Business Continuity Management in the Finance Sector

Financial services are the economic services provided by the finance industry, which includes a broad range of businesses that manage money, including credit unions, banks, credit-card companies, insurance companies, accountancy companies, consumer-finance companies, stock brokerages, and investment funds (to name a few!).

As many of the business continuity threats are global in nature and would impact the entire business world, and the financial system is highly interconnected, it is crucial that financial firms have plans in place to deliver essential services, regardless of the cause of the disruption, in order to maintain financial stability and public confidence in the banking system.

Just some of the disruptions that can be experienced in business include man-made threats such as physical and cyber-attacks, IT system outages and third-party supplier failure, as well as natural hazards such as fire, flood, severe weather and even an outbreak of disease as we all experienced during the COVID-19 pandemic.

So, let's now take a look at a few of the biggest threats the finance industry currently faces and how, through governance by several regulatory bodies, they try to combat these threats and bring stability to the system with operational resilience.

Financial Fraud & Cyber Threats

Cyber-attacks and fraud are among the largest of the threats currently faced by the financial services sector.

Fraud is a crime that the finance industry is committed to tackling, but it's also one that requires the combined efforts of every sector, both public and private, to overcome.

Last year, the advanced security systems and innovations in which the finance industry invests to protect customers stopped more than £1.6 billion of unauthorised fraud. Despite this, criminals successfully stole £1.2 billion through fraud and scams in 2018, impacting many businesses and supply chains.

Nothing highlights just how fragile financial security can be like the Bangladesh Bank Cyber Heist of 2016 where hackers were successful in transferring $101 million from the Federal Reserve Bank of New York account belonging to Bangladesh Bank.

The total amount stolen could have been close to US$1 billion had the other transfers not been stopped due to suspicions raised by a misspelt instruction leading to the remaining transactions being blocked.

With hackers devising ever-more sophisticated methods for fooling employees and individuals into handing over valuable company data, businesses must use due diligence in an effort to stay two steps ahead of cyber criminals.

Whether you like it or not, every company now has to be a tech company, and the Finance sector is embracing it. With some banks in the UK facing up to 23-35k cyber attacks per day, it pays that their resilience plans in place are effective and fit for purpose, and that they have invested heavily in protecting against future threats.

ISO 22301 - Business Continuity Management

Globally, ISO 22301 is the international standard for business continuity management. It can help an organisation identify and manage current and future threats, take a proactive approach to minimise the impacts of incidents, minimise downtime and improve recovery time, and demonstrate resilience to customers and suppliers.

Recently TARGOBANK became the first private customer bank and the second bank in Germany to achieve the ISO 22301 certification.

"With certification to ISO 22301, TARGOBANK is moving in a very exclusive circle. The award shows that we set standards with our processes and measures in the industry" said Tim Wolters, Department Head for Security and Business Continuity Management.

TARGOBANK have benefitted from this certification, assuring their customers of the continuity of their services and the safety and protection of the bank's assets should there be any crises.

Find out more about the benefits and the steps involved in getting certified here: How do I get certified to ISO 22301?

Governance & Resilience

Financial governance varies from region to region, and operational resilience is the universal ability of firms and the financial system as a whole to absorb and adapt to shocks rather than contribute to them.

The operational resilience agenda in the UK is governed by a number of bodies, both inside and outside the Bank of England.

Firstly the Bank's Financial Policy Committee (FPC) looks at the cyber resilience of the system from a wholly perspective. Updates to the FPC's priorities are published in the Financial Stability Reports. The Bank's Prudential Regulation Committee and Financial Market Infrastructure (FMI) Board focus on the operational resilience of the firms and FMIs they regulate.

The three UK financial authorities, the Bank of England, HM Treasury and the Financial Conduct Authority, work together to make sure the UK financial sector runs smoothly, efficiently and effectively.

They achieve this through supervising individual firms and financial market infrastructures and through engaging with sector forums, industry and international stakeholders to drive collective action.

In the US, the Financial Industry Regulation Authority (FINRA) requires firms to create and maintain written business continuity plans (BCPs) relating to an emergency or significant business disruption.

Despite being one of the most heavily regulated sectors, the finance industry has recognised the importance and benefits of having a mature business continuity management system in place to give not only a competitive advantage but also to protect its customers and suppliers and to add to the overall resilience of the industry.

Contact us today if you are looking for more information on getting certified. Our expert business analysts can assist you through every step of the process. Each stage can be aligned with the ISO standard and facilitated via our business continuity management software.

We have successfully mentored our clients to implement and achieve an ISO 22301 compliant BCMS within months, and they have reaped the benefits internally and externally almost immediately. Contact us or book a demo today!