Financial Services Business Continuity During Crisis: 5 Things to Consider

The value of centralized, reliable, and robust data has long been recognized as a key component to delivering competitive advantage, so with a widely dispersed workforce, dangers to regional security, and increases in cyberthreats, how do we now determine the best practice for business continuity? How do we ensure the readiness to react, restore and recover data is speedily deployed in case of emergency to protect our operations and client relations?

What is business continuity?

Business continuity can be defined as the processes, procedures, decisions, and activities to ensure that an organization can continue to function through an operational interruption. It’s focused on creating a blueprint that enables organizations to navigate new and complex difficulties, disasters, and challenges that the business environment decides to throw at them while maintaining “business as usual.”

Business continuity is often divided into two distinct areas: planning and management. Here we focus on the management side, intending to ensure that the organization experiences the minimum possible day-to-day disruption.

Business continuity in the banking sector

Data from European companies must be stored in the EU, with the US having similar policies, as do many Middle Eastern countries and Singapore, to name a few. This presents a myriad of operational conflicts and the necessity for pragmatic compromises to maintain fluid and frictionless operations for many firms. There has also previously been a dialogue about whether each country will force the banking sector to only store data inside the organization’s operational country.

One of the logical key questions this leads firms to ask is; “how efficiently and effectively can recovery be done to a new, safer location with minimum disruption for our business?”

With this in mind, what do financial services businesses need to consider when protecting their data in their business continuity plans?

1. Precise data location and underlying infrastructure

What is the true operational footprint of the IT provider you are looking at? While the immediate discussions may be held in country A, data centers are often located in country B (or even C, D, and/or E).

Understanding the data flow in your organization is essential for managing the supply chain risk, as well as complying with ever-increasing regulatory demands.

2. Geo-replication and data transfer

It’s a good idea to understand the resilience of your suppliers' recovery procedures to not only ensure the protection but also the timeliness of the replication of your contingency source to a safe alternative location.

Having a cloud-based platform will help you manage your financial services during a crisis, but you need to draw up a plan for maintaining and managing the platform in order for it to work. Having your system fully patched and adequately maintained are success criteria for safe operation. However, software-as-a-service (SaaS) solutions are more resilient than traditional on-premises systems, as it also includes managed updates and maintenance.

3. Business continuity planning reactive to external environment

A business continuity plan will need to be reactive to the dynamic and fast-arising challenges we experience in the business environment today. When evaluating investment systems, considering the agility of your vendors to react quickly in the best interests of your data is important. Cyberattacks are making headlines globally with devastating consequences; ensuring vendors are up to date with the latest penetration tests is one thing, ensuring they are practically set up to react fast is another.

4. Recognizable certification

Evaluation of any new systems will, of course, involve the checking of globally accepted accreditation (ISAE, ISO, etc.). While this can be a good box-ticking exercise and sometimes used as an ability to jump to the next stage of the evaluation process, it’s always worth understanding the latest audits the vendor ran and any recommendations that were suggested.

5. Remember the human element

Companies need to be prepared to be asked how quickly they can move their personnel into another location. Remote working has created new challenges for the security of connections, data transfers, downloads, and printouts, to name a few.