Post-Acquisition BCP/DR Integration Project for a Leading Southeast Regional Bank
At this leading bank, the Risk Management group was responsible for the consolidation of Business Continuity Planning (BCP) as a result of a merger of equals. The need for a revised plan was accelerated due to personnel changes and movement to an outsourced delivery of all core and ancillary banking application services. Evaluation of multiple existing plans and identification of revisions necessary to close gaps in planning documentation were essential.
Of critical importance was ensuring an appropriate focus be placed and could be rapidly demonstrated on the emerging risks resulting from the consolidation of the two organizations. Historical documentation for BCP and Disaster Recovery (DR) had been administered through a series of forms and spreadsheets with an organizational overview maintained on internal servers and in paper form at each organization. Stakeholders who had developed the internal BCP/DR programs at either of the consolidating organizations were no longer with the company.
This is why CMPG was engaged to lead this effort:
- Consolidate the plans from the two organizations, using a best practices approach
- Solicit and update BCP departmental plans under the new organizational structure and leadership
- Address the fundamental change in account processing in the BCP/DR plan
- Identify where gaps exist and develop a BCP/DR program for management beyond the initial project efforts
- Deploy BCP/DR documentation into a resilient internet accessible infrastructure
The project focused upon identifying and quantifying the risk profile of all key departmental business processes. Within this assessment were the inclusion of recovery metrics, requirements and resource assignments for each department. These assessments allowed the evaluation of risk across a series of dimensions.
- How has organizational change reallocated key business processes and their risk from historically prepared recovery sites?
- How has the elimination of localized computing changed the risk profile?
- How has the movement to outsourcing of all core and ancillary banking services impacted the speed of recovery?
- Where does the organization have the greatest exposure with regards to unmitigated Business Process Vulnerability?
Based upon the review of existing documentation, a plan was drafted that allowed the completion of the revisions to the BCP/DR plan as required by Risk Management in preparation for multiple external reviews. This included:
- Deployment of all BCP and DR documentation with the BCP-Insight solution
- An updated comprehensive Pandemic Plan
- An expanded evaluation of all departmental processes across the dimensions of Recovery Time Objectives, Maximum Allowable Downtime and Revenue/Customer impacts
- Evaluation of Business Process Vulnerability for Critical recovery objectives
- Integration of Service Provider documentation