Business Continuity Assessment for a Tier 2 European Bank

Client challenge

The supervisory board had asked the bank’s management to assess its business continuity capabilities, specifically compared to best practice

  • Assess the Bank’s current capabilities
  • Make recommendations for improvements
  • Assess any tail risk implications of current and proposed capabilities

What we did

TORI deployed two experienced SMEs:

  • One individual with deep CIO/COO experience having run Crisis Management for a major global bank
  • One BCP certified individual with market infrastructure BCP/BCM experience

Discovery exercise: review of documentation, 50+ interviews, 3rdparty reviews and site visits to DR sites, Business Recovery sites, etc.

Assessment phase: primarily using ISO 22301 as the benchmark standard for:

  • Technical and commercial capabilities (DR and 3rdparties)
  • Business Impact analysis
  • Business Continuity Planning
  • Emergency Response Planning
  • Crisis Management

Assessed the main tail risks: Financial, Reputational, Regulatory and People risks.

Set and calibrated the Bank’s ambition level against each criterion together with management

Created the gap analysis

Presented the final analysis to the Bank’s Board

Knowledge Transfer: A valuable bi-product of our team working so closely with the client was their people’s increased capability and matured working practices.

The results

  • TORI delivered a set of recommendations for improvement to reach the desired capability
  • The recommendations were prioritised into must do’s, should do’s and optional improvements
  • One of the recommendations was to run an authentic scenario exercise which we executed in phase 2, involving the bank’s Crisis Management team and level 1 BCM operators which had great results.