekly.
A weekly update of the most important issues driving the global agenda
.chakra .wef-1dtnjt5{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-flex-wrap:wrap;-ms-flex-wrap:wrap;flex-wrap:wrap;} More on COVID-19 .chakra .wef-17xejub{-webkit-flex:1;-ms-flex:1;flex:1;justify-self:stretch;-webkit-align-self:stretch;-ms-flex-item-align:stretch;align-self:stretch;} .chakra .wef-7497m{display:-webkit-inline-box;display:-webkit-inline-flex;display:-ms-inline-flexbox;display:inline-flex;white-space:normal;vertical-align:middle;text-transform:uppercase;font-size:0.75rem;border-radius:0.25rem;font-weight:700;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;line-height:1.2;-webkit-letter-spacing:1.25px;-moz-letter-spacing:1.25px;-ms-letter-spacing:1.25px;letter-spacing:1.25px;background:none;padding:0px;color:#666666;-webkit-box-decoration-break:clone;box-decoration-break:clone;-webkit-box-decoration-break:clone;}@media screen and (min-width:37.5rem){.chakra .wef-7497m{font-size:0.875rem;}}@media screen and (min-width:56.5rem){.chakra .wef-7497m{font-size:1rem;}} See all
Here's how much immunity we get after a COVID-19 infection
Zania Stamataki
February 21, 2023
Antibiotics are being inappropriately prescribed for COVID-19, increasing the threat of antimicrobial resistance – research
Fidelma Fitzpatrick and Deidre Fitzgerald Hughes
February 20, 2023
Genetics might explain why people haven't had COVID
Lindsay Broadbent
February 10, 2023
These are the 7 most common long COVID symptoms to look out for
February 9, 2023
How is the US economy doing after COVID-19?
Felix Richter
February 2, 2023
4 infections that are on the rise since the COVID-19 pandemic
Stephen Hall
February 1, 2023
IMAGES
VIDEO
COMMENTS
In August 2021 the Consultative Group on Risk Management (CGRM) set up a task force to examine how Business Continuity Planning (BCP) at BIS member central banks in the Americas has changed since the beginning of the Covid-19 pandemic. This report is the outcome of the work of the task force.
2 Business continuity planning at central banks during and after the pandemic Executive summary Business continuity planning (BCP) is the process that allows organisations to continue operating during a disruption, ensuring the protection of their processes, assets and human resources. BCP is a critical
Central banks should routinely update and test their business continuity and disaster recovery plans. Most central banks have full Business Continuity Plans (BCP) with detailed processes and controls, while others have partial BCP setups (IT and payment systems) to mitigate the impact of central bank business disruption on the financial sector.
In 2017, for instance, the top reasons cited for a business continuity plan were: minimizing downtime, protecting what's important, communicating with confidence, resuming operations and...
Unfortunately, the COVID-19 pandemic presents cybercriminals with a ripe opportunity to prey on individuals. Business Continuity In the survey, respondents whose bank had weathered a natural disaster within the last two years were asked if they were satisfied with their institution's business continuity plan. The majority, or 79%, indicated ...
reminds banks of the traditional phases of business continuity planning (planning, preparing, responding, and recovering) and states that pandemic planning requires additional actions to identify and prioritize essential functions, employees, and resources. lists websites that offer information on pandemic planning activities. Further Information
Summary: Pandemic preparedness is an important part of financial institutions' business continuity planning. Regulated institutions should periodically review related risk management plans, including continuity plans, to ensure their ability to continue to deliver their products and services in a wide range of scenarios and with minimal disruption.
Every financial institution should have implemented pandemic planning contingencies contained in its business continuity plan. In response to the burgeoning public health crisis, the Federal Financial Institutions Examination Council issued revised guidance on March 6 on how to address pandemic planning in a bank's business continuity plans ...
When the pandemic is over, many companies will find that their business model has been disrupted in fundamental ways. Over the last several months, we've been working with management teams in a...
Business Continuity in a Pandemic I Reach Further Watch on 3. Rank your business's most critical functions The emergency response team will also identify your business's most critical functions for continuity, as well as any of the necessary resources for performing those duties.
Ultimately, the key to the success of a pandemic Business Continuity plan—as far as possible when everything else is unpredictable—will be having clear communications and shared expectations with all who have a stake in the business: shareholders, management, creditors, and employees. Understanding the basics
Published: Friday, 26 March 2021 11:01. The European Central Bank (ECB) has published a new report, 'Best practices applied by financial market infrastructures in their business continuity plans during the COVID-19 pandemic'. The Eurosystem comprises the ECB and the national central banks of those countries that have adopted the euro.
Banks should continue branch and ATM operations with the appropriate safeguards, while encouraging widespread use of remote services. This approach will account for needs and preferences across all consumer segments, including the older part of the population that is both more vulnerable to COVID-19 and less likely to adopt digital channels.
I.3 The significance of business continuity planning gains even more prominence during the occurrence of black swan events like the COVID-19 pandemic. In the face of this Knightian uncertainty 7 , RBI stepped forward and proactively dealt with the organisational and management challenges that arose during the pandemic.
Unlike other crises such as earthquakes or cyberattacks which impact the bank's infrastructure, pandemics directly impact its people - employees, vendors, suppliers - who might be unable to perform their jobs. Further, customers cannot do business in usual ways.
How Can a Business Continuity Plan Help During the Coronavirus Pandemic? The Business Continuity Plan can be an important tool for ensuring that a business's service line is...
In the unlikely event that business continuity and resilience measures are not sufficient, the Eurosystem has developed contingency procedures in close cooperation with the user community. These ensure that the systemically important business continues, i.e. (very) critical payments, in the event that a TARGET2 entity (a bank, an ancillary ...
critical during the current pandemic as households and business need access to their funds on deposit, and in some countries, banks are being used as conduits for extending fiscal stimulus programs. Banks themselves are not immune to the effects of the pandemic and must prepare for operating under crisis conditions.
Business Continuity Planning (BCP) and related IT Disaster Recovery Planning (IT DRP) have become established, respected and important disciplines in business. However, many of the assumptions underlying BCP/DRP planning today will NOT hold in a pandemic, writes technology risk expert Dr Patrick McConnell DBA MSc BSc GAICD CITP CEng FBCS. The ...
Business continuity planning at the world's leading central banks typically has focused on shoring up resilience in the face of cyber or terrorist attacks. Few had made detailed plans about how to address the impact of a long-running, global pandemic, meaning the significant human resource, technological and financial stresses that resulted ...
1. Devise a lockdown exit strategy. Many national economies are experiencing large drops in GDP. Hence, governments are thinking seriously about lockdown exit strategies that will allow them to reboot economies while minimizing the threat to human lives. Similarly, businesses will need to figure out how they restart their operations while ...