The FFEIC’s Appendix J has placed increased focus among TPRM professionals on Business Continuity. While ‘resilience’ and Cyber-Security quickly become key areas of focus, effective management of Business Continuity must adopt a broader definition of risk with a focus on links and interfaces between individual service contributors.
Historically, BC is a subject negotiated as a contract term with the requirement to deliver a detailed plan for review and approval with a requirement for annual testing. This produces a series of individual tested components of your service or value stream, lacking a comprehensive, all-inclusive proven demonstration of service resilience.
Operational Risk Management leaders are creating dedicated TPRM BC positions to meet increased regulatory focus. To be effective, these new TPRM professionals need to drive a level of transparency and collaboration not typically associated with this subject. Areas of opportunity include:
· Enhanced Contract Terms – rethink the manner in which each individual third party must support individual BC testing and end to end collaborative testing.
· Complete inventory including 4th Party & beyond – create a complete end to end map that includes all parties that could potentially impact or influence service performance.
· Test Multiple scenarios – by segment & end to end – create collaborative participation across contributors
· With the end to end service decomposed, third party ‘Concentration’ and ‘Capacity’ will become evident and point to mitigation actions
It is time to rethink effective Business Continuity management with a comprehensive focus on ensuring end to end coverage with understanding of the interactions and dependencies of each service component.