Pandemics are infectious diseases that spread rapidly over a country, or the entire world. Financial institutions should take notice of the focus on pandemic planning, especially considering the current Coronavirus outbreak. Pandemic planning has been on the minds of regulatory agencies for some time now, and for obvious reasons. A pandemic influenza outbreak could potentially bring the financial industry to its knees, so it is imperative that financial institutions take the time to ensure they have a well-tested plan in place.
Pandemic plans are significantly different than traditional continuity plans due to the potential wide-ranging effects. Pandemic outbreaks can potentially affect a much larger area than other traditional continuity issues. They are, for example, more likely to be much larger in scale and duration than other interruptions banks have faced. Pandemic outbreaks are also more likely to come in waves, and to be difficult to confine to a specific geography or region.
It is specified by the regulatory agencies that institutions should determine what potential adverse effects the pandemic could have on their ability to operate effectively. An institutions Business Continuity Plan (BCP) should address preventive programs, scalable strategy, plan for critical operations, testing for oversight, as well as pandemics. Specifically, the pandemic section of the BCP should be easy to adapt to reflect the scale of the situation. A sound plan should minimize the disruptions to processes and should maintain the trust and confidence of its customers.
A sound plan should include a preventative program, a documented strategy, comprehensive framework of facilities, systems, or procedures, a testing program, and an ongoing oversight program. The preventive program should contain policies that encourage employees to stay home when the need arises. The policy should clearly address potential fears of reprisal. In this case, the strongest offensive is a good defense.
The documented strategy can be in the form of policy that addresses how the institution will prepare for the outbreak and how it will continue to operate through the various waves of the outbreak. For example, the policy may address when travel should be suspended or limited to critical travel needs. Institutions may need to determine what core activities could be done with minimum staff, or even off-site.
A comprehensive framework is designed to ensure the institution can maintain critical operations in the event large numbers of staff are affected or are unavailable for prolonged periods. The framework should set limits around things like face-to-face contact, and specify what can be accomplished via alternative means such as email, teleconference, and other technological means. Pandemic planning can present unique challenges to the institution and the management of critical activities.
The final areas to consider are the testing and oversight programs. The only way to ensure the institutions plans are adequate is to test the plan. The oversight program will capture the results and point to any deficiencies that need to be addressed in the ongoing plan and updates.
At the end of the day, the institution must be proactive in measuring effects of potential pandemics, prevention of expanded contact, operational abilities, flexibility of the plan, and testing of the plan with continued updating. Effective management of the process will reduce the risk of catastrophic failures due to a pandemic outbreak.