Crisis Management

advertisement

De Nederlandsche Bank Business Continuity Planning and

Crisis Management & Principles for

Financial Market Infrastructures

Michael van Doeveren

4th Conference on Payments and

Securities Settlement

Ohrid, Republic of Macedonia

22 June 2011

De Nederlandsche Bank

Eurosysteem

Contents

Introduction

DNB Assessment Framework Business Continuity

Planning

Concepts of Crisis Management

Arrangements and initiatives in the Netherlands

Concluding remarks BCP

FMI Principles

De Nederlandsche Bank

Eurosysteem

What is Business Continuity?

 Business Continuity Management: a whole-ofbusiness approach, that includes policies, standards, and procedures, to ensure (critical) operations can be maintained, or restored in a timely fashion, in the event of a disruption.

 Its purpose is to minimise the financial, legal, reputational and other material consequences arising from disruption

Source: BIS 2005

De Nederlandsche Bank

Eurosysteem

BCP in an international context

 The American White Paper on Sound

Practises to strengthen the Resilience of the

US Financial System

 The Tripartite Standing Committee on

Financial Stability

 Bank of Japan resilience plans

 Initiatives of the Eurosystem

 Joint Forum/Financial Stability

Forum/BIS/CPSS’ work

De Nederlandsche Bank

Eurosysteem

The Dutch situation

 Small country, few large banks

 DNB is both central bank and prudential supervisor for banks, pension funds and insurance companies

 Financial core infrastructure for Payments and Securities, in

NL defined as:

 Central bank

 CSD

 CCP

 Stock exchange

 ACH

 Major banks

De Nederlandsche Bank

Eurosysteem

DNB BCP Assessment Framework (1)

 First version in 2004, current version of 2007;

 Drafted in cooperation with the financial institutions

 Commitment to use it on a high level

 Assessment Framework consists of

9 ‘principles’ based on international standards

 Guidance note Human Factor

 Agreement between DNB and the financial sector for joint BCP initiatives

 In line with international principles such as BIS

 Used by supervisor and overseer to assess the institutions of the financial core infrastructure against these principles

De Nederlandsche Bank

Eurosysteem

DNB BCP Assessment Framework (2)

1.

2.

3.

BCP should be approved by the EB/senior management

Risk analyses of critical systems and activities should be made

Explicit attention should be paid to the human factor

De Nederlandsche Bank

Eurosysteem

DNB BCP Assessment Framework (3)

4 . Each institution should have a crisis organisation, including senior management

5.

Single points of failure (SPOFs) should be identified

6.

Critical processes and systems should be resumed as quickly as possible

De Nederlandsche Bank

Eurosysteem

DNB BCP Assessment Framework (4)

7. A back-up site/secondary site should be available

8. Alternate systems and contingency procedures should be regularly tested and exercised

9. Each institutions should have a communication plan for all stakeholders

De Nederlandsche Bank

Eurosysteem

Guidance Note Human factor

 Assessment showed that institutions have problems with principle 3, paying explicit attention to the human factor

DNB developed a ‘Guidance note human factor’ to assess the human factor aspect for critical systems and business processes, depending on the level of knowledge that is required: specific in the extreme, highly specific, specific, not very specific, not specific

 Matrix with level of required knowledge and human factor strategy  see www.dnb.nl

De Nederlandsche Bank

Eurosysteem

Required Knowledge

Specific in the extreme.

Highly specific.

Specific.

Not very specific.

Not specific

.

De Nederlandsche Bank

Eurosysteem

Ways of ensuring staff continuity

1. double staffing at another location

2. planned scheduling days off

3. shift work

4. use of staff from another location where a similar situation is operational

5. use of staff from another location where a similar situation is not operational

Required level of knowledge of systems/business processes specific in the extreme (a) highly specific (b) specific (c) not very specific (d) not specific (e) green red

De Nederlandsche Bank

Eurosysteem

Concepts of crisis management for the payment system (1)

Basic assumption

 Payments can be regarded as what oil is for an engine

 Continuity of payments is essential for both the public and the financial system.

Consequences

 Measures should be implemented that guarantee business continuity of the payment system

 Implementation of a crisis management structure to prevent contagion and limitation the risks as for as possible De Nederlandsche Bank

Eurosysteem

Concepts of crisis management for the payment system (2)

Crisis management preconditions

 Involvement required of critical participants of the whole payment system

 Focus the continuation of the operation of the whole payment chain.

Implementation

 Formation of crises management team

 Prepare organisation. Discuss objectives, define concept crisis management, investigate objects, invest existing measures, define effectiveness measures, investigate alternatives

 Prepare and perform tests. Both internal and sector wide.

De Nederlandsche Bank

Eurosysteem

Tripartite Crisis Management in the Netherlands

Tripartite Crisis

Management: Ministry of Finance, AFM, DNB

Consultation Group

(Board level)

Advisory Groups:

- Retail

- Wholesale

- Securities

De Nederlandsche Bank

Eurosysteem

Crisis Management – What

Crisis management

 Respond to payments and securities sectorwide

 Operational crises: procedures regarding communication, decision making etc.

´Sector BCM´

´Peace time´ preparation for times of crises; plans, good overview of critical processes for the sector, alternatives and possibilities in case of a crisis, communication, knowing each other

De Nederlandsche Bank

Eurosysteem

Escalation model

Large

Impact for payments and securities

Small ind

C ivid ris ism ua l in an stit ag em utio

Es ca lati en ns on

C om m

C ha irp ers on

E sc ala t tio n C om m itte e itte e c ris ism an ag em en t

Ex ec utiv e c ris ism an ag em en t

Alert Activation

Type of crisis

Scaling

Local Global

De Nederlandsche Bank

Eurosysteem

Crisis Management – How

Red Booklet” contains information about:

 Crisis management, communication and decision making procedures

 Wholesale, retail, securities alternatives

However, not many viable alternatives:

Possible alternatives based on rerouting of key processes:

CLS, TARGET2, EBA, correspondents

Cash/ATM ´s, mass payments, one-off direct debit

 Bilateral accounts for OTC etc.

In practice: combination of emergency procedures of the different parts of the chain

At the moment no viable alternative for

SWIFT

Communication and trust is key!

De Nederlandsche Bank

Eurosysteem

Example – Wholesale (1)

Institutions Transport Payment circuit/system

CLS (EUR and non-EUR))

TARGET/local TARGET components/TARGET2

(EUR)

Payment flows from and to the institutions themselves and/or their clients

SWIFT

EURO1 (EUR)

Correspondent Banking

(EUR and non-EUR)

De Nederlandsche Bank

Eurosysteem

Example – Wholesale (2)

The following were regarded as the most important wholesale payments (per bank):

 CLS incoming (and outgoing) payments

MM and FX transactions

Liquidity transfers to/from offices/agents abroad

EBA settlement payments and liquidity swaps

Payments for the clearing and settlement of securities

Critical payments for clients (corporates, pension funds)

´Margin calls´ (collateral for securities clearing)

Broadly speaking, around 20-30 critical payments per bank per day

In case of one bank’s failure, this can be processed manually

In case of TARGET2 failure, strict rules apply; only ‘very critical payments’ can be processed

De Nederlandsche Bank

Eurosysteem

CIP in the Netherlands

 Government project on critical infrastructure protection started in 2004

 In cooperation with the private sector, the government defined 12 infrastructures as critical: airports, public transport, energy, health care, etc.

 Payments and securities processing is one of them

 Follow up of the project in 2004, among others: Counterterrorism Alert System

De Nederlandsche Bank

Eurosysteem

Dutch Counterterrorism Alert System

(1)

Set up by the government in 2005 to ‘alert’ critical infrastructures in the event of heightened terrorist threat

 Measures to be taken quickly in order to minimise the risk and to limit the potential impact of terrorist acts.

 Cooperation between the government and private sectors

 More than 10 sectors are currently connected (a.o. airports, harbours, public transport, oil and gas, etc.)

 Financial core infrastructure connected as of May 1, 2006

De Nederlandsche Bank

Eurosysteem

Dutch Counterterrorism Alert System

(2)

 Four levels of threat: standard, low, moderate, high

 Each level comes with its own set of

(additional) security measures, both for the sector and for the government

 Government and sector agree together on the measures to be taken

 Contacts with local authorities very important

 Workshops, tests and exercises are organised per sector

De Nederlandsche Bank

Eurosysteem

Experiences Counterterrorism

Alert System

 Formalised (communication) procedures to inform the sector about threats

 Increased cooperation and information sharing within the financial sector in the area of security and with other sectors

 Improved contacts and cooperation with local authorities and other stakeholders (police, community, fire brigade, neighbour companies etc.)

De Nederlandsche Bank

Eurosysteem

Exercising experience

Think BIG, start SMALL

For Crisis Management exercises increase in complexity and depth:

 Connectivity/communication tests: several times a year

 Crisis management workshops: Discussion, based on scenario

Table top exercises: simulation with ‘real play’

 Large scale government exercise regarding ICT and cybercrime

 Operational exercise where security measures are taken for real

 Market wide exercises

De Nederlandsche Bank

Eurosysteem

International context for business continuity in payments and securities

“Dutch” market infrastructure is hardly Dutch anymore

 This is due to the consolidation trend and the battle for efficiency

 Not only for commercial institutions, but also for central banks

 An operational crisis in

Brussels/Frankfurt/Paris may impact the Dutch market more than a local crisis in Amsterdam

De Nederlandsche Bank

Eurosysteem

Increasing (need for) interaction & cooperation

 Linked to ESCB crisis management

 Co-ordinated communication with market infrastructures en major participants

 Possible international solutions to

“domestic” problems

 Central banks can help each other

 Solving problems in cooperation

De Nederlandsche Bank

Eurosysteem

Concluding remarks BCP

 Regular assessments work!

 Increase your level of resilience by

 Control – Top level commitment

Coordination

Cooperation

– Central bank/regulator role

– Financial core infrastructure

 Communication – All stakeholders, both national and international

 Exercising keeps BCP alive

 Human factor is key for everything

De Nederlandsche Bank

Eurosysteem

Principles for Financial Market

Infrastructures (FMI)

Co-production of:

 BIS Committee on Payment and Settlement Systems

 Technical Committee of the International organization of Securities Commission (IOSCO)

 FMI Principles replaces all older separate principles for Systemically Important Payment Systems,

Securities Settlement Systems and Retail Payment

Systems

 Report is for public market consultation until 29 July

2011

 Final report will be publishes in 2012

De Nederlandsche Bank

Eurosysteem

FMI Principles (1)

General organisation

 Principle 1: Legal basis

 Principle 2: governance

 Principle 3: Framework for the comprehensive management of risks

De Nederlandsche Bank

Eurosysteem

FMI Principles (2)

Credit and liquidity risk management

 Principle 4: Credit risk

 Principle 5: Collateral

 Principle 6: Margin

 Principle 7: Liquidity risk

 Principle 8: Settlement finality

 Principle 9: Money settlements

 Principle 10: Physical deliveries

De Nederlandsche Bank

Eurosysteem

FMI Principles (3)

Central securities depositories and exchangeof-value settlement systems

 Principle 11: Central securities depositories

 Principle 12: Exchange-of-value settlement systems

De Nederlandsche Bank

Eurosysteem

FMI Principles (4)

Default management

 Principle 13: Participant-default rules and procedures

 Principle 14: Segregation and portability

De Nederlandsche Bank

Eurosysteem

FMI Principles (5)

General business and operational risk management

 Principle 15: General business risk

 Principle 16: Custody and investment risk

 Principle 17: Operational risk

De Nederlandsche Bank

Eurosysteem

FMI Principles (6)

Access

 Principle 18: Access and participantion requirements

 Principle 19: Tiered participation arrangements

 Principle 20: FMI links

De Nederlandsche Bank

Eurosysteem

FMI Principles (7)

Efficiency

 Principle 21: Efficiency and effectiveness

 Principle 22: Communication procedures and standards

De Nederlandsche Bank

Eurosysteem

FMI Principles (8)

Transparancy

 Principle 23: Disclosure of rules and procedures

 Principle 22: Disclosure of market data

De Nederlandsche Bank

Eurosysteem

Responsibilities of central banks, market regulators and other authorities

 Responsibility A: Regulation, supervision and oversight of FMIs

 Responsibility B: Regulatory, supervisory, and oversight powers and resources

 Responsibility C: Disclosure of objectives and policies with respect to FMIs

 Responsibility D: Application of principles for FMIs

 Responsibility E: Cooperation with other authorities

De Nederlandsche Bank

Eurosysteem

Download