Crisis Management

De Nederlandsche Bank Business Continuity Planning and

Crisis Management & Principles for

Financial Market Infrastructures

Michael van Doeveren

4th Conference on Payments and

Securities Settlement

Ohrid, Republic of Macedonia

22 June 2011

De Nederlandsche Bank

Eurosysteem

Contents













Introduction

DNB Assessment Framework Business Continuity

Planning

Concepts of Crisis Management

Arrangements and initiatives in the Netherlands

Concluding remarks BCP

FMI Principles


Eurosysteem

What is Business Continuity?

 Business Continuity Management: a whole-ofbusiness approach, that includes policies, standards, and procedures, to ensure (critical) operations can be maintained, or restored in a timely fashion, in the event of a disruption.

 Its purpose is to minimise the financial, legal, reputational and other material consequences arising from disruption

Source: BIS 2005


Eurosysteem

BCP in an international context

 The American White Paper on Sound

Practises to strengthen the Resilience of the

US Financial System

 The Tripartite Standing Committee on

Financial Stability

 Bank of Japan resilience plans

 Initiatives of the Eurosystem

 Joint Forum/Financial Stability

Forum/BIS/CPSS’ work


Eurosysteem

The Dutch situation

 Small country, few large banks

 DNB is both central bank and prudential supervisor for banks, pension funds and insurance companies

 Financial core infrastructure for Payments and Securities, in

NL defined as:

 Central bank

 CSD

 CCP

 Stock exchange

 ACH

 Major banks


Eurosysteem

DNB BCP Assessment Framework (1)

 First version in 2004, current version of 2007;

 Drafted in cooperation with the financial institutions

 Commitment to use it on a high level

 Assessment Framework consists of



9 ‘principles’ based on international standards

 Guidance note Human Factor

 Agreement between DNB and the financial sector for joint BCP initiatives

 In line with international principles such as BIS

 Used by supervisor and overseer to assess the institutions of the financial core infrastructure against these principles


Eurosysteem


1.

2.

3.

BCP should be approved by the EB/senior management

Risk analyses of critical systems and activities should be made

Explicit attention should be paid to the human factor


Eurosysteem


4 . Each institution should have a crisis organisation, including senior management

5.

Single points of failure (SPOFs) should be identified

6.

Critical processes and systems should be resumed as quickly as possible


Eurosysteem


7. A back-up site/secondary site should be available

8. Alternate systems and contingency procedures should be regularly tested and exercised

9. Each institutions should have a communication plan for all stakeholders


Eurosysteem

Guidance Note Human factor

 Assessment showed that institutions have problems with principle 3, paying explicit attention to the human factor



DNB developed a ‘Guidance note human factor’ to assess the human factor aspect for critical systems and business processes, depending on the level of knowledge that is required: specific in the extreme, highly specific, specific, not very specific, not specific

 Matrix with level of required knowledge and human factor strategy  see www.dnb.nl


Eurosysteem

Required Knowledge











Specific in the extreme.

Highly specific.

Specific.

Not very specific.

Not specific

.


Eurosysteem

Ways of ensuring staff continuity

1. double staffing at another location

2. planned scheduling days off

3. shift work

4. use of staff from another location where a similar situation is operational

5. use of staff from another location where a similar situation is not operational

Required level of knowledge of systems/business processes specific in the extreme (a) highly specific (b) specific (c) not very specific (d) not specific (e) green red


Eurosysteem

Concepts of crisis management for the payment system (1)

Basic assumption

 Payments can be regarded as what oil is for an engine

 Continuity of payments is essential for both the public and the financial system.

Consequences

 Measures should be implemented that guarantee business continuity of the payment system

 Implementation of a crisis management structure to prevent contagion and limitation the risks as for as possible De Nederlandsche Bank

Eurosysteem

Concepts of crisis management for the payment system (2)

Crisis management preconditions

 Involvement required of critical participants of the whole payment system

 Focus the continuation of the operation of the whole payment chain.

Implementation

 Formation of crises management team

 Prepare organisation. Discuss objectives, define concept crisis management, investigate objects, invest existing measures, define effectiveness measures, investigate alternatives

 Prepare and perform tests. Both internal and sector wide.


Eurosysteem

Tripartite Crisis Management in the Netherlands







Tripartite Crisis

Management: Ministry of Finance, AFM, DNB

Consultation Group

(Board level)

Advisory Groups:

- Retail

- Wholesale

- Securities


Eurosysteem

Crisis Management – What

Crisis management

 Respond to payments and securities sectorwide

 Operational crises: procedures regarding communication, decision making etc.

´Sector BCM´



´Peace time´ preparation for times of crises; plans, good overview of critical processes for the sector, alternatives and possibilities in case of a crisis, communication, knowing each other


Eurosysteem

Escalation model

Large

Impact for payments and securities

Small ind

C ivid ris ism ua l in an stit ag em utio

Es ca lati en ns on

C om m

C ha irp ers on

E sc ala t tio n C om m itte e itte e c ris ism an ag em en t

Ex ec utiv e c ris ism an ag em en t

Alert Activation

Type of crisis

Scaling

Local Global


Eurosysteem

Crisis Management – How

“

Red Booklet” contains information about:

 Crisis management, communication and decision making procedures

 Wholesale, retail, securities alternatives

However, not many viable alternatives:

Possible alternatives based on rerouting of key processes:





CLS, TARGET2, EBA, correspondents

Cash/ATM ´s, mass payments, one-off direct debit

 Bilateral accounts for OTC etc.







In practice: combination of emergency procedures of the different parts of the chain

At the moment no viable alternative for

SWIFT

Communication and trust is key!


Eurosysteem

Example – Wholesale (1)

Institutions Transport Payment circuit/system

CLS (EUR and non-EUR))

TARGET/local TARGET components/TARGET2

(EUR)

Payment flows from and to the institutions themselves and/or their clients

SWIFT

EURO1 (EUR)

Correspondent Banking

(EUR and non-EUR)


Eurosysteem

Example – Wholesale (2)

The following were regarded as the most important wholesale payments (per bank):

 CLS incoming (and outgoing) payments













MM and FX transactions

Liquidity transfers to/from offices/agents abroad

EBA settlement payments and liquidity swaps

Payments for the clearing and settlement of securities

Critical payments for clients (corporates, pension funds)

´Margin calls´ (collateral for securities clearing)

Broadly speaking, around 20-30 critical payments per bank per day

In case of one bank’s failure, this can be processed manually

In case of TARGET2 failure, strict rules apply; only ‘very critical payments’ can be processed


Eurosysteem

CIP in the Netherlands

 Government project on critical infrastructure protection started in 2004

 In cooperation with the private sector, the government defined 12 infrastructures as critical: airports, public transport, energy, health care, etc.

 Payments and securities processing is one of them

 Follow up of the project in 2004, among others: Counterterrorism Alert System


Eurosysteem

Dutch Counterterrorism Alert System

(1)



Set up by the government in 2005 to ‘alert’ critical infrastructures in the event of heightened terrorist threat

 Measures to be taken quickly in order to minimise the risk and to limit the potential impact of terrorist acts.

 Cooperation between the government and private sectors

 More than 10 sectors are currently connected (a.o. airports, harbours, public transport, oil and gas, etc.)

 Financial core infrastructure connected as of May 1, 2006


Eurosysteem

Dutch Counterterrorism Alert System

(2)

 Four levels of threat: standard, low, moderate, high

 Each level comes with its own set of

(additional) security measures, both for the sector and for the government

 Government and sector agree together on the measures to be taken

 Contacts with local authorities very important

 Workshops, tests and exercises are organised per sector


Eurosysteem

Experiences Counterterrorism

Alert System

 Formalised (communication) procedures to inform the sector about threats

 Increased cooperation and information sharing within the financial sector in the area of security and with other sectors

 Improved contacts and cooperation with local authorities and other stakeholders (police, community, fire brigade, neighbour companies etc.)


Eurosysteem

Exercising experience

Think BIG, start SMALL

For Crisis Management exercises increase in complexity and depth:

 Connectivity/communication tests: several times a year

 Crisis management workshops: Discussion, based on scenario



Table top exercises: simulation with ‘real play’

 Large scale government exercise regarding ICT and cybercrime

 Operational exercise where security measures are taken for real

 Market wide exercises


Eurosysteem

International context for business continuity in payments and securities



“Dutch” market infrastructure is hardly Dutch anymore

 This is due to the consolidation trend and the battle for efficiency

 Not only for commercial institutions, but also for central banks

 An operational crisis in

Brussels/Frankfurt/Paris may impact the Dutch market more than a local crisis in Amsterdam


Eurosysteem

Increasing (need for) interaction & cooperation

 Linked to ESCB crisis management

 Co-ordinated communication with market infrastructures en major participants

 Possible international solutions to

“domestic” problems

 Central banks can help each other

 Solving problems in cooperation


Eurosysteem

Concluding remarks BCP

 Regular assessments work!

 Increase your level of resilience by

 Control – Top level commitment





Coordination

Cooperation

– Central bank/regulator role

– Financial core infrastructure

 Communication – All stakeholders, both national and international

 Exercising keeps BCP alive

 Human factor is key for everything


Eurosysteem

Principles for Financial Market

Infrastructures (FMI)

Co-production of:

 BIS Committee on Payment and Settlement Systems

 Technical Committee of the International organization of Securities Commission (IOSCO)

 FMI Principles replaces all older separate principles for Systemically Important Payment Systems,

Securities Settlement Systems and Retail Payment

Systems

 Report is for public market consultation until 29 July

2011

 Final report will be publishes in 2012


Eurosysteem

FMI Principles (1)

General organisation

 Principle 1: Legal basis

 Principle 2: governance

 Principle 3: Framework for the comprehensive management of risks


Eurosysteem


Credit and liquidity risk management

 Principle 4: Credit risk

 Principle 5: Collateral

 Principle 6: Margin

 Principle 7: Liquidity risk

 Principle 8: Settlement finality

 Principle 9: Money settlements

 Principle 10: Physical deliveries


Eurosysteem


Central securities depositories and exchangeof-value settlement systems

 Principle 11: Central securities depositories

 Principle 12: Exchange-of-value settlement systems


Eurosysteem


Default management

 Principle 13: Participant-default rules and procedures

 Principle 14: Segregation and portability


Eurosysteem


General business and operational risk management

 Principle 15: General business risk

 Principle 16: Custody and investment risk

 Principle 17: Operational risk


Eurosysteem


Access

 Principle 18: Access and participantion requirements

 Principle 19: Tiered participation arrangements

 Principle 20: FMI links


Eurosysteem


Efficiency

 Principle 21: Efficiency and effectiveness

 Principle 22: Communication procedures and standards


Eurosysteem


Transparancy

 Principle 23: Disclosure of rules and procedures

 Principle 22: Disclosure of market data


Eurosysteem

Responsibilities of central banks, market regulators and other authorities

 Responsibility A: Regulation, supervision and oversight of FMIs

 Responsibility B: Regulatory, supervisory, and oversight powers and resources

 Responsibility C: Disclosure of objectives and policies with respect to FMIs

 Responsibility D: Application of principles for FMIs

 Responsibility E: Cooperation with other authorities


Eurosysteem

Crisis Management

Contents

What is Business Continuity?

BCP in an international context

The Dutch situation

DNB BCP Assessment Framework (1)

DNB BCP Assessment Framework (2)

DNB BCP Assessment Framework (3)

Guidance Note Human factor

Required Knowledge

Concepts of crisis management for the payment system (1)

Tripartite Crisis Management in the Netherlands

Escalation model