Foreword to the 2nd Edition
The events of 9/11 have cast a long shadow over the world and led to a vital reappraisal of Enterprise Risk Management and Business Continuity Management.The Federal Reserve Bank of New York, Federal Reserve System, the Office of the Comptroller of the Currency, the New York State Banking Department, and the Securities and Exchange Commission sponsored the Financial Industry Summit, held on February 26, 2002. I can do no better than to repeat Roger Ferguson's summary of the key vulnerabilities that regulators and institutions have to face in the aftermath:"First, contingency planning generally did not account for region-wide events. Some firms found they lost both primary and back-up sites. There were significant concerns about the loss of or inaccessibility of staff.
"Second, concentrations, both market-based and geographic, were really evident and became asource of vulnerability.
"Third, the critical interdependencies across the industry, although understood in the context of planning Year 2000, were never so readily apparent. This was evident in the impact of the problems at key infrastructure providers on wide range of financial institutions. Even institutions far removed from New York City were significantly affected by interdependencies."
These factors apply not only to financial institutions that were particularly hit by the tragedy, but also to many other industries that could be impacted by disasters having a similar impact.Key lessons have been painfully learned:
People issues are paramount: staff availability, risk awareness and training are critical.
Operations distributed over a wide geographic area have a better chance of recovering and may recover quicker. Reliance on single points of failure should be avoided.
Focus on the outcomes of disaster rather than the causes and on the deliverables rather than on the processes of delivery
It is not enough to pay lip service to business continuity: planning must be whole hearted, thorough and tested. Testing may need to extend across the industry, across industries and into the supply chain,including infrastructure providers.
It is our hope that effective risk management, emergency and continuity planning may help to prevent deliberate disasters and to mitigate the consequences of those that do occur.Andrew Hiles
November, 2003Kingston Bagpuize, Oxon, United Kingdom